home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.protocols.tcp-ip
- Path: sparky!uunet!snorkelwacker.mit.edu!bloom-picayune.mit.edu!math.mit.edu!drw
- From: drw@euclid.mit.edu (Dale R. Worley)
- Subject: Re: Firewall usage (was: Re: ping works, but ftp/telnet get "no route)
- In-Reply-To: smb@ulysses.att.com's message of 28 Jul 92 15:36:14 GMT
- Message-ID: <DRW.92Jul30153427@euclid.mit.edu>
- Sender: news@athena.mit.edu (News system)
- Nntp-Posting-Host: euclid.mit.edu
- Organization: MIT Dept. of Tetrapilotomy, Cambridge, MA, USA
- References: <BrruC8.FEo@spock.dis.cccd.edu> <BrsM1C.36v@cs.columbia.edu>
- <DRW.92Jul27143657@jordan.mit.edu> <17011@ulysses.att.com>
- Date: Thu, 30 Jul 1992 20:34:27 GMT
- Lines: 20
-
- In article <17011@ulysses.att.com> smb@ulysses.att.com (Steven Bellovin) writes:
- About all I can say is that the outside port number in one
- direction is 513, and the inside port number is something less than
- 1024. But when such a packet floats by, the router has no way of
- knowing that that's really rlogin. The *real* definition is that
- the connection was initiated from the inside. Otherwise, the
- packet could be from a connection initiated *from* port 513 on a
- dedicated attacker's machine, and to some service on an inside
- machine. But routers don't keep track of connections, they look at
- individual packets.
-
- I haven't studied the matter, but I believe that the more
- sophisticated firewalling routers actually *do* track connections. At
- least, I've heard claims about what some routers could do that I
- couldn't figure out how to do without tracking connections.
-
- Dale Worley Dept. of Math., MIT drw@math.mit.edu
- --
- Anything that's not nailed down is mine. Anything I can pry loose is not
- nailed down.
-