Re: new to list, wuestion about firewalling ports over 1024

From: Dennis Stout (crazyman@rogershsa.com)
Date: 03/04/02


From: "Dennis Stout" <crazyman@rogershsa.com>
To: <security-discuss@linuxsecurity.com>
Date: Sun, 3 Mar 2002 17:05:05 -0900


Murphy's law I thought, was that if anything could possibly go wrong, it
would, and at hte most inconvienient time as well?

Dennis Stout

----- Original Message -----
From: "Danil Sholokhov" <danil@prikid.com>
To: <security-discuss@linuxsecurity.com>
Sent: Sunday, March 03, 2002 4:58 PM
Subject: RE: new to list, wuestion about firewalling ports over 1024

I think the name of the law is Murphy's law.
;0)
Danil Sholokhov
-----Original Message-----
From: listadmin@linuxsecurity.com [mailto:listadmin@linuxsecurity.com]On
Behalf Of Dennis Stout
Sent: Sunday, March 03, 2002 3:23 PM
To: security-discuss@linuxsecurity.com
Subject: Re: new to list, wuestion about firewalling ports over 1024

Nevermind, I found a doc.... What law is that? The one where you bang your
head around on something, ask for help, then suddenly don't need it anymore?
Hrm. I'll nickname it Stout's Law until someone tells me otherwise :)

So I cna open ranges but MSN is still broken. Oh well =P Proberbly a
module out there for it...

Dennis Stout

----- Original Message -----
From: "Troy Billington" <doshelp@doshelp.com>
To: <security-discuss@linuxsecurity.com>
Sent: Sunday, March 03, 2002 6:30 AM
Subject: RE: new to list, wuestion about firewalling ports over 1024

You may need a very limited number of "dynamic ports", generally speaking it
would be something like 1024-5000 not all the way to 65535 that's leaving
way too much room for trojans/backdoors to operate freely.

If I were you, id spend time examining your services for their port
requirements and allocate only those range of ports.

-----Original Message-----
From: listadmin@linuxsecurity.com [mailto:listadmin@linuxsecurity.com]On
Behalf Of Martin Kacerovsky
Sent: Sunday, March 03, 2002 9:53 AM
To: security-discuss@linuxsecurity.com
Subject: new to list, wuestion about firewalling ports over 1024

And here's my question (if somebody can explain me), how is it with
ports over 1024? I've read it's secure to leave them open, but I thing
it will be more secure to close them :) So is it possible to choose
exactly these ports I really need?

For example I am running sshd, ftpd, netbios-* and talkd and with iptables I
accept everything on ports over 1024 and below 1024 I refuse everything
with exceptions on ports 21,22,...

TIA

--
Regards
 Martin Kacerovsky, student of the Faculty of Mathematics and Physics
at the Charles University in Prague, in the Czech Republic, in Europe,
on Earth, in the Universe where Linux operating system rules...
------------------------------------------------------------------------
     To unsubscribe email security-discuss-request@linuxsecurity.com
         with "unsubscribe" in the subject of the message.

------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.

------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.

------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.

------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.