Re: [fw-wiz] Botnets, IRC servers and firewalls?

• Previous message: Ng Pheng Siong: "Re: [fw-wiz] Generic Rules Digest Software"
• In reply to: Paul Robertson: "Re: [fw-wiz] Botnets, IRC servers and firewalls?"
• Next in thread: Abe Singer: "Re: [fw-wiz] Botnets, IRC servers and firewalls?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Paul Robertson <proberts@patriot.net>
Date: Tue, 3 Feb 2004 10:01:18 -0500 (EST)

egress filtering is basically what is being discussed here, and has long
been recommended, and long been rejected by the mass majority for quite
sometime. On routers the complaint is that it takes up too many resources
and slows the box down to a crawl. On the network it's been rejected for
reasons such as;

more complex rules to keep up with

the fear that a needed strategic app/protocol might be blocked
inadvertantly

time/staffing issues make it just too much to impliment

lack of buy in from the powers that be

ingress filtering has proved to be useful in limiting the risks an
organization has to endure and battle. The job now, is to convince the
powers that be and the folks that admin the defensive devises that egress
filtering would have prevented or dramatically reduced the costs
associated with a large number of the viri/trojans in circulation the past
2-4 years, as well as those still in the thought processes of those folks
that release these beasts. It's amazing how one can get folks to
understand the importance of packet flow in one direction needs to be
evaluated and limited, and yet frustrating that translating that logic in
the other direction can be fraught with either total rejection of the
concept, or a poo-poo'ing of the risks, even after faced witht eh costs of
cleanup. Then come the champions of user education, a goood concept that
has proved to be costly in and of itself, let alone, well, frustrating...

Thanks,

Ron DuFresne

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Ng Pheng Siong: "Re: [fw-wiz] Generic Rules Digest Software"
• In reply to: Paul Robertson: "Re: [fw-wiz] Botnets, IRC servers and firewalls?"
• Next in thread: Abe Singer: "Re: [fw-wiz] Botnets, IRC servers and firewalls?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: (postfix) SPAM filter? ... filtering, as they don't actually take measure on the content of the ... I tweaked the rules very slightly to cause a score for legitimate mail to fail just below the threshold for rejection, and I've not had a single false positive since. ... Policyd-weight rejects between 50% and 80% of the incoming mail before the mail server ever even processes it. ... I also use spamassassin, and I have set it up so that borderline mail that's rejected gets copied to a folder so I can review it. ... (freebsd-questions) Re: Master list of registered IPs? ... and Multicast ranges. ... > RFC2827 and RFC3704 discuss filtering. ... reduces ingress and egress filtering to just a few rules and a table. ... (comp.unix.questions) Re: Free Firewalls: ZoneAlarm vs Tiny Personal Firewall ... allowed out of their network. ... In other words, egress filtering, or the ... which makes source verification of packets next to ... (comp.security.firewalls) Re: Free Firewalls: ZoneAlarm vs Tiny Personal Firewall ... allowed out of their network. ... In other words, egress filtering, or the ... which makes source verification of packets next to ... (comp.security.firewalls)