Re: A poor man's activity check :)

From: Juergen Nieveler (juergen.nieveler@web.de)
Date: 01/08/02

• Next message: Joni Kitar: "Re: Tiny Personal Firewall vs Outpost"
• Previous message: amputee: "Re: Sonicwall - disable all?"
• In reply to: Frank S: "Re: A poor man's activity check :)"
• Next in thread: Ken S.: "Re: A poor man's activity check :)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: Juergen Nieveler <juergen.nieveler@web.de>
Date: 8 Jan 2002 08:20:05 GMT

"Frank S" <fsexton@qwest.net> wrote in
news:0Wq_7.18284$Oc.1469984@bin1.nnrp.aus1.giganews.com:

> But the real need comes from folks that run servers. Who does that you
> say? Something as simple as wanting to let your best buddy ftp
> something to your machine is dangerous enough to need a firewall.

How will a firewall help you there? You have to open all kinds of
ports, ESPECIALLY for FTP, which as about the worst protocol ever
invented ;-)

And there've been scores of exploits for FTP servers - WU-FTPD being
the latest bad case.

> Almost everyone today would like the capability to "access" their home
> computer when away. I understand that you may not. But I'd venture to
> say that most high speed Internet users do. So... it's not really
> "hoopla", it's just that you have to temper the marketing with your
> personal needs. As always.

But that's a bit conflicting: Either they want nobody from the Internet
to access their machines, so they install a Firewall.

OR they want to access their machine from the outside, which would
require them to at least open some ports and install something that
listens on these ports (though a VPN would be a much better
solution...).

In your scenario, a Firewall would only help you if you want to limit
access based on the source IP and port number. The source IP can easily
be spoofed, though... which means that one shouldn't trust it.

-- 
Juergen Nieveler
Support the ban of Dihydrogen Monoxide: http://www.dhmo.org/
"The people united can never be ignited!"- Sgt. Colon, Ankh-Morpork Watch
http://bofh.gmxhome.de / juergen.nieveler@web.de / PGP Supported!

---

• Next message: Joni Kitar: "Re: Tiny Personal Firewall vs Outpost"
• Previous message: amputee: "Re: Sonicwall - disable all?"
• In reply to: Frank S: "Re: A poor man's activity check :)"
• Next in thread: Ken S.: "Re: A poor man's activity check :)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: I have been hacked (WAS: Have I been hacked or is nmap wrong?) ... > console based ftp client. ... the FTP servers have? ... > They are really mail servers, at least smtp for outgoing mails ... If you're firewall was dropping incoming packets destined to ... (freebsd-questions) RE: Slow user logon on Terminal server after migration to Windows 2003 ... The Terminal Servers are 2000 or 2003. ... "Inside the firewall zone" means that the Citrix Servers have a firewall ... available RPC ports? ... (microsoft.public.windows.server.active_directory) Visa PCI Firewall Requirements and Windows Networks ... Windows Security Experts and registered CISSP's: ... public networks by a 2-tiered firewall architecture, ... Lets say that the database servers are the only things ... that need access to the data only need those ports open. ... (Focus-Microsoft) Re: FTP server behind a PF firewall (including NAT) ... Philip> have exactly the same problem. ... Philip> huge range of high ports, and I can't find any information ... IPFW is a real pain compared to most modern firewall software. ... address-translate) the FTP data transfers. ... (comp.unix.bsd.freebsd.misc) RE: Slow user logon on Terminal server after migration to Windows ... Thanks Mate ..I added those dynamic ports and additional ports on my firewall ... network shared server in the same firewall zone as that of the Citrix servers. ... (microsoft.public.windows.server.active_directory)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(15)