RE: [SLE] Is my firewall safe?

Message-ID: <01C071EF.598B55C0@andrew.plus.net> From: Andrew Smith Date: Fri, 29 Dec 2000 23:30:36 -0000 Subject: RE: [SLE] Is my firewall safe? Hi FTP can accept both anonomous and user connections... what are the risks in allowing user connections? Trojans were my main worry with the higher ports... I can easily find out what ports halflife use, but what ports does 'real' ftp use? I know 20 and 21 are used, although when I tried to downoad via ftp at one point, I saw a very high port being used (over 60000). Am I right in assuming that this port will change all the time? If so, is there a specific range that the port may be? Sorry about the non-wrapping... I'm using... dare I say it... Outlook at the moment (sorry for the obscene language) :o) Hopefully I've hit [Enter] in the right sorta spot to make it a bit easier for you to read! :o) Thanks for your help (and thanks to Jerry Kreps for the links) :-) <p>Andrew -----Original Message----- From: Greg Thomas [SMTP:ethant@pacificnet.net] Sent: 29 December 2000 21:41 To: Andrew Smith Cc: SuSE Linux Mailing List (E-mail) Subject: Re: [SLE] Is my firewall safe? On Fri, 29 Dec 2000, Andrew Smith wrote:

Hi

I've just finished setting up a linux box to act as an internet gateway & firewall, tho i'm not sure whether it's secure. I have currently blocked all incomming CONNECTIONS from ports 0 to 1023 except for 20, 21 and 80 (as the machine is also being used for a web & ftp server). I know that this range of ports are used by services run as root, so should this be enough? I was considering blocking connections from 0 to 65535 but this would mean 'real' ftp wouldnt work for me and i'd have problems running Halflife multiplayer games - oh no!!!

All the firewalls in the world aren't going to help you if you can ftp with a user account. Are you only allowing Anonymous ftp connections? Also, if you're not going to block incoming ports over 1023 then you should scan yourself often to see if you somehow have been trojaned and running services on a port over 1023. BTW, can you set your lines to wrap around 72 characters? Greg