Re: Open All Outbound Ports?

From: Sumit Dhar (ml_dhar@yahoo.com)
Date: 11/13/01


From: "Sumit Dhar" <ml_dhar@yahoo.com>
To: "Meritt James" <meritt_james@bah.com>, <security-basics@securityfocus.com>
Date: Tue, 13 Nov 2001 10:23:00 +0530


> Consider espionage. The information goes out.

And what is worse, if someone uses something like scp/ssh, you might get a
whiff of it even if you are running monitoring tools.

Not only that, it becomes easier for a malicious user to attack other
companies if all outbound access is allowed. For example, if only the http
port is open such a user might not be able to use an exploit for ssh against
an external host.

Lots of small reasons like this why opening *ALL* outbound ports might not
be a great idea.

With Regards,
Sumit Dhar
http://www.rootshell.be/~dhar