|Subject:||Hijack well-known ports|
|Date:||2 Apr 2004|
I have a LAN with personal firewall installed on all workstations.
If the firewall rules for the worskstation are:
1. Allow all outgoing traffic
2. Allow incoming traffic if the remote port is 445
An intruder hacked workstation and hijacked port 445.
1. Is the scenario possible? i.e. Is it possible to hijack port 445 or
well-known ports (<1024)?
2. Will intruder allowed to access all workstation?
3. How should I modified the rules to increase security?