RE: NT/2000 vs Unix based Web Servers

From: Steve Bremer (steveb@nebcoinc.com)
Date: 07/15/02


From: "Steve Bremer" <steveb@nebcoinc.com>
To: <zcat@themall.co.nz>
Date: Mon, 15 Jul 2002 07:58:56 -0500


> If your firewall doesn't allow outbound http requests they can't fetch
> the backdoor program. If you don't allow inbound connections on any
> port other than 80, they they can't get to a shell even if they did
> install and run their backdoor program. The same script flaw is still
> there, but behind a strict firewall it's almost impossible to do
> anything with it.

This is a very good point and highlights why egress filtering is just as
important and ingress.

Steve Bremer
NEBCO, Inc.