Re: firewall question...

To: Bulent Murtezaoglu <bm@acm.org>
Cc: debian-isp@lists.debian.org
Subject: Re: firewall question...
From: Peter Billson <pete@elbnet.com>
Date: Wed, 06 Jun 2001 14:12:57 -0400
Message-id: <[🔎] 3B1E72A9.9026C9B1@elbnet.com>
References: <[🔎] 3B1E2928.16185B82@elbnet.com> <[🔎] 15134.26790.595813.455478@nkapi.internal>

Bulent Murtezaoglu wrote:
> 
>     PB> Hello all, Can anyone tell me if there is a good reason to
>     PB> allow connections to a local DNS port(53) from remote
>     PB> privledges ports(< 1024)?
> 
> Yes.  Windows and possibly some other systems (little internet
> devices maybe) do not have this "privileged port" notion.
> 
> Why do you care what port people send _from_?

Paranoia. Generally accepted practice when setting up a firewall is to
be as restrictive as possible without breaking things, that includes
restricting the originating ports.
 For example I want to give people access to port 80 but if someone is
trying to connect to port 80 from port 25 their system is either broken
or they are attempting to do something that you probably don't want them
to do. There is no good reason to allow that connection.
  Thanks for the Windows info but I don't understand how can they not
have the "notion" of privledged ports? Aren't "privledged" ports just
generally accepted port assignments?
  And I'm not sure that Windows is a *good* reason! :-)

Pete
-- 
http://www.elbnet.com
ELB Internet Services, Inc.
Web Design, Computer Consulting, Internet Hosting

Reply to:

Follow-Ups:
- Re: firewall question...
  - From: Bulent Murtezaoglu <bm@acm.org>

References:
- firewall question...
  - From: Peter Billson <pete@elbnet.com>
- firewall question...
  - From: Bulent Murtezaoglu <bm@acm.org>

Prev by Date: Re: Finding the Bottleneck
Next by Date: firewall question...
Previous by thread: firewall question...
Next by thread: Re: firewall question...
Index(es):
- Date
- Thread