Re: Browser Vulns

From: James Riden (j.riden_at_massey.ac.nz)
Date: 07/20/04

Next message: Matt Gibson: "RE: Windows Update v5 and XPSP2RC2"

Previous message: Ken Hoover: "Re: Microsoft Audit Collection System"
In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Browser Vulns"
Next in thread: Kirk Foutts: "RE: Browser Vulns"
Reply: Kirk Foutts: "RE: Browser Vulns"
Reply: matthew patton: "real world security though, was Re: Browser Vulns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net>
Date: Tue, 20 Jul 2004 10:08:05 +1200

"Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]" <sbradcpa@pacbell.net> writes:

> On that note someone pinged me the other day looking for a "Best
> practices" of Egress filtering. Anyone have [besides going down the
> IANA port listing] a rogues gallery of ports that need to be
> proactively blocked? Going down the Snort rule database would
> probably be a start, too I guess... ;-)
>
> [I would argue that the incident has occurred and blocking the ports
> is just putting a tourniquet on the wound..but ....I digress...

If you can, block by default and allow what you want.

That goes for outbound ports as well; if you have a DNS server and you
know it only needs to connect/send to dest port 53, why not ban it
from connecting to any other ports?

If you've locked it down well, it can make life very hard for a
cracker who is attempting to connect to the shell he's spawned with
his exploit.

cheers,
Jamie

-- 
James Riden / j.riden@massey.ac.nz / Systems Security Engineer
GPG public key available at: http://www.massey.ac.nz/~jriden/
This post does not necessarily represent the views of my employer.
---------------------------------------------------------------------------
---------------------------------------------------------------------------

Next message: Matt Gibson: "RE: Windows Update v5 and XPSP2RC2"

Previous message: Ken Hoover: "Re: Microsoft Audit Collection System"
In reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "Re: Browser Vulns"
Next in thread: Kirk Foutts: "RE: Browser Vulns"
Reply: Kirk Foutts: "RE: Browser Vulns"
Reply: matthew patton: "real world security though, was Re: Browser Vulns"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

real world security though, was Re: Browser Vulns
... > know it only needs to connect/send to dest port 53, ... > from connecting to any other ports? ... this is how I look at security as well. ... responsibility as the network security implementor up to speed on this ...
(Focus-Microsoft)
Re: NO_ knobs in /etc/make.conf
... On Wednesday 23 January 2008 02:37:24 pm Doug Barton wrote: ... One could argue that they didn't need to be moved at all. ... that you want to only affect compiles in /usr/src and not affect building ... apps from ports, standalone compiles, etc. ...
(freebsd-stable)
Re: [TEST] make -j patch [take 2]
... >> In my first mail I made an example where a portupgrade is in between two ... As a ports committer I see foot shooting potential here. ... this new behavior, I won't argue about it too (I know about it, so I'm ...
(freebsd-current)
Re: NO_ knobs in /etc/make.conf
... Vivek Khera wrote: ... One could argue that they didn't need to be moved at all. ... One of the rationales at the time was that we didn't want the knobs for the base to affect the ports. ... This .signature sanitized for your protection ...
(freebsd-stable)