Re: ftp server using random high ports and checkpoint

Fri, 22 Dec 2000 13:51:47 -0800 

On Fri, Dec 22, 2000 at 03:12:34PM -0600, william.wells wrote:
> If anyone provides you with a "safe/secure" setup which Checkpoint will
> allow you to have and still be approved by them, I'd sure like to know what
> it is. 

        I must be missing something in this thread.  Isn't this what
stateful inspection is for?  When you see a PORT command on an FTP
control channel connection issued to a particular address and specifying
a particular address and port, then you open a rule for that specific
data connection which you then tear down after it's done.

        What am I missing here?  We've got Checkpoint at the office and
this works...

        At home, I'm using Linux much the same way.  You don't open
static rules for ftp ports, you use an inspection filter (either
spf over IPChains in 2.2 or Netfilter in 2.4) or you use MASQ for ftp
and achieve the same goal.  I was under the impression you could do
the same thing on Checkpoint.

> > -----Original Message-----
> > From: Ivan Fox [SMTP:[EMAIL PROTECTED]]
> > Sent: Tuesday, December 19, 2000 5:45 PM
> > To: Firewall-Wizards@Nfr. Net; Firewalls@Lists. Gnac. Net; Firewall-1
> > Subject: ftp server using random high ports and checkpoint
> > 
> > Some of our users need to access an external ftp server.  Therefore, we
> > setup a rule to use port 20 and 21.  However, the ftp server responds
> > their
> > request using random high ports, therefore, we need to setup a "returning
> > rule" allowing the ftp server coming back using high-ports (>1023).
> > 
> > Is it typical for ftp server's returning packets using random high ports?
> > Is it "safe/secure" to setup such rule on checkpoint firewall?
> > Any implications that we need to be aware of?
> > 
> > Any pointers are appreciated.
> > 
> > Thanks,
> > 
> > Ivan
> > 
> > 
> > 
> > -
> > [To unsubscribe, send mail to [EMAIL PROTECTED] with
> > "unsubscribe firewalls" in the body of the message.]
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]

-- 
 Michael H. Warfield    |  (770) 985-6132   |  [EMAIL PROTECTED]
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!

-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]

Reply via email to