>> The reason he says it is not dangerous is because you are in this   
   >> case, only opening up those ports to receive, not to send.   
      
   > that's a bad view... it allows any and all external sources to beat   
   > on any and all of those ports to see if they can find a way in even    
   > if there is nothing actually listening on those ports... the network    
   > stack still has to handle the traffic if even only to drop it...   
      
    JK> I still can't believe there isn't a way to get XP to work with BBBS   
    JK> and it's web/ftp daemon just as I do in Linux, and as Rudi does   
    JK> with Elebbs under XP, etc. (one port for each, in other words).    
    JK> I'd experiment with XP my laptop but my son is using it right now   
    JK> so I can't...  Maybe I can get another system over here to play   
    JK> with.   
      
   FWIW: all the ftp software i've used that does PASSIVE has a configuration   
   section in which you specify the ports to use for the PASSIVE connections...   
   you simply specify the range here and then open that range in the firewall *if   
   needed*... some firewalls, like the one i run, do not need any special holes   
   punched for PASSIVE FTP to work properly... it has a special "helper" for FTP   
   connections that works with iptables to allow the "related" connection back   
   in...   
      
    JK> In any case, what you say is true.. it's the potential of all those   
    JK> ports being hammered for a way in, though they can't 'send'..the   
    JK> network stack having to reject the traffic.  Though Enric doesn't   
    JK> seem to have any problems with this.    
      
   some folks don't have a problem... others do... but that depends on the   
   definition of "problem" ;)  in any case, it is all about having the smallest   
   surface area for the WAN to target... i think we all know this or at least   
   those who didn't are learning it now with these exchanges ;)   
      
   )\/(ark   
      
    * Origin:  (1:3634/12)