[EMAIL PROTECTED] wrote: > > On Fri, 7 Jul 2000 15:14:59 -0400 , "Fan, Laurel" <[EMAIL PROTECTED]> said: > > >If I can, from my computer, open an "smtp connection" to port 25 on > >somehost, I can run "telnet somehost 25". Neither of which has > >anything at all to do with telnetd. > > I am indeed at a loss to tell how a firewall could tell a connection > to port 25 that originates from a MTA from one that originates from > some other sort of socket opening program. The TCP protocol doesn't > tell you squat about what the program opening the socket intends to do > with it. Admittedly, a firewall _could_ terminate a SMTP session that > doesn't "act right", but it can't tell that until the connection has > been established and some data has been exchanged. Unless, of course, > someone has a "psychic firewall" out there that I haven't heard about. erm... <sigh> packet filtering mean anything to you? basically, said firewall takes in said packet destined for port X. it scans through/reads the signature of said packet (ie, headers, footers, neat stuff like that), and then decides whether or not to foreward it on. there are even more sophisticated things you can do with this (a good example is NFR, network Flight Recorder, which is basically a "psychic firewall" designed to recognize and filter on known security exploits -- ie, "does this packet look like this known script-kiddie attack?") in fact, this is really just a more complicated version of how cisco routers do access-list filtering, from what i can tell. _______________________________________________ techtalk mailing list [EMAIL PROTECTED] http://www.linux.org.uk/mailman/listinfo/techtalk
