Re: Understanding NAT, Firewalls, TCP/IP

"Roedy Green" <my_email_is_posted_on_my_website@xxxxxxxxxxxxxx> wrote in
message news:nbvas11g6mtk6npudpqdi60rvoea55c3nh@xxxxxxxxxx
> On Wed, 11 Jan 2006 10:56:18 +0100, Thomas Weidenfeller
> <nobody@xxxxxxxxxxxxxxxx> wrote, quoted or indirectly quoted someone
> who said :
>
<snipped />
> Some of the clients will be relatively computer naive people working
> on home computers in remote parts of the globe as language
> translators. They may have a home router firewall, or some software
> firewall, which they will not understand. They will have just plugged
> it in and left it to defaults.
>
> I want wondering if there are firewalls that might by default block
> outgoing tcp/ip connections to anything other than port 80 or FTP
> ports.

Well... to give you an example... My firewall usually have these
settings (and so do all the firewalls of my computer
illiterate friends):

# Access via SSH for administration
pass in quick on xl1 proto tcp from any to any port = 22 keep state

# General statefull connection out
pass out quick on xl1 proto tcp/udp from any to any keep state
pass out quick on xl1 proto icmp from any to any keep state

# webserver inside DMZ
pass in quick on xl1 proto tcp from any to any port = 80 flags S keep
state keep frags
pass in quick on xl1 proto tcp from any to any port = 21 flags S keep
state keep frags
pass in quick on xl1 proto tcp from any to any port = 8080 flags S keep
state keep frags

# General denial og incoming connections
block in quick on xl1

Which means, except for SSH, FTP and my web-servers, *everything* is
blocked!

(And no, I'm not worried after posting my settings here :-D )

Bottom line is that all the people with a "friend with knowledge" probably
have very strict incoming policy. (The "friend" want to avoid extra work).

But connections initiated from them (any port) will be allowed, including
subsequent incoming responses to the actual port.

--
Dag.


.

Relevant Pages

  • RE: FTP Window of opportunity?
    ... does it seemingly accept the connections and drop them once the response ... Subject: FTP Window of opportunity? ... blocked by the firewall. ... the FTP port shows up. ...
    (Pen-Test)
  • RE: an error in the NMAP docs?
    ... normal "non-passive" FTP connections create a connection FROM the server ... FROM port 20 back to an ephemeral port on the client for data transfers. ... "Many naive firewall and packet filter installations make an exception ... Earn your MS in Information Security ONLINE ...
    (Security-Basics)
  • Re: Firewalls: whats the use?
    ... > local connections and it is not possible to connect to it from the ... > Since it is a web server I obviously need to allow traffic from anyone ... > to port 80. ... The basic thing that a firewall does is limit what you have to worry about. ...
    (comp.os.linux.security)
  • Re: Help with undetectable Worm?!
    ... Yesterday i noticed a ton of firewall connections coming from 7 ... Issuing 1 byte TCP Keep Alive requests from port 1911 to port 135 on ... he told me to call my SysAdmin and then to ...
    (microsoft.public.windowsxp.help_and_support)
  • Re: lsass.exe fails and reboots
    ... If your firewall is allowing connections to port 445 or other unauthorized ... Management to manage the server assuming it is enabled. ...
    (microsoft.public.security)