Re: Probes on Port 135 and 445 continue
From: Barry Margolin (barmar_at_alum.mit.edu)
Date: 10/15/04
- Next message: Moe Trin: "Re: Probes on Port 135 and 445 continue"
- Previous message: Barry Margolin: "Re: Probes on Port 135 and 445 continue"
- In reply to:(deleted message) Leythos: "Re: Probes on Port 135 and 445 continue"
- Next in thread: Timothy J. Bogart: "Re: Probes on Port 135 and 445 continue"
- Reply: Timothy J. Bogart: "Re: Probes on Port 135 and 445 continue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 14 Oct 2004 21:25:04 -0400
In article <MPG.1bd8e6cdf351c101989866@news-server.columbus.rr.com>,
Leythos <void@nowhere.org> wrote:
> In article <barmar-E3495E.19551614102004@comcast.dca.giganews.com>,
> barmar@alum.mit.edu says...
> > > over those ports. The firewall understands SMTP and doesn't care what
> > > port it runs on, same for the other services.
> >
> > I very much doubt that. Someone has to tell it what application
> > protocols are using which ports. When it sees traffic on port 80, it
> > knows to scan it for HTTP protocol messages; when it sees traffic on
> > port 25, it knows that it should look for SMTP messages. On some
> > arbitrary port, there's no way for it to know what application-specific
> > scanning it should perform.
>
> You are right, I should have been more specific, the firewall, looking
> at SMTP traffic on port 25, will reject non-smtp traffic on the same
> port. The same for HTTP on port 80, SSL on 443, etc... The firewall, if
> it doesn't see the defined traffic type on the port the rule is set for,
> will drop/reject it.
That's typical of proxy-based firewalls. Packet-level firewalls often
don't do such powerful data scanning.
You seem to be using a very modern definition of firewall, and denying
that anything that came before these types of firewalls fits the
definition. I'm not even sure that the original version of Checkpoint
Firewall-1 would meet your definition. It was a stateful packet filter,
not a proxy.
-- Barry Margolin, barmar@alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me ***
- Next message: Moe Trin: "Re: Probes on Port 135 and 445 continue"
- Previous message: Barry Margolin: "Re: Probes on Port 135 and 445 continue"
- In reply to:(deleted message) Leythos: "Re: Probes on Port 135 and 445 continue"
- Next in thread: Timothy J. Bogart: "Re: Probes on Port 135 and 445 continue"
- Reply: Timothy J. Bogart: "Re: Probes on Port 135 and 445 continue"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
