Re: [fw-wiz] About Port Forwarding, Apache and Firewall Rules
From: Barney Wolff (barney_at_databus.com)
Date: 08/30/04
- Previous message: Adam Graham: "Re: [fw-wiz] Off-Topic: Memo of Understanding for Using an , Ethical Hacker"
- In reply to: Jim Seymour: "Re: [fw-wiz] About Port Forwarding, Apache and Firewall Rules"
- Next in thread: Jim Seymour: "Re: [fw-wiz] About Port Forwarding, Apache and Firewall Rules"
- Reply: Jim Seymour: "Re: [fw-wiz] About Port Forwarding, Apache and Firewall Rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Mon, 30 Aug 2004 11:58:16 -0400
On Mon, Aug 30, 2004 at 07:52:50AM -0400, Jim Seymour wrote:
>
> I've seen it argued, by residential broadband customers, that "my ISP
> doesn't really care." Maybe sometimes they don't. But I suspect any
> ISP that's gone to the trouble to block inbound port 80 really means
> it. And I really think firewall-wizards ought not be actively helping
> somebody violate their ISP's TOS. What's next: "Can you help me set up
> a secure 'bot net?"
How did we get from {ISP blocks inbound connects to port 80} to
{customer is not allowed to run any servers}? I don't see that as
a logical conclusion. If the ISP wanted to block all servers it could
perfectly well block inbound connects to all ports and make its customers
use passive ftp, which they should be doing anyway. If the actual TOS
says no servers, that's another story, but if the OP said that I missed it.
The ISP may be blocking 80 to protect customers from running inadvertent
servers - we know that IIS is sometimes activated by things that one
would not expect, and in those cases is unlikely to be patched.
In any case, Apache can be configured to listen on any port, so there is
no particular reason to have to translate the port number when going
through the NAT.
-- Barney Wolff http://www.databus.com/bwresume.pdf I'm available by contract or FT, in the NYC metro area or via the 'Net. _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Adam Graham: "Re: [fw-wiz] Off-Topic: Memo of Understanding for Using an , Ethical Hacker"
- In reply to: Jim Seymour: "Re: [fw-wiz] About Port Forwarding, Apache and Firewall Rules"
- Next in thread: Jim Seymour: "Re: [fw-wiz] About Port Forwarding, Apache and Firewall Rules"
- Reply: Jim Seymour: "Re: [fw-wiz] About Port Forwarding, Apache and Firewall Rules"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
