Re: Probes on Port 135 and 445 continue
From: Barry Margolin (barmar_at_alum.mit.edu)
Date: 10/15/04
- Next message: Barry Margolin: "Re: Probes on Port 135 and 445 continue"
- Previous message: Greg Mortensen: "Re: Probes on Port 135 and 445 continue"
- In reply to:(deleted message) Leythos: "Re: Probes on Port 135 and 445 continue"
- Next in thread: Leythos: "Re: Probes on Port 135 and 445 continue"
- Reply:(deleted message) Leythos: "Re: Probes on Port 135 and 445 continue"
- Reply: Jose Maria Lopez Hernandez: "Re: Probes on Port 135 and 445 continue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 14 Oct 2004 19:55:16 -0400
In article <MPG.1bd7aeecdee6cc0d98985f@news-server.columbus.rr.com>,
Leythos <void@nowhere.org> wrote:
> In article <barmar-1733B7.20583013102004@comcast.dca.giganews.com>,
> barmar@alum.mit.edu says...
> > In article <MPG.1bd71044b7cc3152989857@news-server.columbus.rr.com>,
> > Leythos <void@nowhere.org> wrote:
> >
> > > The above is what makes a firewall device in my book, all the others are
> > > just NAT boxes.
> >
> > To me, the distinction you described is between a "basic firewall" and a
> > "full-featured, powerful firewall".
>
> Barry, I don't see the difference. The NAT box has no idea what SMTP is,
> no idea what HTTP is, all it knows is ports, it doesn't care what runs
A basic firewall doesn't have to know about application protocols. If
it allows you to block port 25 and allow port 80, it's more than just a
NAT box. No, it won't do virus checking on that traffic, but that's an
"advanced" firewall feature, not a basic one.
What were the things that we called firewalls 15 years ago, long before
all this application data scanning became popular? In those days we
just set up a bastion host, and configured the Internet router to only
allow incoming traffic to that one machine. But there were no virus
scanners yet.
> over those ports. The firewall understands SMTP and doesn't care what
> port it runs on, same for the other services.
I very much doubt that. Someone has to tell it what application
protocols are using which ports. When it sees traffic on port 80, it
knows to scan it for HTTP protocol messages; when it sees traffic on
port 25, it knows that it should look for SMTP messages. On some
arbitrary port, there's no way for it to know what application-specific
scanning it should perform.
-- Barry Margolin, barmar@alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me ***
- Next message: Barry Margolin: "Re: Probes on Port 135 and 445 continue"
- Previous message: Greg Mortensen: "Re: Probes on Port 135 and 445 continue"
- In reply to:(deleted message) Leythos: "Re: Probes on Port 135 and 445 continue"
- Next in thread: Leythos: "Re: Probes on Port 135 and 445 continue"
- Reply:(deleted message) Leythos: "Re: Probes on Port 135 and 445 continue"
- Reply: Jose Maria Lopez Hernandez: "Re: Probes on Port 135 and 445 continue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
