Re: [FW1] SSH

[Philipp Schott <philipp@smaug.mathematik.uni-freiburg.de>]

hi

On Nov 4, 10:06pm, Dominik M Miklaszewski wrote:
> Subject: Re: [FW1] SSH
>
> Ivan Fox wrote:
> >
> > When a firewall rule allows SSH coming into internal network, does it mean
> > that it allows users to use telnet, rlogin, ftp, etc. services?
> >

it allows the users to use the 'functionality' of telnet, rlogin etc but not
the services themselves. sshd takes care of this not telnetd etc.

> no, unless you assign port 22 on the internal side for
> rlogin/ftp/telnet.
> I don't know what SSH clients/server you're using, but I found Unix ssh
> initiates a connection from a port slightly less than 1024
> (1021,1022,1023..then 1024 and so on).
>

how should this be possible if you are a normal user? only root is allowed to
open ports <1024. if you are a normal user the port on the client side is
>1024. and on the server side the port is 22. if you are root things might look
different.  but normally will not.

philipp

-- 
   ===============================================================
   Philipp M. W. Schott
   Institute for Applied Mathematics	Fon: +49 (0)761/203-5626
   Hermann-Herder-Str. 10		Fax: +49 (0)761/203-5648
   Freiburg University			smtp:  pmws@pmws.de
   D-79104 Freiburg			http:   www.pmws.de
   ===============================================================

   "Trust me and let me do my job, or fire me now.
    There is no middle ground for security." T. Aldrich


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================