[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: using por numbers in selectors



...and what do you do if the Policy says use FTP port -  but FTP-data port
is dynamically assigned? Same for HTTP.

Dan Harkins wrote:

>   I may regret opening this up again but....
>
>   So what are you going to do if you're locally configured for, say,
> "all tcp traffic" or "all IP traffic" and someone gives you an offer
> of "tcp port X"? Refuse it?
>
>   Similarly, what do you do if you're configured for "all IP to the
> 10.20.30/24 network" and someone gives you an offer to 10.20.30.87?
> Do you refuse it?
>
>   Dan.
>
> On Tue, 22 Jun 1999 10:16:40 PDT you wrote
> > "Steven M. Bellovin" wrote:
> > >
> > > Do any commercial IPSEC implementations use port numbers in their
> > > policy databases?  The ones I've looked at this far seem to use only
> > > IP addresses.
> >
> > RedCreek will be supporting ports in an upcoming release.

--
Bronislav Kavsan
IRE Secure Solutions, Inc.
100 Conifer Hill Drive  Suite 513
Danvers, MA  01923
voice: 978-739-2384
http://www.ire.com





Follow-Ups: References: