nanog mailing list archives
RE: Synology Disk DS211J
From: Robert Bonomi <bonomi () mail r-bonomi com>
Date: Thu, 29 Sep 2011 19:46:09 -0500 (CDT)
From: Nathan Eisenberg <nathan () atlasnetworks us> Subject: RE: Synology Disk DS211J Date: Thu, 29 Sep 2011 21:58:23 +0000And this is why the prudent home admin runs a firewall device he or she can trust, and has a "default deny" rule in place even for outgoing connections. - MattThe prudent home admin has a default deny rule for outgoing HTTP to port 80? I doubt it.
No, the prudent nd knowledgable prudent home admin does not have default deny rule just for outgoing HTTP to port 80. He has a defult deny rule for _everything_. Every internal source address, and every destination port. Then he pokes holes in that 'deny everything' for specific machines to make the kinds of external connections that _they_ need to make. Blocking outgoing port 80, _except_ from an internal proxy server, is not necessrily a bad idea. If the legitimte web clients are all configured to use the proxy server, then _direct_ external connection attempts are an indication that something "not so legitimate" may be runningunning.
Current thread:
- RE: facebook spying on us?, (continued)
- RE: facebook spying on us? Erik Soosalu (Sep 29)
- Re: facebook spying on us? Valdis . Kletnieks (Sep 29)
- Re: facebook spying on us? Greg Ihnen (Sep 29)
- Re: facebook spying on us? David Hill (Sep 29)
- Re: facebook spying on us? Keegan Holley (Sep 29)
- Synology Disk DS211J Jones, Barry (Sep 29)
- Re: Synology Disk DS211J Leo Bicknell (Sep 29)
- Re: Synology Disk DS211J Matthew Palmer (Sep 29)
- RE: Synology Disk DS211J Nathan Eisenberg (Sep 29)
- Re: Synology Disk DS211J Jay Ashworth (Sep 29)
- RE: Synology Disk DS211J Robert Bonomi (Sep 29)
- Re: Synology Disk DS211J Joel jaeggli (Sep 29)
- Re: Synology Disk DS211J bmanning (Sep 29)
- Re: Synology Disk DS211J Jay Ashworth (Sep 30)
- Re: Synology Disk DS211J Doug Barton (Sep 30)
- Synology Disk DS211J Jones, Barry (Sep 29)
- Re: Synology Disk DS211J Matthew Palmer (Sep 29)
- RE: Synology Disk DS211J Blake T. Pfankuch (Sep 30)
- Re: Synology Disk DS211J Leo Bicknell (Sep 30)
- Re: Synology Disk DS211J Charles N Wyble (Sep 30)
- Message not available
- Re: Synology Disk DS211J Valdis . Kletnieks (Sep 30)
- Re: Synology Disk DS211J bmanning (Sep 30)