Firewall Wizards mailing list archives
RE: terminal services
From: "Paul D. Robertson" <proberts () patriot net>
Date: Tue, 28 Jan 2003 18:56:21 -0500 (EST)
On Tue, 28 Jan 2003, R. DuFresne wrote:
the last time M$-SQL was hit. Other discussions in various lists the past few days have folks claiming they had no prior warning that port 1434 was a point of caution deserving incomong and outgoing blocks. Though, as
It's an ephemeral port- just blocking it may make random stuff not work in some situations (like say DNS...) It takes someone who's thought it out to do the filtering correclty. Unfortunately, in my experience that's not going to happen in response to a worm.
someone in one of those discussions mentioned, often the information made available on a threat, often gets read and interpreted in far too strict and narrow a sense to deal with a potential threat in a decisive manner the first time out.
The worst part is that this is blockable at the host on Win2k- if we had host-based default deny, we'd be looking at a better landscape for sure. I can say that for every firewall I've set up, this wouldn't have gotten in or out that way. I can also assure you that folks who're doing a good job of default deny at their border routers didn't get it from the Internet at large. Steve's right on that score- firewalls work fine for ensuring that primary infection vectors are killed. Wes is right too, that leaves secondaries like VPNs. You're still better off with a properly configured perimeter though, no matter what else you've got. Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: terminal services, (continued)
- Re: terminal services R. DuFresne (Jan 28)
- Re: terminal services Don Kendrick (Jan 28)
- Re: terminal services Paul D. Robertson (Jan 28)
- Re: terminal services David Lang (Jan 28)
- Re: terminal services Duncan Sharp (Jan 28)
- Re: terminal services Paul D. Robertson (Jan 28)
- RE: terminal services Noonan, Wesley (Jan 28)
- Re: terminal services Steven M. Bellovin (Jan 28)
- RE: terminal services Noonan, Wesley (Jan 28)
- RE: terminal services R. DuFresne (Jan 28)
- RE: terminal services Paul D. Robertson (Jan 28)
- Re: terminal services Barney Wolff (Jan 28)
- RE: firewall design (was: RE: terminal services ) m p (Jan 29)
- RE: terminal services R. DuFresne (Jan 28)
- RE: terminal services Paul D. Robertson (Jan 28)
- RE: terminal services R. DuFresne (Jan 28)
- Message not available
- RE: terminal services Marcus J. Ranum (Jan 28)
- Re: terminal services Barney Wolff (Jan 29)
- Re: terminal services Paul Robertson (Jan 29)
- Re: terminal services Barney Wolff (Jan 30)