> > localbox:1055 --> 1.2.3.4:80
> >
> > The firewall sees this and for some
> > period of seconds or until the
> > connection is closed will allow
> > incomming packets on port 1055
> > only from IP address 1.2.3.4
>
> OK, but what, exactly, does that buy you that blocking SYN packets does
> not? If I use ipchains to refuse SYN packets on ports above 1024, then
> nobody on the outside can connect to user applications that have ports
> open (like GNOME apps), but I'm still free to use HTTP and PASV ftp, no?
Some wretched soul might send a non-SYN packet at one your open TCP ports as
part of some kind of port scan. The response from that port would tell them
that something is there. If those ports were blocked by the stateful
inspection firewall, then there would be no response.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
