Re: outbound traffic security risk

[Devdas Bhagat <devdas () dvb homelinux org>]

On 23/03/04 09:04 -0500, Mitchell Rowton wrote:
> Allowing all outbound traffic also increases the likelihood of backdoors
> into your network.  
>
> http://www.securitydocs.com/links/detail/803
>
> Plus, most of the scans constantly hitting everyones network originates
> from a network that doesn't filter outbound traffic.  Of course it would
> be hard for an ISP to restrict outbound port 80 traffic, but msrpc and
> sql are examples that could be blocked unless needed for specific hosts.
Ahem! ISPs are /not/ corporate providers. They should NOT be blocking
stuff (currently, NetBIOS and a bunch of MS ports exempted, and port 25
outbound, but thats a different beast.). I want my ISP to only give me a
pure network connection and let me run my own services.
Take reactive action against clients who spam, or abuse the Internet,
but the whole role of an ISP is to provide access.

A corporate network, on the other hand, is a different kettle of fish.

ISPs MUST filter out traffic which should not originate from their
network, or their downstreams or peers.

>  In general, I think that people who don't attempt egress filtering are
> bad internet citizens who contribute to my bloated IDS logs.
Agreed. 

Devdas Bhagat
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards