Think about the traffic patterns: NetFlow is stateless and unidirectional (i.e., receive only). If you configure your firewall to accept UDP 2055 traffic inbound only (with no outbound traffic permitted), you'd have to hypothesize a mechanism by which an attacker could exploit the box over that port without ever receiving return traffic. Since the service wouldn't respond to port scans, the attacker would also have to know in advance that the service was running (or be running obscure blind exploits at random). While this is not outside the realm of possibility, it wouldn't be super high on my list of things to worry about. Of course, this is contingent on having the firewall configured correctly.
↧