Am Mittwoch, den 02.11.2011, 19:06 +0100 schrieb Jan Willamowius: > > Perhaps I'm being naive, but what's the practical difference? > > Wouldn't one port or 10 be just as big a compromise potential as > > 64000 ports? > > It only helps if a malicious software is coded to listen on a fixed > port. Then you have a higher chance of having it blocked the more > ports you keep closed. It may help against some legit software which runs on some systems behind your firewall but should not be accessed from any host from the internet. Maybe you do not even have the possibility to enable disable access to the service on the machine itself (eg. like the 7000 ;-). > > In the documentation, it says: > > Home=192.168.1.1 > > Default: listen to all IPs > > The gatekeeper will listen for requests on this IP address. If not > > set, the gatekeeper will listen on all IPs of your host. Multiple > > Home addresses can be used and must be separated with a semicolon > > (;) or comma (,). > > > > does this mean "listen for status port requests", or all requests? > > If I have a dual-nic proxy, then I would still want it to listen for > > incoming call requests to port 1720 on the outside interface, but > > not port 7000? > > I thought you wanted to restrict listening for all kinds of services. > Sorry. You are right that its currently not possible to tell GnuGk to > listen for the status port on less IPs than for other things. > But as Andrew said, you can block that off with firewall rules. You may still restrict the usage of the status port using [GkStatus::Auth]. Regards David -- David Dahlberg <david.dahlberg@xxxxxxxxxxxxxxxxxx> Fraunhofer FKIE, Dept. Communication Systems (KOM) | Tel: +49-228-9435-845 Neuenahrer Str. 20, 53343 Wachtberg, Germany | Fax: +49-228-856277 ------------------------------------------------------------------------------ RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 _______________________________________________________ Posting: mailto:Openh323gk-users@xxxxxxxxxxxxxxxxxxxxx Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=openh323gk-users Unsubscribe: http://lists.sourceforge.net/lists/listinfo/openh323gk-users Homepage: http://www.gnugk.org/
