Re: Customer-facing ACLs

[Adrian Chadd <adrian () creative net au>]

On Sat, Mar 08, 2008, Mark Foster wrote:
>

> To me, at least half the users likely to be running either Linux or Mac 
> are going to be the same users who're going to request they be allowed 
> outbound SSH.... is the blocking of outbound SSH considered to be 
> sufficiently useful that we're advocating it these days?
>
> (Aren't we all just moving SSH to non-standard ports within our 
> networks anyway?)

.. I'm surprised botnets aren't big enough right now to do surreptitious port
scans of machines (there's 'only' 64k ports nowdays!) over timeframes measured
in weeks, from arbitrary bots (ie, not a single IP) to get a scanning footprint
to later submit in the "crack" queue.

Makes me think about Google, to be honest.

Who has more machines, botnets, or google? :)




Adrian