security blather Re: [techtalk] login restriction
Susannah D. Rosenberg
indrani at mindspring.com
Fri Jul 7 16:34:30 EST 2000
kelly at poverty.bloomington.in.us wrote:
>
> On Fri, 7 Jul 2000 15:14:59 -0400 , "Fan, Laurel" <Laurel.Fan at compaq.com> said:
>
> >If I can, from my computer, open an "smtp connection" to port 25 on
> >somehost, I can run "telnet somehost 25". Neither of which has
> >anything at all to do with telnetd.
>
> I am indeed at a loss to tell how a firewall could tell a connection
> to port 25 that originates from a MTA from one that originates from
> some other sort of socket opening program. The TCP protocol doesn't
> tell you squat about what the program opening the socket intends to do
> with it. Admittedly, a firewall _could_ terminate a SMTP session that
> doesn't "act right", but it can't tell that until the connection has
> been established and some data has been exchanged. Unless, of course,
> someone has a "psychic firewall" out there that I haven't heard about.
erm... <sigh>
packet filtering mean anything to you? basically, said firewall takes in
said packet destined for port X. it scans through/reads the signature of
said packet (ie, headers, footers, neat stuff like that), and then
decides whether or not to foreward it on. there are even more
sophisticated things you can do with this (a good example is NFR,
network Flight Recorder, which is basically a "psychic firewall"
designed to recognize and filter on known security exploits -- ie, "does
this packet look like this known script-kiddie attack?")
in fact, this is really just a more complicated version of how cisco
routers do access-list filtering, from what i can tell.
More information about the Techtalk
mailing list