Re: [fw-wiz] Benefit of firewall over NAT-only 'protected' network

ark_at_eltex.net
Date: 05/28/03

  • Next message: Paul Robertson: "Re: [fw-wiz] Benefit of firewall over NAT-only 'protected' network" 
    To: Paul Robertson <proberts@patriot.net>
Date: Wed, 28 May 2003 16:43:17 +0400

    If they really do not use it, you are completely right, any unused
    port should be blocked (if we use packet filtering firewalls. i run
    irc from the office but i use proxy ;-)

    On Wed, May 28, 2003 at 09:05:30AM -0400, Paul Robertson wrote:

    > It's not about IRC as an attack vector, it's about IRC as a control vector
    > and the small number of people who have a business case to use it from
    > work. I use IRC, and I even use IRC from work- but I don't go out via
    > 6667 from the office directly. In fact, most large companies would do
    > good to block and log outbound TCP 6667, some of the largest botnets I've
    > seen have been on sites that allow all TCP outbound. I don't know about
    > you, but I'd really rather not see people try to clean up an internal worm
    > infection, deal with child pornography on what could be business-critical
    > servers, and have RIAA/MPAA filing suits left and right because they let
    > out a port that _they_neither_need_,_nor_use.

                                         _ _ _ _ _ _ _
     {::} {::} {::} CU in Hell _| o |_ | | _|| | / _||_| |_ |_ |_
     (##) (##) (##) /Arkan#iD |_ o _||_| _||_| / _| | o |_||_||_|
     [||] [||] [||] Do i believe in Bible? Hell,man,i've seen one!
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Paul Robertson: "Re: [fw-wiz] Benefit of firewall over NAT-only 'protected' network"