• Subject: Re: TCPIP port restriction for network security
  • From: "L. S. Russell" <leslier@xxxxxxxxxx>
  • Date: Tue, 23 Jan 2001 10:18:13 -0600
  • Organization: Datrek Professional Bags

I don't think that is exactly true.  I don't think that the fact that a
port is left open is so dangerous.  I think it is what services are
attached to the port that are the cause for concern.  Port 111 shouldn't
be left wide open because it is normally used for RPC. Portmapper
listens on that port (on some systems) and if hackers get access to it
they can get a list of all the services running on your system, look for
chinks in the plating and bust in if they find one.  

People who are afraid of having open ports on their boxes without
knowing why they are afraid remind me of Howard Hughs.  He was deathly
afraid of unseen bugs, didn't know what they were or what they did but
his unreasoned fear caused him to spend a good deal of his life running
around his house with shoe boxes on his feet.  

Best thing to do is study up on the facts.  Check places like CERT and
BUGTRAQ for detailed info on vulnerabilities. I am sure the W3C has an
RFC on all the well known ports and associated vulnerabilities. Make
sure your software is up to date (all the patches in place) and install
SQUID or Tripwire (if your talking about a *nix box).  Don't just sit
there in the fetal position sucking your thumb.

Terry.Rhoades@blum.com wrote:
> 
> >Is it that bad to really open up a port across the board?
> 
> Not at all, unless a hacker "sniffs out" (finds) your open port.
> 
> Leaving a port open is like leaving the front door to your house open.  It's 
>"ok" until somebody walks in and takes your stuff.
> 
> Just my $0.02.
> 
> Terry
> 
> PS - "Just because you're paranoid, doesn't mean their not out to get you."
> 
> 
>                     mcrump@sgcontainers
>                     .com                       To:     midrange-l@midrange.com
>                     Sent by:                   cc:
>                     owner-midrange-l@mi        Subject:     TCPIP port 
>restriction for network
>                     drange.com                 security
> 
> 
>                     01/23/01 09:02 AM
>                     Please respond to
>                     MIDRANGE-L
> 
> 
> 
> I need some opinions - ok, dumb statement :-)
> 
> For security purposes our firewall has most of the ports closed to the outside
> world.  I know when we started some outside work with a  consulting company I
> had to pull teeth to get port 1352 (Notes) open for some people in our 
>company.
> 
> My question is, and I realize this isn't necessarily AS/400 (umm...iSeries)
> related but what do people do and why with regards to their firewall and 
>ports?
> Is it that bad to really open up a port across the board?  Let me back up a
> little.  We are starting to use SameTime with the same consulting firm and it
> has a chat function.  This chat function does not by default use port 80.  So,
> my options are either open up the port or investigate the changing of the
> default port.  Typically, I hate to mess around with changing default ports
> because it always seems to cause me some sort of problem later.
> 
> Any thoughts/ideas/opinions from you security and network minded people?  If I
> go to my network people all they do is give me grief.  They may be right but 
>I'd
> like to hear what anyone else has to say.
> 
> Thanks.
> 
> Michael Crump
> Saint-Gobain Containers
> 1509 S. Macedonia Ave.
> Muncie, IN  47302
> (765)741-7696
> (765)741-7012 f
> (800)428-8642
> 
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: david@midrange.com
> +---
> 
> +---
> | This is the Midrange System Mailing List!
> | To submit a new message, send your mail to MIDRANGE-L@midrange.com.
> | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
> | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
> | Questions should be directed to the list owner/operator: david@midrange.com
> +---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].