Archived from groups: comp.security.firewalls (More info?)
I have a LAN with personal firewall installed on all workstations.
If the firewall rules for the worskstation are:
1. Allow all outgoing traffic
2. Allow incoming traffic if the remote port is 445
Scneario:
An intruder hacked workstation and hijacked port 445.
Question:
1. Is the scenario possible? i.e. Is it possible to hijack port 445 or
well-known ports (<1024)?
2. Will intruder allowed to access all workstation?
3. How should I modified the rules to increase security?
Thanks
Chris
I have a LAN with personal firewall installed on all workstations.
If the firewall rules for the worskstation are:
1. Allow all outgoing traffic
2. Allow incoming traffic if the remote port is 445
Scneario:
An intruder hacked workstation and hijacked port 445.
Question:
1. Is the scenario possible? i.e. Is it possible to hijack port 445 or
well-known ports (<1024)?
2. Will intruder allowed to access all workstation?
3. How should I modified the rules to increase security?
Thanks
Chris