Re: Outbound ports
From: David (davidwnh_at_adelphia.net)
Date: 10/22/03
- Next message: MEngrie: "CheckPoint Firewall-1 logfile analyzer/reporter"
- Previous message: Baptiste Pillot: "Re: linux - iptable firewall DNS question"
- In reply to:(deleted message) Juergen Nieveler: "Re: Outbound ports"
- Next in thread: Leythos: "Re: Outbound ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 22 Oct 2003 19:06:00 GMT
You set up filters that allow inbound from the high ports to the
specific service ports and that allow outbound from the specific service
ports to the high ports.
>
>
> How are people going to use it, then? Destination Port 80 outbound
> means that you allow people ON your webserver to surf to other
> webservers ;-)
>
>
It applies to any firewall that allows for this type of filtering. Many
personal firewalls allow for this type of filtering.
>>If you block outbound ports, except the ones you actually need, you
>>limit what things your computers can do should they become
>>compromised.
>
>
> Caveat: This only applies for real firewalls, not "Desktop Firewalls".
>
>
>>For instance, if you don't allow 135~139, 445, and 8 outbound you
>>don't have to worry about people making standard windows share
>>connections to machines on the internet and you don't have to worry
>>about your machines pinging them either.
>
You could always change the setting for the small amount of time that
you might spend troubleshooting a connection.
> Not to mention that it would be rather stupid to prevent your own
> machine from pinging others - how do you troubleshoot connections
> without ping?
>
- Next message: MEngrie: "CheckPoint Firewall-1 logfile analyzer/reporter"
- Previous message: Baptiste Pillot: "Re: linux - iptable firewall DNS question"
- In reply to:(deleted message) Juergen Nieveler: "Re: Outbound ports"
- Next in thread: Leythos: "Re: Outbound ports"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
