Re: [masq] FTP and firewalls

Tim Fletcher (tim@night-shade.demon.co.uk)
Thu, 28 Jan 1999 17:33:40 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Eduardo Soriano: "Problem with lo device"
Previous message: Clifford Hammerschmidt: "Re: [masq] FTP and firewalls"
In reply to: Mike: "ipchains"

> >ipchains -A input -j ACCEPT -y -p tcp -s 0.0.0.0/0 20 -d yourip 1024:65535
>
> um, why bother running the firewall then? This is also the same an -P input
> ACCEPT... your allowing anyone to connect from their port 20 (easy enough
> to spoof) to your box on any port above 1023... not a great idea. Someone
> using NMap could scan all your upper ports easily.
>
> Is it that hard to type PASSIVE?

oops daft error I ment to say ports over 60000 (ie masq'd connections) and
I also run abacus sentry which _should_ stop the scans.

Tim Fletcher .~.
/V\ L I N U X
tjdf@st-andrews.ac.uk // \\ >Don't fear the penguin<
/( )\
^^-^^

Catapultam habeo. Nisi pecuniam omnem mihi dabis, ad caput tuum saxum
immane mittam (For non-latiners: "I have a catapult. Give me all the
money, or I will fling an enormous rock at your head.")

-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu

Next message: Eduardo Soriano: "Problem with lo device"
Previous message: Clifford Hammerschmidt: "Re: [masq] FTP and firewalls"
In reply to: Mike: "ipchains"