Firewall rules

Vernon Schryver vjs@calcite.rhyolite.com
Mon Sep 13 15:10:01 UTC 2004


> From: Richard Underwood 

> 	Yes - there's exactly the same problem with port 53. No difference.
> If you allow UDP packets inbound based solely upon the source port, you are
> opening yourself up to risk. In the past I have been involved with security
> audits and this is a problem more often than you'd believe.

I could accept the word "concern," but not "problem," unless "problem"
is as much about politics and other non-technical issues as raw technical
considerations about what the bad guys can and cannot do.


> 	Umm! How about adding something like this just before "Please use
> this document at your own risk."
>
> "Filtering inbound traffic by source port may allow undesirable traffic onto
> your network. Where possible, stateful firewalling should be used."

The first sentence is good.  I've added something similar.  thanks.
I have problems with second sentence.

You really don't want to get me started on what I consider...ah...issues
in the computer security industry.


Vernon Schryver    vjs@rhyolite.com



More information about the DCC mailing list

Contact vjs@rhyolite.com by mail or use the form.