faq  flatforty  contribute  subscribe  configure  search  rdf  main  parent  thread	Re: Guarddog is insecure by default! by Roberto Alsina on Tuesday 02/Aug/2005, @05:30 Perhaps it could check using netstat which server ports >1024 are already in use and exclude them from the rule? Ok, it's harder, and it is not perfect, but it is slightly better. Another idea: it could ask the user what ICQ app (say kopete) he is using and then do something like "-m owner --cmdowner kopete" on the iptables rule. Or, you could have ICQ-kopete ICQ-whatever rules. Of course, that only works on the OUTPUT chain, so the connection may still take place, but the box shouldn't send much stuff over that connection that isn't ICQ (or gadu-gadu/MSN/whatever kopete can handle), I suppose.	Related Links  ·   Articles on Applications  ·   Also by Roberto Alsina  ·   Contact author Thread Threshold: 10 comments 20 comments 30 comments 40 comments 50 comments 60 comments 70 comments 80 comments 90 comments 100 comments 110 comments 120 comments 130 comments 140 comments 150 comments 160 comments 170 comments 180 comments 190 comments 200 comments 300 comments 400 comments 500 comments 1000 comments
	The Fine Print: The following comments are owned by whomever posted them. ( Reply )

		"The trolls are only human and make mistakes too." -- Charles Samuels
KDE®, "K Desktop Environment", "KDE Dot News", "got the dot?" and the KDE Logo® are trademarks or registered trademarks of KDE e.V. in the European Union, the United States and other countries. All other trademarks and copyrights on this page are owned by their respective owners. Comments are owned by the poster. The rest: Copyright © 2000-2008 KDE e.V. for The KDE Project. For further information or comments on this site, please contact the Webmaster.

[ home | post article | flat forty | subscribe | search | rdf ]