* Philipp Snizek wrote on Wed, Apr 11, 2001 at 16:55 +0200:
Blocking all unwanted (unused) ports for listening sockets (ipchains -y)
Hmm...no good news. Since I at least want to have little security in this I'll put the -y in my most used hi-ports and the others I'll totally block.
AFAIK many trojans use UDP, please correct me if I'm wrong. "-y" affects TCP packets only.
Accoroding to simovits.com most trojans use tcp and some litte udp. needless to say that udp in most cases can be blocked totally. But how would you try to stop trojans-communication if they used your most used hi-ports, lets say 25000-30000 for example? If you block these ports e.g. with ipchains, your clients are not able to communicate anymore to the outside world. If you block tcp-syn from internet to internal net according to Markus Gaugusch your chances depend on how the specific tcp trojan syncs: from client to server, server to client respectively. What would you do? Philipp
oki,
Steffen
-- Dieses Schreiben wurde maschinell erstellt, es trägt daher weder Unterschrift noch Siegel.
--------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com