Re: Why is Win Explorer accessing the Net?
From: Walter Roberson (roberson_at_ibd.nrc-cnrc.gc.ca)
Date: 12/23/03
- Next message: Adam O'Brien: "Re: Security through wide system use?"
- Previous message: Rowdy Yates: "Re: Security through wide system use?"
- In reply to:(deleted message) Leythos: "Re: Why is Win Explorer accessing the Net?"
- Next in thread: Lars M. Hansen: "Re: Why is Win Explorer accessing the Net?"
- Reply: Lars M. Hansen: "Re: Why is Win Explorer accessing the Net?"
- Reply: David: "Re: Why is Win Explorer accessing the Net?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 23 Dec 2003 16:02:22 GMT
In article <MPG.1a52295fa0f7f254989fba@news-server.columbus.rr.com>,
Leythos <void@nowhere.com> wrote:
:MS makes great software for the business and home, it's simple to
:install, easy to use, and on the average, has more features that any GNU
:or Open Source product available.
:If you don't know how to secure something it only takes about an hours
:time to research it to figure it out.
Unless it's peered MS Exchange (pre-AD) servers. The MS
documentation gives a very short list of ports that has little
relationship to reality. I analyzed the firewall logs to see
what ports were actually being used -- it was over 20 different
protocols. And it continues to surprise me; I noticed in my
logs this morning that the traffic flow has changed again since
the last time I analyzed about 3 weeks ago.
Here's an issue that I've run into that perhaps you could clue
me in on:
Client contacts Exchange Server (pre-AD). Client negotiates
a port via RPC (TCP 135). Client holds short TCP conversation and
drops the connection. Later (a few hours, up to a couple of weeks),
Exchange server wishes to send information to client. Exchange
server attempts to contact client at -same- IP address and port
that client used last time they connected many days before.
Firewall does not let server through because the original port
the client used was dynamically allocated and the TCP connection
had been closed long ago. Exchange server retries and retries
and retries, persisting in attempting to contact the dynamic
TCP port for over a week.
Now, not having control over the corporate Exchange servers, how
can I configure the client to stop the server from remembering the
ip + port (both of which could have been dynamically allocated) --
or how can I *reasonably* configure a stateful firewall to
recognize this situation and make the appropriate back-connection
even if the public IP has been long ago reallocated?
-- Sub-millibarn resolution bio-hyperdimensional plasmatic space polyimaging is just around the corner. -- Corry Lee Smith
- Next message: Adam O'Brien: "Re: Security through wide system use?"
- Previous message: Rowdy Yates: "Re: Security through wide system use?"
- In reply to:(deleted message) Leythos: "Re: Why is Win Explorer accessing the Net?"
- Next in thread: Lars M. Hansen: "Re: Why is Win Explorer accessing the Net?"
- Reply: Lars M. Hansen: "Re: Why is Win Explorer accessing the Net?"
- Reply: David: "Re: Why is Win Explorer accessing the Net?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
