That is a snag with "allow everything except..." philosophy. Why not just work
out what you *do* want to allow and write a filer to deny everything except
those services?
There is no way a customer can get round that; but you have to weigh that
against having to respond to customers whose legitimate access to some obscure
service you didn't think of has been denied.
> On Thu, 4 Jun 1998, Larry Vaden wrote:
>
> > Does anyone have a filter set which disallows running daemons (such as http,
> > etc) on a dialup connection?
>
>
> Just deny access to port 80 on their computers. But, they can always
> change the port the server runs on. My experance has show that any port
> filer can be worked around with a little work. WarFTPD even has an option
> called "Fool my Brain Dead ISP" to switch the FTP server to another port.
> What I do is any unusual usage gets a quick test with a port scanner to
> see if any services in violation of our contract is running on the
> customers box.
>
> Tom
Regards:
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Martin Oakes martin@knowware.co.uk
KnowWare (UK) Ltd. http://www.knowware.co.uk/
1, Glentworth Road, Redland, Bristol BS6 7EQ
Sales Tel: (0117) 904 7763 Fax: (0117) 923 2219
Support Tel: (01684) 290328 Fax: (01684) 290284
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.
Searchable list archive: <URL:http://www.livingston.com/Tech/archive/>