Re: [fw-wiz] outbound traffic security risk

From: Mitchell Rowton (mrowton_at_bdo.com)
Date: 03/23/04

  • Next message: Paul D. Robertson: "Re: [fw-wiz] outbound traffic security risk" 
    To: <firewall-wizards@honor.icsalabs.com>, <hilalma@hotmail.com>
Date: Tue, 23 Mar 2004 09:04:27 -0500

    Allowing all outbound traffic also increases the likelihood of backdoors
    into your network.

    http://www.securitydocs.com/links/detail/803

    Plus, most of the scans constantly hitting everyones network originates
    from a network that doesn't filter outbound traffic. Of course it would
    be hard for an ISP to restrict outbound port 80 traffic, but msrpc and
    sql are examples that could be blocked unless needed for specific hosts.
     In general, I think that people who don't attempt egress filtering are
    bad internet citizens who contribute to my bloated IDS logs.

    >>> "Hilal Hussein" <hilalma@hotmail.com> 03/23/04 03:50AM >>>
    Dear List,

    I would like to ask about the risk of opening outbound port traffics in
    the
    firewall.

    currently, i am opening the outbound ports traffic based on the user
    request, as pop3, and smtp traffics. I red about some risk that could
    be in
    some kind of outbound traffics which might pass java scripts, or trojan

    horses, or other kind of attacks during the opened session from users
    (inside the network) to the outbound.

    so please, i need to know of any risk that could come with some kind of

    outbound traffics, and if there is a good link for resources about the

    latest news of vulnerabilities of such outbound traffics.

    your respond is highly appreciated,

    with regards,

    Hilal

    _________________________________________________________________
    STOP MORE SPAM with the new MSN 8 and get 2 months FREE*
    http://join.msn.com/?page=features/junkmail

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    NOTICE:
    The contents of this email and any attachments to it may contain privileged and confidential information from BDO Seidman, LLP. This information is only for the viewing or use of the intended recipient. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of, or the taking of any action in reliance upon, the information contained in this e-mail, or any of the attachments to this e-mail, is strictly prohibited and that this e-mail and all of the attachments to this e-mail, if any, must be immediately returned to BDO Seidman, LLP or destroyed and, in either case, this e-mail and all attachments to this e-mail must be immediately deleted from your computer without making any copies thereof. If you have received this e-mail in error, please notify BDO Seidman, LLP by e-mail immediately.

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Paul D. Robertson: "Re: [fw-wiz] outbound traffic security risk"