Hello all-
Occasionally during it's course of business, an FTP
client outside our firewall will send a port command
in to an internal server. The port command's
ephemoral port matches another predefined service on
the firewall and is rejected by rule '0' with a
message of:
reason: tried to open tcp service port, port:xx ---
where xx is the predefined service.
I understand that I can remove the high ports
'verbage' from the macro in the firewall that
disallows use of high ports found in the sevices
table. But I am concerned that there may be
implications to the server where those services
actually live.
My reseller tells me the risks are almost nonexistant
and I tend to agree. But being somewhat paranoid, I
am looking for any additional input from others who
may have been down this road before I make any
changes.
Thanks in advance for your input.
Bob Runte
__________________________________________________
Do You Yahoo!?
Yahoo! Photos -- now, 100 FREE prints!
http://photos.yahoo.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
