[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: firewall question...

Bulent Murtezaoglu wrote:
>     PB> Hello all, Can anyone tell me if there is a good reason to
>     PB> allow connections to a local DNS port(53) from remote
>     PB> privledges ports(< 1024)?
> Yes.  Windows and possibly some other systems (little internet
> devices maybe) do not have this "privileged port" notion.
> Why do you care what port people send _from_?

Paranoia. Generally accepted practice when setting up a firewall is to
be as restrictive as possible without breaking things, that includes
restricting the originating ports.
 For example I want to give people access to port 80 but if someone is
trying to connect to port 80 from port 25 their system is either broken
or they are attempting to do something that you probably don't want them
to do. There is no good reason to allow that connection.
  Thanks for the Windows info but I don't understand how can they not
have the "notion" of privledged ports? Aren't "privledged" ports just
generally accepted port assignments?
  And I'm not sure that Windows is a *good* reason! :-)

ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Reply to: