Re: News Server Access - Firewall port problem?

[Rick Stevens <rstevens vitalstream com>]

Mark W. Knecht wrote:
> Rick,
>    Thanks very much.
>
>    So that I'm armed with good info, what are the security implications
> associated with opening port 119 TCP & UDP for outgoing traffic? (I assume I
> only open it for outgoing, correct?) None, mild, serious, severe?

NNTP is fairly innocuous.  I don't know of any common exploits.  If you
know the NNTP server you're going to go for, open the port for JUST that
server and you should be fairly safe.

>    Are there any simple ways to test the connection using something like a
> telnet session to the server and specifying port 119? Will it speak to me in
> English like a mail server will? (I do this periodically to test a mail
> server if I'm not sure what's causing problems or want to check an email
> address someone is having trouble with.)

You can use telnet.  I think you'll get a login request, but it's been a
long time since I've used NNTP so I could be wrong.  At least you'll get
a connection of some sort.  If so, just use the telnet quit mechanism
(press ctrl-], then type "quit") to terminate the connection/

>    To the best of knowledge I have no devices on my internal network that
> would respond to port 119 if I was required to open that to make this work,
> but not sure I know how to really check that as people come and go with
> portables all the time.

As I said, if you know the server, just open the port for that server.
I wouldn't necessarily open port 119 for just anyone.
----------------------------------------------------------------------
- Rick Stevens, SSE, VitalStream, Inc.      rstevens vitalstream com -
- 949-743-2010 (Voice)                    http://www.vitalstream.com -
-                                                                    -
-         It is better to have loved and lost.  Cheaper, too!        -
----------------------------------------------------------------------