Security Basics mailing list archives
RE: SMTP behind NAT
From: "David Gillett" <gillettdavid () fhda edu>
Date: Wed, 6 May 2009 12:44:58 -0700
-----Original Message----- From: Murda Mcloud [mailto:murdamcloud () bigpond com] Sent: Tuesday, May 05, 2009 5:51 PM To: 'Georg Pichler' Cc: security-basics () securityfocus com Subject: RE: SMTP behind NAT
<snip>
Well, if it were my network then I would also want to control, filter and monitor egress as well as ingress. But then I have become more paranoid in my old age. Even at home I do that-I filter both ingoing and outgoing. One reason being that I want to make sure that if Trojans etc are active in my network then I have a greater chance of noticing and taking appropriate action. I guess at heart I'm a 'default deny' type of guy.
Egress filtering is part of being a "good netizen". If something that doesn't belong has gotten into your network, it's nice to not be the vector that spreads it to others. Also, an awful lot of malware will bet into even a well-secured network (and dorm networks are often held to a lower standard than that...) by a wide variety of usually legitimate routes -- http, https, carried in on a device that got infected elsewhere... Blocking all of these ingresses is rarely practical, but catching the malware at egress (phoning home, dishing out spam, etc) is often very effective at finding only the bad guys and not constantly throwing false positives or blocking legitimate activity. David Gillett ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- SMTP behind NAT Georg Pichler (May 01)
- RE: SMTP behind NAT Michael.Randazzo (May 01)
- Re: SMTP behind NAT Laurens Vets (May 01)
- Message not available
- Re: SMTP behind NAT Georg Pichler (May 04)
- Re: SMTP behind NAT Aaron Howell (May 04)
- RE: SMTP behind NAT Murda Mcloud (May 05)
- Re: SMTP behind NAT Georg Pichler (May 06)
- RE: SMTP behind NAT Murda Mcloud (May 06)
- RE: SMTP behind NAT David Gillett (May 07)
- RE: SMTP behind NAT Murda Mcloud (May 07)
- RE: SMTP behind NAT Tariq Naik (May 08)
- Re: SMTP behind NAT bartlettNSF (May 11)
- Re: SMTP behind NAT Georg Pichler (May 04)
- <Possible follow-ups>
- Re: SMTP behind NAT Rob Taylor (May 01)
- Re: SMTP behind NAT krymson (May 07)