Scott H wrote:
> In many IPchains scripts I see ports above 1024 set to accept in-bound
> traffic on TCP and UDP.
Really? Got an example handy?
> There is usually a comment to the effect of
> ports above 1024 are fair game.
Well... In Unix land at least, ports 1024 and below are reserved for
opening by the superuser, while ports above that point can be opened by
anyone. Most well-known services reside below the 1024 cutoff point, so
filtering those means that nobody will casually access well-known
services on protected machines from outside your net.
But I don't see that making ports above 1024 much safer to leave open.
There are services that reside there (X, VNC, etc.; see /etc/services on
most Unix boxes for examples) and there are also situations in which a
non-privileged process might open up a port and make it available to an
intruder. Allowing inbound connections above 1024 makes that easier.
Best practice is still "block everything except the specific traffic you
want to permit."
--
~~~Michael Jinks, IB // Technical Entity // Saecos Corporation~~~~
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
