Security Basics mailing list archives
RE: Open All Outbound Ports?
From: "Mark Merchant" <mmerchant () dispatch com>
Date: Mon, 18 Nov 2002 10:06:23 -0500
At 11:44 PM 11/13/02 -0500, you wrote:
I never agreed with it, but one of their reasons to open this was passive FTP. Their reason was a lot of the sites that were visited used Passive FTP, that randomly uses any port above port 1024.
quick reply, hope this hasn't been covered ad naseum... a solution i have seen used several places is to not allow outbound ftp ( or other restricted services ) from all ip addresses. create seg- ments, or "virtual lan's" for your consultants or other groups who re- quire "privileged" access to the internet. this is one of the ways that "consultants" often cause more harm than they are worth. ( just my opinion, your milege may vary. )
Current thread:
- Re: Open All Outbound Ports?, (continued)
- Re: Open All Outbound Ports? Vince Hillier (Nov 11)
- RE: Open All Outbound Ports? Clint Harris (Nov 12)
- AW: Open All Outbound Ports? Robert Sieber (Nov 13)
- RE: Open All Outbound Ports? Garbrecht, Frederick (Nov 11)
- RE: Open All Outbound Ports? Naveed Ahmed (Nov 12)
- Re: Open All Outbound Ports? m2dzus (Nov 11)
- Re: Open All Outbound Ports? James Butcher (Nov 12)
- Re: Open All Outbound Ports? mitch_latham (Nov 11)
- Re: Open All Outbound Ports? Chris Berry (Nov 12)
- RE: Open All Outbound Ports? Chris Alliey (Nov 15)
- RE: Open All Outbound Ports? Mark Merchant (Nov 18)
- RE: Open All Outbound Ports? G. Class (Nov 21)
- Message not available
- RE: Open All Outbound Ports? Mark Merchant (Nov 22)
- RE: Open All Outbound Ports? Chris Alliey (Nov 15)