Re: Port 443?

Brian Candler (B.Candler@pobox.com)
Thu, 8 Oct 1998 13:57:58 +0100

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Andrei Loukinykh: "192.168.201- firewall -192.168.200--192.168.200.1(router)-internet - How?"
Previous message: Chan Foo Bang: "Some mail system problem."

On Thu, Oct 08, 1998 at 05:42:30AM -0500, Jerry Chamberlin wrote:
> The other way yes, Is someone trying to hack SSL??

No, I think what they are testing is whether you have a bad firewall config.

e.g. You have decided you want to allow connections from inside your
firewall to port 443 on the outside (very reasonable), so you add rules:

Allow source (inside/any addr/any port) --> dest (outside/any/port 443)
Allow source (outside/any/port 443) --> dest (inside/any addr/any port)

This is a bad config because it also allows _incoming_ TCP connections
from port 443 on an external machine, to any port on any machine on your
internal network!

You need an extra rule above these which says:

Deny source (outside/any/port 443) --> dest (inside/any addr/any port)
where SYN=1 and ACK=0

to fix this problem.
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Andrei Loukinykh: "192.168.201- firewall -192.168.200--192.168.200.1(router)-internet - How?"
Previous message: Chan Foo Bang: "Some mail system problem."