Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: What to look at, source or destination port?

From: José Joaquín <jostein_svq () hotmail com>
Date: Thu, 24 Jul 2003 08:38:18 +0200
Hi Scott,
what I really wanted to say was that you should allow to pass through the firewall only packets belonging to well known UDP protocols, of course, used by your applications; i.e. DNS, NetBios datagram (in the case you're working on a Windows Network environment), etc. 

I beg your pardon (to all of you) if my first appreciation was wrong.

Kind regards,
Jose Joaquin


From: "Vachon, Scott" <Scott.Vachon () paymentech com>
To: <security-basics () securityfocus com>
CC: <firewalls () securityfocus com>
Subject: RE: What to look at, source or destination port?
Date: Wed, 23 Jul 2003 11:34:18 -0400
>UDP is not a connection-oriented protocol as TCP is, so it is more difficult >to track it by a mean firewall (i.e. it's quite difficult to find out which >peer is the origin of the communication). You should determine if there is 
>more entries in the logs like those, group them by source port and see if
>the destination port it's the same.
>Anyway it's a good practice to allow to pass through the firewall only
>packets belonging to well known UDP protocols.
I beg to differ on "good practice to allow to pass through the firewall only packets belonging to well known UDP protocols." It is "good practice" on a firewall to DENY everything and then open only what is needed. Also, one could use a sniffer either outside of or inside of the firewall to capture traffic on the network. 

Disclaimer: My 2 cents.

~S~
Learn more about Paymentech's payment processing services at www.paymentech.com THIS MESSAGE IS CONFIDENTIAL. This e-mail message and any attachments are proprietary and confidential information intended only for the use of the recipient(s) named above. If you are not the intended recipient, you may not print, distribute, or copy this message or any attachments. If you have received this communication in error, please notify the sender by return e-mail and delete this message and any attachments from your computer. 

_________________________________________________________________
Localiza y ponte en contacto con tus antiguos compañeros de clase en MSN Compañeros. http://mipasado.msn.es/ 


---------------------------------------------------------------------------
----------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: