Re: What should I block out with my new firewall software?

From: Lisa (noreply_at_noreply.com)
Date: 02/15/04 

Date: Sat, 14 Feb 2004 19:38:58 -0500

On 2/14/2004 6:38 PM, BoB wrote:

> Mozilla Firebird had been working fine for weeks with only
> 80,3128,443,20,21 approved for TCP out. Recently Firebird
> made a request for some other number apparently, as Kerio 215
> popped up a permission request for Firebird. I approved it as
> I wanted to complete whatever I was doing. It established a
> new rule in Kerio for TCP out on 'any' port for Firebird. I
> unapproved it ASAP and haven't seen another request.

Port 3128??? Never heard of it. Also, allowing TCP out on port 20 is
useless. It's the TCP *in* port for ftp.

Um, it would be good to know what exactly the request was, otherwise
it's hard to say what it could have been. It could have been Firebird
talking to itself. On startup it usually likes to make a connection
(random port number) with the remote address as 127.0.0.1 (home). It
could have been that, or it could have been something completely different.

Also, if you get a request for some connection and you have kerio make a
simple rule out of it, it will always approve for any port. The rule
will, however, be TCP/UDP specific and outgoing/incoming specific. If
you want the rule to be any more refined than that, you have to go into
the advanced settings when you make the rule.

Relevant Pages

  • Re: Code Red Doesnt care about TCP sessions?
    ... Code Red Doesn't care about TCP sessions? ... Below is an attempt to reach port 80 on a windows machine running ... so it never sent the GET request. ... TCP Options => MSS: 1460 NOP NOP SackOK ...
    (Incidents)
  • Re: Do most firewall setups allow HTTP traffic through on any port?
    ... webserver and the webserver attempts to accept the connection using a tcp ... daemon on another port on the server? ... (www.dart.com has a TCP ... accept the incoming request - I am considering using it in my project.) ...
    (comp.security.firewalls)
  • Re: What should I block out with my new firewall software?
    ... >> Port 80 is for home users directly connected to the internet. ... Mozilla Firebird had been working fine for weeks with only ... popped up a permission request for Firebird. ... new rule in Kerio for TCP out on 'any' port for Firebird. ...
    (comp.security.firewalls)
  • Re: Fernzugriff zur Maschinenwartung
    ... ich habe mittlerweile vom Entwickler erfahren, dass der Request nur zwingend ... > Fernwartung eine Verbindung zum Server des Herstellers auf Port 7778 ... >> PC einen Request auf Port 7788 mit TCP zum Server des Herstellers ... >> Eine Protokolldefinition mit dem Port 7788 mit Protokolltyp TCP ausgehend ...
    (microsoft.public.de.german.isaserver)
  • Malicious use of grc.com
    ... ShieldsUpis an application developed by Steve Gibson of Gibson ... Research Corporation that allows a web user to request a remote port scan ... ShieldsUp happily scans the other box while returning the result set into ...
    (NT-Bugtraq)