[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Listening Ports

On Mon, Sep 10, 2001 at 02:14:56PM +0200, Bernhard R. Link wrote:
> On Mon, 10 Sep 2001, Alexander Reelsen wrote:
> > First binding then firewalling is a bad idea, someone might be able to
> > access that service via spoofing or other dirty tricks...
> I do not know very much in this area, but I was of the impression, that
> firewalling might be more secure than giving ip, as you can only specify
> the ip, and not the network-interface the connection comes from.
Well, I consider listening on a certain IP as quite secure, because you
mostly know what ip is bound to what interface. If you want to do extra
firewalling per-interface then you need something else than inetd.

Both is useful, what I meant was the fact, that starting unnecessary
services per-ip (per-interface as well ;)) and firewalling those
afterwards is not that securitywise as not starting them at all.


MfG/Regards, Alexander

-- 
Alexander Reelsen   http://joker.rhwd.de
ref@linux.com       GnuPG: pub 1024D/F0D7313C  sub 2048g/6AA2EDDB
ref@tretmine.org    7D44 F4E3 1993 FDDF 552E  7C88 EE9C CBD1 F0D7 313C
Securing Debian:    http://joker.rhwd.de/doc/Securing-Debian-HOWTO
Reply to: