Re: [fw-wiz] Benefit of firewall over NAT-only 'protected' network

From: Paul Robertson (proberts_at_patriot.net)
Date: 05/28/03

  • Next message: karthikeyan c: "[fw-wiz] help in firewall" 
    To: ark@eltex.net
Date: Wed, 28 May 2003 09:05:30 -0400 (EDT)

    On Wed, 28 May 2003 ark@eltex.net wrote:

    > nuqneH,
    >
    > What's wrong with irc? It is a good communication tool.

    It's a great communication tool- however, as I stated, it's the #1 control
    vector for trojaned machines. Since 99% of the example I used, small
    offices don't have *any business reason* to do IRC, it's perfectly
    legitimate to block it for those users by default.

    > Even "out of the box" irc is not more insecure than widely-used ICQ.
    > I even encourage users to use corporate IRC server as generic
    > messaging tool. It is far better than using ICQ (with mirabilis servers
    > usually!) as _really many_ companies that have no own IM system do.

    It's not about IRC as an attack vector, it's about IRC as a control vector
    and the small number of people who have a business case to use it from
    work. I use IRC, and I even use IRC from work- but I don't go out via
    6667 from the office directly. In fact, most large companies would do
    good to block and log outbound TCP 6667, some of the largest botnets I've
    seen have been on sites that allow all TCP outbound. I don't know about
    you, but I'd really rather not see people try to clean up an internal worm
    infection, deal with child pornography on what could be business-critical
    servers, and have RIAA/MPAA filing suits left and right because they let
    out a port that _they_neither_need_,_nor_use.

    Regards,

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    proberts@patriot.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: karthikeyan c: "[fw-wiz] help in firewall"

    Relevant Pages

    • Re: [fw-wiz] Benefit of firewall over NAT-only protected network
      ... It is a good communication tool. ... It is reasonable to deny DCC file transfers, though, and there should ... clients per platform that to be allowed in your office, ... Even "out of the box" irc is not more insecure than widely-used ICQ. ...
      (Firewall-Wizards)
    • Re: [Full-Disclosure] Why is IRC still around?
      ... IRC is a great communication tool that has grown and evolved over the ... There will always be a medium for "questionable activities" ... and illegal acts to propagate regardless of what communication link ... > 4) That many organized DoS attacks through PC zombies are initiated through IRC? ...
      (Full-Disclosure)
    • RE: [fw-wiz] Benefit of firewall over NAT-only protected networ k
      ... It is a good communication tool. ... > I even encourage users to use corporate IRC server as generic ... then it should be stopped at the firewall IMO. ... security choice. ...
      (Firewall-Wizards)
    • Re: Google Bobbles NSA wiretap searches
      ... search terms then visit later over IRC or other non-ng pipeline? ... "hit Google news servers". ... DNS management. ...
      (comp.os.linux.security)
    • Re: Mirc
      ... the client itself disable "enable ident" May of the irc servers out there ... the ports it can be hard. ... If you have no plans to use irc yourself you can ... > If the remote logon servers are not under your control and only accept ...
      (microsoft.public.security)