Re: Re:[GnomeMeeting-list] GM 0.94 firewall security issues..



> > AG> I'm using IP chains and I typically deny all traffic that I've not
> > AG> explicitly added to my rules. Hopefully, my statement above will help
> > AG> clarify my intentions. I do not simply wish to open my LAN to the world.
> > 
> 
> Only allowing a given IP range to call you using ipchains, is (nearly)
> like only allowing a given IP range to answer to your http requests.
> 

Indeed, it is just a "danger" during a GnomeMeeting Session on your
workstation. If GnomeMeeting isn't running on the client, there is no
service which replies on requests (on port 1720). By the way, my last
sentence doesn't mean that it is immediately insecure if GnomeMeeting
runs, it would just be possible if there were some bugs.

You do not open the LAN to the world. What you have to do is
port-forwarding to only one client, thus the behaviour or security of
the rest is not influenced (you defined one destination).

There is one possibiliy to restrict the incoming requests: define and
allow all IP addresses which are allowed to phone you. But I would not
suggest you to use this one.

Cheers,
Matthias






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]