Re: [fw-wiz] Botnets, IRC servers and firewalls?

From: Paul Robertson (proberts_at_patriot.net)
Date: 02/03/04

  • Next message: Marcus J Ranum: "Re: [fw-wiz] Botnets, IRC servers and firewalls?" 
    To: "Mordechai T. Abzug" <morty@frakir.org>
Date: Mon, 2 Feb 2004 21:31:54 -0500 (EST)

    On Mon, 2 Feb 2004, Mordechai T. Abzug wrote:

    > Two words: Preaching. Choir. :)

    The choir isn't big enough!

    >
    > That said, IMHO, you should be grateful for all the sites that allow
    > all outbound. Firewalling is an arms race. If most sites blocked
    > default outbound, bot/zombie authors would escalate the race by doing
    > something like tunneling via https or some other service that was
    > still allowed.

    https is like the downloader trojan sites, they're easier to get shut down
    than entire IRC networks. HTTPS still has connect headers, so it's not
    that difficult to track.

    I'd rather not win by saying "I'm better than my peers!," I'd rather win
    by saying "Those things don't work anymore!"

    If we're not using the firewalls we have effectively to stop the threats
    we have, then we as a community fail. It's worse when the devices are
    capable of stopping the threat in a "normal" configuration- but the
    "common" configuration doesn't do it.

    Paul
    -----------------------------------------------------------------------------
    Paul D. Robertson "My statements in this message are personal opinions
    proberts@patriot.net which may have no basis whatsoever in fact."
    probertson@trusecure.com Director of Risk Assessment TruSecure Corporation
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Marcus J Ranum: "Re: [fw-wiz] Botnets, IRC servers and firewalls?"

    Relevant Pages

    • OFF TOPIC HTTPS security
      ... Paul Montgumdrop wrote: ... No bank that has HTTPS that I have used or work with was ... Let web site use bad cipher. ...
      (microsoft.public.windows.vista.general)
    • RE: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)
      ... I booted WinXP Pro on my laptoplast week to put some ... all my Linux systems don't need network-based RPC ... could do kernel level firewalling. ... Paul D. Robertson "My statements in this message are personal opinions ...
      (Firewall-Wizards)
    • RE: Www::mechanize https erratic response
      ... When finished it would run as a weekly cron job. ... Paul ... > I have a script that connects to an https page. ... I just rerun the script until it displays results. ...
      (perl.beginners)
    • Re: https proxy
      ... [Paul Sweeney] ... >>data which are being sent to the https server. ... >>https connection, so I'll just see the encrypted data. ... > have to present its own server certificate to the browser, ...
      (comp.lang.python)
    • Re: [fw-wiz] Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apples iSight and Firewalls
      ... if it's worth firewalling, it's best to not allow this kind of ... with getting off their butts and going to a PC that's allowed to do ... Paul D. Robertson "My statements in this message are personal opinions ...
      (Firewall-Wizards)
    • Quantcast