tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier ...@ice-sa.com>
Subject Re: [OT] RE: Cannot connect from outside using Tomcat 7/APR/SSL on AWS Windows system
Date Wed, 22 Jan 2014 16:34:41 GMT
Christopher Schultz wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> 
> Konstantin,
> 
> On 1/22/14, 9:03 AM, Konstantin Preißer wrote:
>> Hi Jeffrey,
>>
>>> -----Original Message----- From: Jeffrey Janner
>>> [mailto:Jeffrey.Janner@PolyDyne.com] Sent: Tuesday, January 21,
>>> 2014 10:19 PM
>>> Eureka, I finally figured it out! It was a real eureka moment,
>>> some remembrance burned its way up from my subconscious and I had
>>> the answer. Ready guys?  Really surprised no one mentioned it. It
>>> was Windows F-ing Firewall!!!!!
>> Good to hear that you could find and solve the problem.
>>
>> (Off topic:)
>>
>>> I HATE WINDOWS!!!!!!
>> What I can't quite understand is, how one can "hate" Windows or its
>> "F-ing" firewall, if they just do what they were configured to
>> do...     ;-)
>>
>> When setting up the Windows Firewall, I normally only create rules
>> for specific (TCP) ports, not for specific executables, so that the
>> firewall allows connections to a TCP port regardless of what the
>> name or path of the executable is.
> 
> Actually, as surprising as it can sometimes be, I find that the
> Windows firewall is better than iptables *because* it /can/ do things
> like this. You can make your system a bit safer.
> 
> For instance, if your server is compromised (yes, I know, once you're
> owned, you're owned) and the attacker installs some malware of some
> kind, that malware will not be able to bind to a port or even make
> outgoing connections, even on "standard" outgoing ports -- for
> instance HTTP.
> 
> Lots of malware connects to external C&C servers to give instructions,
> and the Windows wirewall makes it easy to prevent that from happening
> even when ports like 80 are used -- and typically left wide-open on
> servers.
> 

Of course, one could argue that the Windows Firewall needs to offer this, because it is 
inherently easier to infect with malware a Windows server than a Linux server.
So it needs to compensate somehow..

;-)

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message