RE: NT/2000 vs Unix based Web Servers

From: Steve Bremer (
Date: 07/15/02

From: "Steve Bremer" <>
To: <>
Date: Mon, 15 Jul 2002 07:58:56 -0500

> If your firewall doesn't allow outbound http requests they can't fetch
> the backdoor program. If you don't allow inbound connections on any
> port other than 80, they they can't get to a shell even if they did
> install and run their backdoor program. The same script flaw is still
> there, but behind a strict firewall it's almost impossible to do
> anything with it.

This is a very good point and highlights why egress filtering is just as
important and ingress.

Steve Bremer