Google Talk and NAT issue ?
Chuck Swiger
cswiger at mac.com
Wed Mar 22 15:26:28 UTC 2006
fbsd_user wrote:
> Just what do you mean by punching a hole in the
> firewall without the firewalls knowledge?
>
> The firewall is designed to stop just such a thing.
If the firewall opens a path for the external server inbound as a result of
supporting active-mode FTP or the data channel for IRC, which most firewalls do
by default if they permit FTP through in the first place, that can be used to
send arbitrary data back to the client.
Having the firewall block FTP, HTTP, and IRC/6667 traffic from inside machines,
except for a trusted and monitored proxy server like Squid, will significantly
improve the security of the network...
--
-Chuck
More information about the freebsd-questions
mailing list