8.18 Analyzing Other ProtocolsHow do you go about analyzing protocols that we haven't discussed here? The first question to ask is: Do you really need to run the protocol across your firewall, or is there some other satisfactory way to provide or access the service desired using a protocol already supported by your firewall? If you really need to provide a protocol across your firewall, and it's not discussed above, how do you determine what ports it uses and so on? While it's sometimes possible to determine this information from program or protocol documentation, the easiest way to figure it out is usually to ask somebody else, such as the members of the Firewalls mailing list.[54] (See Appendix A ).
If you have to determine the answer yourself, the easiest way to do it is usually empirically. Here's what you should do:
You may need to repeat this procedure for every client implementation and every server implementation you intend to use. There are occasionally unpredictable differences between implementations (e.g., some clients always use TCP , even though most DNS clients use UDP by default). |
|