[an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive] (none) [an error occurred while processing this directive] [an error occurred while processing this directive] [an error occurred while processing this directive][an error occurred while processing this directive]
 
[an error occurred while processing this directive] [an error occurred while processing this directive]
Skåne Sjælland Linux User Group - http://www.sslug.dk Home   Subscribe   Mail Archive   Forum   Calendar   Search
MhonArc Date: [Date Prev] [Date Index] [Date Next]   Thread: [Date Prev] [Thread Index] [Date Next]   MhonArc
 

Re: [NETVAERK] Ultrasimpelt iptables-script på vserver



> > Det kan du godt. Så skal du indstille din FTP klient til at den må
> > bruge de porte.
> > 
> > Har før prøvet, men det er vist noget mas at få til at spille.
> 
> Det ser ud til at virke fint hvis jeg åbner alt over 1024 uden 
> problemer. Men så er der naturligvis ikke meget firewall over det
> mere.

Nej netop.

> Spørgsmål: Såfremt jeg åbner alle high-range porte er det så muligt
> for en hacker at angribe en port der er ved at blive brugt af en
> applikation (f.eks. en ftp klient fra serveren) eller er det samme
> risiko som når man bruger connection tracking? Eller for at
> reformulere: Er der nogen risiko ved at åbne de høje porte hvis man
> er _sikker_ på at der ikke er nogen applikationer der _normalt_
> lytter på disse porte men alligevel bruger dem når man f.eks. laver
> forbindelser "ud af huset"?

Hmmmm... Jeg vil jo mene at hvis ingenting lytter, så sker der ikke
noget ved det. Men der er vist noget med at man kan udnytte at en
anden applikation har en port åben, og lytter, pga. den er ved at
snakke med nogle andre over nettet. Men det samme ville vel gøre sig
gældende for connection tracking.

Gad egentligt også gerne have en gpd teknisk forklaring her fra nogen
der ved hvad det drejer sig om. :)

Mvh. Jesper


 
Home   Subscribe   Mail Archive   Index   Calendar   Search

 
 
Questions about the web-pages to <www_admin>. Last modified 2006-02-01, 02:01 CET [an error occurred while processing this directive]
This page is maintained by [an error occurred while processing this directive]MHonArc [an error occurred while processing this directive] # [an error occurred while processing this directive] *