"Charles Howse" <[EMAIL PROTECTED]> writes:
> Let me throw this in:
> This is a home network, behind a Cable Modem and 4-port Cable/DSL router
> w/ firewall.
> Port 110 is closed on the firewall. Ports 80,20 and 21 are open on
> another machine in the DMZ.
> That said ( and I'm no expert ) wouldn't it be acceptable for *my*
> situation to bind to an address?
> That way, anyone wanting to crack into the pop server on this machine
> would have to get past the firewall, and then discover the address the
> pop server on this machine is listening on...? Nmap woud certainly do
> that, *if* they got in.
> I run a pop server on the Redhat machine next to the FreeBSD machine, no
> problems ever there.
> I could be way off on my logic, and my understanding of tcp/ip, so
> correct me if I'm wrong.
Not at all; you're dead on.
The only thing I'm trying to warn you about is that binding to a
specific address is having a fairly small effect on your security in
this case. For belt-and-suspenders protection, you'd be somewhat
better off with a more sophisticated POP server which can bind to
the inside interface directly instead of just the address.
[EMAIL PROTECTED] mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"