Re: new to list, wuestion about firewalling ports over 1024

From: Dennis Stout (crazyman@rogershsa.com)
Date: 03/03/02


From: "Dennis Stout" <crazyman@rogershsa.com>
To: <security-discuss@linuxsecurity.com>
Date: Sun, 3 Mar 2002 13:47:36 -0900


Is it possible to open ranges of ports with ipchains?

MSN Messenger won't send files through my firewall and I don't want to
forward all it's ports to one machine, let them send a file, then forward
them all to a different machine.. I've been google searching the thing for
a week now =P

I can't upgrade to iptables, the mahcine is having a hard enough time doing
what it is now. Little 386DX40 =) I'm not going to even attempt a kernel
compile..

Just curious, thanks!

Dennis Stout

P.S. I knwo this is off topic from security, but what the heck, everyone
else is doing it... *sigh*

----- Original Message -----
From: "Troy Billington" <doshelp@doshelp.com>
To: <security-discuss@linuxsecurity.com>
Sent: Sunday, March 03, 2002 6:30 AM
Subject: RE: new to list, wuestion about firewalling ports over 1024

You may need a very limited number of "dynamic ports", generally speaking it
would be something like 1024-5000 not all the way to 65535 that's leaving
way too much room for trojans/backdoors to operate freely.

If I were you, id spend time examining your services for their port
requirements and allocate only those range of ports.

-----Original Message-----
From: listadmin@linuxsecurity.com [mailto:listadmin@linuxsecurity.com]On
Behalf Of Martin Kacerovsky
Sent: Sunday, March 03, 2002 9:53 AM
To: security-discuss@linuxsecurity.com
Subject: new to list, wuestion about firewalling ports over 1024

And here's my question (if somebody can explain me), how is it with
ports over 1024? I've read it's secure to leave them open, but I thing
it will be more secure to close them :) So is it possible to choose
exactly these ports I really need?

For example I am running sshd, ftpd, netbios-* and talkd and with iptables I
accept everything on ports over 1024 and below 1024 I refuse everything
with exceptions on ports 21,22,...

TIA

--
Regards
 Martin Kacerovsky, student of the Faculty of Mathematics and Physics
at the Charles University in Prague, in the Czech Republic, in Europe,
on Earth, in the Universe where Linux operating system rules...
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.

------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.

------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.