Robert Kulagowski wrote: > On Wed, Nov 2, 2011 at 11:47 AM, Jan Willamowius <jan@xxxxxxxxxxxxxx> wrote: > > Robert Kulagowski wrote: > >> From a security perspective, has anyone found reason to restrict the > >> ports that GnuGk uses? I'm assuming that opening UDP 1025-65535, > >> TCP/1719 and TCP/1720 to the internet is all that's required for full > >> functionality? > > > > Opening UDP 1025-65535 basically means to turn off the firewall for > > UDP, a lot of people won't feel comfortable with that. > > Perhaps I'm being naive, but what's the practical difference? > Wouldn't one port or 10 be just as big a compromise potential as 64000 > ports? It only helps if a malicious software is coded to listen on a fixed port. Then you have a higher chance of having it blocked the more ports you keep closed. If somebody would specifically target you and your server and manages to run stuff on your server, its not much of a challenge to circumvent the firewall altogether. But lets hope we all only be targeted by script kiddies. > In the documentation, it says: > Home=192.168.1.1 > Default: listen to all IPs > The gatekeeper will listen for requests on this IP address. If not > set, the gatekeeper will listen on all IPs of your host. Multiple Home > addresses can be used and must be separated with a semicolon (;) or > comma (,). > > does this mean "listen for status port requests", or all requests? If > I have a dual-nic proxy, then I would still want it to listen for > incoming call requests to port 1720 on the outside interface, but not > port 7000? I thought you wanted to restrict listening for all kinds of services. Sorry. You are right that its currently not possible to tell GnuGk to listen for the status port on less IPs than for other things. But as Andrew said, you can block that off with firewall rules. Regards, Jan -- Jan Willamowius, jan@xxxxxxxxxxxxxx, http://www.gnugk.org/ ------------------------------------------------------------------------------ RSA® Conference 2012 Save $700 by Nov 18 Register now! http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
