nanog mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Level3 routing issues?

From: Valdis.Kletnieks () vt edu
Date: Mon, 27 Jan 2003 16:31:24 -0500
On Mon, 27 Jan 2003 16:00:51 EST, alex () yuriev com said:

It is very easy. 

Deny everything.
Allow outbound port 80


Bzzt! You just let in an ActiveX exploit. Or Javascript. Or....


Allow mail server to 25


Bzzt! You just let in a new Outlook exploit.


If you need AIM, allow AIM from workstations to oscar.aol.com and whatever
the name of the other mahine.


Bzzt! You just let in an AIM exploit.  That's assuming that you even *know*
what the current name of the other machine is this time around - this
laptop has had 6 IP addresses in as many hours.  Remember there's a reason
why 'talk george () his-box whatever dom' isn't as common anymore....


I am failing to see a problem.


Well.. other than you let a box that wants to talk on the VPN get outside
access to 3 things that are *KNOWN* vectors of malware which could then
attack the VPN side of things, no, there's no problem here.

Attachment: _bin
Description:

Previous By Date Next
Previous By Thread Next

Current thread: