Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: terminal services

From: Barney Wolff <barney () pit databus com>
Date: Tue, 28 Jan 2003 19:35:53 -0500
On Tue, Jan 28, 2003 at 06:56:21PM -0500, Paul D. Robertson wrote:


(UDP 1434) 
It's an ephemeral port- just blocking it may make random stuff not work in 
some situations (like say DNS...)


Any network without a state-keeping firewall between it and the Internet
really needs to have just one or two DNS cacheing proxies doing requests
from port 53, ditto NTP, and block all other UDP.  Anything else is just
too dangerous, not by a little, but by a whole lot.

This worm sent from random source ports, but the next one will surely
send from 53 or 123, and all the folks who have allow any 53 to any
rules will get hit.  Together with the folks who have allow any 20 to any.
Some things just can't be done safely without state, so if you need to
do them, you need to keep state.

-- 
Barney Wolff         http://www.databus.com/bwresume.pdf
I'm available by contract or FT, in the NYC metro area or via the 'Net.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: