RE: NT/2000 vs Unix based Web Servers

From: Steve Bremer (steveb@nebcoinc.com)
Date: 07/15/02


From: "Steve Bremer" <steveb@nebcoinc.com>
To: <zcat@themall.co.nz>
Date: Mon, 15 Jul 2002 07:58:56 -0500


> If your firewall doesn't allow outbound http requests they can't fetch
> the backdoor program. If you don't allow inbound connections on any
> port other than 80, they they can't get to a shell even if they did
> install and run their backdoor program. The same script flaw is still
> there, but behind a strict firewall it's almost impossible to do
> anything with it.

This is a very good point and highlights why egress filtering is just as
important and ingress.

Steve Bremer
NEBCO, Inc.



Relevant Pages

  • RE: NT/2000 vs Unix based Web Servers
    ... > predetermined port and gives them a shell. ... > If your firewall doesn't allow outbound http requests they ... > and run their backdoor program. ... > behind a strict firewall it's almost impossible to do anything with ...
    (Security-Basics)
  • RE: NT/2000 vs Unix based Web Servers
    ... predetermined port and gives them a shell. ... If your firewall doesn't allow outbound http requests they can't fetch the ... and run their backdoor program. ...
    (Security-Basics)
  • RE: NT/2000 vs Unix based Web Servers
    ... A very good point made here on what you allow to go from your web server ... through port 80, so if your firewall allows traffic out from port 80 ... > and run their backdoor program. ...
    (Security-Basics)
  • Re: Firewalls: whats the use?
    ... The basic thing that a firewall does it stop traffic that's ... > like a user installing and running a backdoor program, ... not at the network level. ...
    (comp.os.linux.security)
  • Re: keeping ports open
    ... If a port is open, it means that 1) a software or service is running on your ... and 2) you're not using a firewall or your firewall isn't ... Use firewall software and hardware and antivirus software that is ... Follow the instructions for hardening Windows and IIS at ...
    (microsoft.public.security)