Mike Leone on Tue, 26 Feb 2002 16:50:14 +0100


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] fire wall question(s)


> Hmmm.  I thought what it meant for a port to be "open" was for there to be
> software running to process the traffic.  But apparently traffic can not
> only be ignored, but rejected?  I assume this would mean sombody listening
> on that port and generating "reject packets" or some such...

I can open ports on my firewall, but not have daemons listening on those ports, nor forwarded to any other machine. 

In order for traffic to be rejected, the port must be closed. A daemon listening on the port could selectively reject traffic, too, depending on the capabilities of the daemon.

> 
> > I suppose it could be made into a DOS.
> 
> Denial of Service, I assume that means.  Which situation would allow DOS:

Yep.

> having the port closed, or open but not listened to?  I would think the
> former, but I'm not sure yet that I know what "closed" means.

Well, consider: whether or not a port is open, or listened to, or whatever ... if I decide to send 400 million packets at you, on port 53, say ... unless you have some upstream way of blocking those packets, your line going to be flooded with incoming packets. Nothing else will be able to get in (effectively speaking), nor can you get out, because your bandwidth is being chewed up by all those incoming packets. Even if you're not processing them, they're still coming in..

> Perhaps I should read a HOWTO on security or something, since I seem to be
> mostly in the dark on this.

I'm no expert, either, but I have a friend who is. :-)



______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug