Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Security risks involved with opening UDP ports 1024-65535

1,651 views
Skip to first unread message

news.traveller.com

unread,
Feb 2, 1999, 3:00:00 AM2/2/99
to
Hello. I was wondering if there are any serious security implications that
would result from opening up UPD ports 1024-65535 on a firewall. The
motivation for opening these ports is Microsoft Netmeeting.

Thanks,

Richard M. Shanlever

news.traveller.com

unread,
Feb 2, 1999, 3:00:00 AM2/2/99
to

Cam Penner

unread,
Feb 2, 1999, 3:00:00 AM2/2/99
to
In article <797fi8$gvg$1...@tsunami.traveller.com>, rsha...@mouat.com
says...

> Hello. I was wondering if there are any serious security implications that
> would result from opening up UPD ports 1024-65535 on a firewall. The
> motivation for opening these ports is Microsoft Netmeeting.

I *think* NetMeeting also uses TCP in that range too. Opening a hole
large enough for NetMeeting should be VERY carefully considered. It
requires a BIG hole.

--
Cam

dba...@tri-sage.com

unread,
Feb 2, 1999, 3:00:00 AM2/2/99
to
Yes, anything that uses those high ports on your network. SQLNET for
instance.

In article <797fi8$gvg$1...@tsunami.traveller.com>,


"news.traveller.com" <rsha...@mouat.com> wrote:
> Hello. I was wondering if there are any serious security implications that
> would result from opening up UPD ports 1024-65535 on a firewall. The
> motivation for opening these ports is Microsoft Netmeeting.
>

> Thanks,
>
> Richard M. Shanlever
>
>

-----------== Posted via Deja News, The Discussion Network ==----------
http://www.dejanews.com/ Search, Read, Discuss, or Start Your Own

Michael Kafka

unread,
Feb 11, 1999, 3:00:00 AM2/11/99
to
news.traveller.com wrote:
> Hello. I was wondering if there are any serious security implications
> [....] Microsoft Netmeeting.
> Thanks, Richard M. Shanlever

Netmeeting can be supported through various types of "firewalls".
dynamic ports can be permitted by inspecting the control-sessions
and producing "dynamic permit entries" in the filter rule.

*****do never permit 1024-65535*****

unless you want to commit "data suicide"

you can not control services like netmeeting, ftp, realaudio, H323 or
any services like these with a simple packet filter rule

rgds, Michael

Siviwe Kwatsha

unread,
Feb 18, 1999, 3:00:00 AM2/18/99
to
news.traveller.com <rsha...@mouat.com> wrote:
> Hello. I was wondering if there are any serious security implications that
> would result from opening up UPD ports 1024-65535 on a firewall. The
> motivation for opening these ports is Microsoft Netmeeting.
From what I've read on FW-1 and their "Stateful inspection" firewall, you
should be able to get away with having those ports open (I think they claimed
to have support for netmeeting).

If you're not running any of those "clever" firewalls, your best bet is
probably to keep those ports closed (if you're THAT paranoid about security).

Siviwe
---
Siviwe Kwatsha <siv...@nospam.rhodes.ac.za>
Sysadmin, short tempered, impolite, deaf

0 new messages