At 9:05 AM +0200 14/8/01, Auer, Karl James wrote:
>> If your product is secure you don't need to worry about
>> packet filtering.
>
>You were talking about compartmentalising things - how can an
>application know whether an inbound packet is spoofed?
So we disagree on the definition of packet filtering too :)
>From my ISP background I tend to think of packet filtering as
dropping all packets destined to ports 137, 138 and 139 and 31337
on the floor.
But if NetBios was secure and if there was no way to install Back
Orifice, these filters would not be required.
The other thing packet filtering can do is prevent information about
your systems being discovered via port scans. (e.g. prevent port 80
access to all machines that are not web servers). But once again, if
systems were secure this wouldn't be required either.
As an example, I *like* people to know I run qmail and ncftpd because
once they know that they'll stop trying Sendmail and wuftpd exploits
against my system. And hopefully come to the conclusion that I'm a
security conscious admin and stop attacking before they find a
vulnerability that I may have missed :)
...R.
This archive was generated by hypermail 2.1.1 : Fri Aug 31 2001 - 03:10:04 EST