Re:[GnomeMeeting-list] GM 0.94 firewall security issues..

From: "AG" <agreen bkaeg org>
To: <gnomemeeting-list gnome org>
Cc: <m-redlich t-online de>
Subject: Re:[GnomeMeeting-list] GM 0.94 firewall security issues..
Date: Mon, 23 Dec 2002 17:26:34 -0500 (EST)

>
> there are some points I don't understand.
>>
>> I noticed that GM FAQ doesn't explicityl list an IP address origin for
>> all GM/ILS server connections..
>
> How should it be possible to define all possible IP addresses? Which
> one does he mean?

AG> IIRC, The old Netmeeting pkg req'd all clients to log into a central
AG> ULS. Does GM/ILS also work in this manner? If so, I would rather set up
AG> my firewall rules to allow traffic from this IP address only.
AG> For instance, I would simply use the IP address for ils.seconix.com and
AG> only allow traffic originating from this domain.

>>
>> IOW, it appears that you just 'blindly' open the required ports -> TCP
>> ports 1720 and 30000-30010
>> UDP pors 5000:5003
>>
>
> That really depends on his needings. With ipchains you can check the
> packets for many aspects (source ip, destination ip and so on..), thus
> we have to know what he wants to allow/reject.
> He can verify packets, but how this works depends on his configuration.
> We need more information!

AG> I'm using IP chains and I typically deny all traffic that I've not
AG> explicitly added to my rules. Hopefully, my statement above will help
AG> clarify my intentions. I do not simply wish to open my LAN to the world.

Follow-Ups:
- Re: Re:[GnomeMeeting-list] GM 0.94 firewall security issues..
  - From: Damien Sandras

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]