| Jeff Abrahamson on Thu, 30 Jan 2003 12:10:36 -0500 |
|
On Thu, Jan 30, 2003 at 10:12:42AM -0500, LeRoy Cressy wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > From a security point of view you do not want all ports open from > inside your your firewall to the outside. With masquerading everything > is open and something might come back throught to hurt you. Thus you > should only open up the ports that you really need to communicate on the > Internet. But isn't a port effectively not open if no one listens on it? So it doesn't matter than my mail server (inside my firewall) is listening for pop3, because the firewall only listens for ssh. I could be slicker and refuse other connections, but does it matter beyond possible DoS? -- Jeff Jeff Abrahamson <http://www.purple.com/jeff/> GPG fingerprint: 1A1A BA95 D082 A558 A276 63C6 16BF 8C4C 0D1D AE4B Attachment:
pgpm7gBszKYcM.pgp
|
|