mailing list archives
RE: Open All Outbound Ports?
From: "Mark Merchant" <mmerchant () dispatch com>
Date: Wed, 20 Nov 2002 13:33:25 -0500
Their reason was a lot of the sites that were visited used Passive
FTP, that randomly uses any port above port 1024.
Why not just restrict the ip ranges to a few hundred (thousand) ports?
This is explained in the active vs passive ftp site,
http://slacksite.com/other/ftp.html under the topic ftp appendix.
i'll have to go back and read the original post, but i think you have it
backwards. clients at their location are are making PASV connects
to servers located elsewhere. thus you get outbound connections
on high number ports.
talking ftp is always a little weird as there are always :
2 computers X 2 ports X 2 firewalls
to deal with, whew!
Re: Open All Outbound Ports? David Weinberg (Nov 12)
RE: Open All Outbound Ports? DeGennaro, Gregory (Nov 13)
Re: Open All Outbound Ports? James Lee Gromoll (Nov 16)
RE: Open All Outbound Ports? Louis Erickson (Nov 16)
RE: Open All Outbound Ports? Farrelly, Brian (Nov 17)
- AW: Open All Outbound Ports?, (continued)