| View previous topic :: View next topic |
| Author |
Message |
DaveArb
Guru
Joined: 29 Apr 2004
Posts: 510
Location: Texas, USA
|
 Posted: Mon Aug 15, 2005 2:27 pm Post subject: |
 |
|
| tommy_fila wrote: | | I connect to port 80 of an evil website. In order to connect in the first place, I have to open a port on my computer. So the web server replies back to the port I opened. Everything correct so far? |
Reasonably correct, although the word I've bolded in your text is an unusual use. Generally, if someone says they have opened a port, they mean that the port is allowed to be connected -to-. In this case, the port is not open to be connected to by any incoming request, it is a port that is in use for a current connection.
| tommy_fila wrote: | | Wouldn't the web server be able to send something through the open port? Or does the port know if the incoming traffic is actually not a response from the webserver, but a malicious file. |
Yes, in fact if it cannot respond to that port, your web browsing is going to consist purely of timeout messages. 
Example:
You request to connect to a web server, forums.gentoo.org. You do this with the Firefox browser. It picks a port (ex: 15241), creates a connection request to forums.gentoo.org's port 80 (technically, the OS may do some things listed under "it", it makes little difference for this example. ) Once connected, you effectively have a direct connection between Firefox on your computer and Apache (probably? I haven't bothered to check) on one of the forum computers. What the forum computer sends, barring vulnerabilities, is going to be received by Firefox. If you watch the vulnerabilities list and update accordingly (or just update), you're as safe as reasonable, IMHO. Going any further requires setting up things like virus-checking proxies like sschlueter mentioned, which in my experience is quite expensive in processing power if nothing else.
Dave |
|
| Back to top |
|
 |
tommy_fila
Guru
Joined: 19 Nov 2003
Posts: 450
Location: Phoenix, AZ
|
| Posted: Mon Aug 15, 2005 9:00 pm Post subject: |
|
|
Great responses just keep coming in. Thanks to both DaveArb and sschlueter for giving me light in the vast darkness of computer networking.
Since programs like Snort and anti-virus software seem like an overkill, I'm going to be happy with my iptables setup. It's nice to finally understand what all the chains actually accomplish.
Thanks again!
_________________
"What goes on in life, that goes for eternity." |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
