You are viewing a single comment's thread.

view the rest of the comments →

0
1

[–] sixsicsix 0 points 1 point (+1|-0) ago  (edited ago)

incoming data from the Internet is always coming in aimed at either a listening service, or an ephemeral port.

windows firewall - and most other OS-level firewalls - are stateful and allow a connection, once opened on an ephemeral port, to stay open as long as it's kept alive (until the keepalive timout is reached without any KA being sent by the client) or until either side hits the client or server timeout.

there is no hole punched in a firewall. it's software interacting, or coming online on an ip address listening for incoming TCP/UDP on a specific port

you would be implying that the system is reaching out to the Internet to push data to a remote system.

which is possible, and validated via packet capture.

0
1

[–] 6056425? 0 points 1 point (+1|-0) ago 

there is no hole punched in a firewall. it's software interacting, or coming online on an ip address listening for incoming TCP/UDP on a specific port

That data would not be able to come in and reach the internal network in if you did not send out the request first. So it does punch a hole in the firewall that would not have existed there if the application, you use did not reach into the Internet. More different cloud connection, more holes you have punched in your firewall that can be hijacked by a malicious router/site.

0
0

[–] sixsicsix ago  (edited ago)

If a service is listening on a port, data can come in, too. Its not just about talking outbound on an ephemeral port.

Network security is mainly about washing incoming stuff. Keeping the outbound safe involves not using proprietary code and maintaining some level of access control Minimum permissive possible.