Re: Completely replace software firewall with hardware firewall?
From: Leythos (void_at_nowhere.lan)
Date: 03/26/05
- Previous message: Duane Arnold: "Re: [Linksys BEFSX41} "WallWatcher" message inspires newbie confusion!"
- In reply to:(deleted message) Melissa: "Re: Completely replace software firewall with hardware firewall?"
- Next in thread: Nick H: "Re: Completely replace software firewall with hardware firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 26 Mar 2005 04:25:12 GMT
On Fri, 25 Mar 2005 12:59:35 -0800, Melissa wrote:
>
> Follow-up set to: comp.security.firewalls
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: RIPEMD160
>
> Hi Leythos,
>
> On Wed, 23 Mar 2005 02:06:06 GMT, you wrote:
>
>>>> , block outbound SMTP engine worms
>
>>> policy - you mean block a certain amount of email being send in a
>>> certain amount of time - bulk mail blocking - limited amount of
>>> recipients.... this is just policy - still not application level.
>
>> No, I mean blocking all outbound SMTP traffic except to the ISP's
>> SMTP server, or all outbound SMTP traffic except from the internal
>> SMTP server. This prevents many viruses that have their own SMTP
>> engines from sending any email without using a specific SMTP
>> server.
>
> This comment of yours inspires me to ask a question or two. Before I
> start, I'll mention that I currently have a Linksys BEFSX41 v2
> router/"firewall" (the "firewall" bit is a claim by Linksys), and
> Sygate Personal Firewall.
As I've said before, the appliances by Linksys and most of the others are
just simple NAT routers that sometimes have expanded features, they are
not really firewalls, it's just marketing hype.
> In the past, I've found that my ISP provided SMTP server has been
> unreliable in some respects and/or it might take a very long time to
> make certain messages available for my recipients after having been sent
> from here. And so, while I can be a bit intimidated by all that is
> required to configure and maintain a full blown local SMTP server (like
> "Mercury" from Pegasus or others), I have been using, very successfully,
> an application that might be considered a "SMTP server for dummies":
> "Advanced Direct Remailer" (aka "ADR"). This program allows me to send
> email "directly" via my recipient's SMTP server, and it also provides
> the ability to automatically invoke my ISP SMTP server should the
> "direct" connection be refused for any reason. It also provides
The only means you could use to send email using the "recipients" email
server is if you had a valid account to use in order to relay through
them. If you are just using the redirector to bounce your messages off
unsecure SMTP servers then you're asking for trouble.
> detailed transmission logs so that I can see, right away, if the email I
> just sent has been successfully delivered and is already available for
> my recipient to receive.
>
> This ADR program does use port 25 for its sending (outgoing) operation,
> yet the port does seem to be "stealthed" from the incoming side (I've
> used various online scans to test both the software firewall and
> hardware router/firewall independently to verify this).
Outbound has nothing to do with inbound, you don't get email from your ISP
using port 25, you PULL email using port 110 (POP) and send using SMTP
(25). The same is true for most any email, it's sent using port 25 to
servers, and servers relay using port 25 also. Pulling is based on the
client used to contact the server when you want to fetch/pull your email.
> Is there something further I can do with my Linksys BEFSX41
> router/"firewall" and/or my Sygate PFW to make the use of this program
> even more secure? All I use it (ADR) for is to send individual email
> messages from any of several different accounts.
There is little you can do to secure outbound traffic using the Linksys,
it's not going to do much, but it does secure inbound unless you've done
some port forwarding or enabled UPNP.
In the private ports list, in the linksys, I always block outbound to
destination ports 135~139, 445, 1433/1434, and sometimes 1025~1027.
Depending on the user I might also block outbound port 25 since some users
use webmail only and not SMTP/POP.
> Also, I've been fortunate enough to have discovered the concept of "safe
> computing" early on, at least to the point of being able to so far
> prevent any virus/worm/Trojan problems in all the years I've been online
> (knocking on my wooden head, of course), though as an extra precaution,
> I wouldn't mind being able to absolutely "lock down" any and all
> applications other than ADR for use of SMTP.
ADR sounds like a bad tool for ethical use - if it really sends email
through other servers then you should reconsider using it - just because
someone leaves a server unsecured is no reason to use it.
[snip]
One other thing - if you setup an SMTP server on a residential account,
it's highly likely that it will already be black-listed as many of the
list encompass the known subnets for the residential services of most
ISP's.
-- spam999free@rrohio.com remove 999 in order to email me
- Previous message: Duane Arnold: "Re: [Linksys BEFSX41} "WallWatcher" message inspires newbie confusion!"
- In reply to:(deleted message) Melissa: "Re: Completely replace software firewall with hardware firewall?"
- Next in thread: Nick H: "Re: Completely replace software firewall with hardware firewall?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
