Date: Sat, 21 Oct 2000 21:04:44 +0200 (CEST) From: Blaz Zupan <blaz@amis.net> To: Rudy <rudy@monkeybrains.net> Cc: freebsd-net@FreeBSD.ORG Subject: Re: Using punch_fw from natd Message-ID: <Pine.BSF.4.21.0010212102480.70509-100000@titanic.medinet.si> In-Reply-To: <Pine.BSF.4.21.0010211126260.94231-100000@pizza.monkeybrains.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> You can reduce the numbe of open ports --- ftpd does not use 1024-65535B You can't predict what ports the ftp server uses - my users could be connecting to any ftp server out there which could select any port above 1024. > Users do not have shell accounts on that box, so I am not worried about > leaving a bunch of high numbered ports open. (Is this a mistake?) I'm not protecting just one host, I'm protecting a whole network, with possibly services running out there - for example X uses ports around 6000. I can of course block that, but who guarantees that there isn't some other software listening on some other port on a users Windoze box? Blaz Zupan, Medinet d.o.o, Linhartova 21, 2000 Maribor, Slovenia E-mail: blaz@amis.net, Tel: +386-2-320-6320, Fax: +386-2-320-6325 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0010212102480.70509-100000>