RE: Unrestricted Outbound Web Server Access Opinion

["Hamish Stanaway" <koremeltdown () hotmail com>]

Hi there Paul,

Another reason you might not want to do this is because if you had no 
restrictions on outbound connections a worm infection might cause your 
infected server(s) to end up on blacklists, effectivly cutting your servers 
reach... meaning some people may consider your machine "bad". If you 
continued restrictions, hopefully this would never happen.
Having no restrictions on outbound connections on a T1 is just asking for 
trouble.



Kindest of regards,

Hamish Stanaway, CEO

Absolute Web Hosting / -= KoRe WoRkS =- Internet Security
Auckland, New Zealand

http://www.webhosting.net.nz
http://www.buywebhosting.co.nz
http://www.koreworks.com




> From: "Paul Guibord" <pguibord () tngtech net>
> To: <security-basics () securityfocus com>
> Subject: Unrestricted Outbound Web Server Access Opinion
> Date: Tue, 3 May 2005 08:54:57 -0400
> MIME-Version: 1.0
> Received: from outgoing.securityfocus.com ([205.206.231.27]) by 
> mc7-f34.hotmail.com with Microsoft SMTPSVC(6.0.3790.211); Tue, 3 May 2005 
> 17:27:02 -0700
> Received: from outgoing.securityfocus.com by outgoing.securityfocus.com     
>      via smtpd (for mc7.bay6.hotmail.com [65.54.253.99]) with ESMTP; Tue, 
> 3 May 2005 17:26:49 -0700
> Received: from lists.securityfocus.com (lists.securityfocus.com 
> [205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid 
> 3E6B8237346; Tue,  3 May 2005 17:41:32 -0600 (MDT)
> Received: (qmail 24629 invoked from network); 3 May 2005 13:22:53 -0000
> X-Message-Info: 6sSXyD95QpVjocF6boLwVQrxxioEG/C7OhezxW0vqCA=
> Mailing-List: contact security-basics-help () securityfocus com; run by ezmlm
> Precedence: bulk
> List-Id: <security-basics.list-id.securityfocus.com>
> List-Post: <mailto:security-basics () securityfocus com>
> List-Help: <mailto:security-basics-help () securityfocus com>
> List-Unsubscribe: <mailto:security-basics-unsubscribe () securityfocus com>
> List-Subscribe: <mailto:security-basics-subscribe () securityfocus com>
> Delivered-To: mailing list security-basics () securityfocus com
> Delivered-To: moderator for security-basics () securityfocus com
> Content-Class: urn:content-classes:message
> X-MimeOLE: Produced By Microsoft Exchange V6.0.6375.0
> X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: Unrestricted Outbound 
> Web Server Access Opinion
> thread-index: AcVP3sPFIFTQYY1uTIW4rifehaq72wAAHEvw
> Return-Path: 
> security-basics-return-33848-koremeltdown=hotmail.com () securityfocus com
> X-OriginalArrivalTime: 04 May 2005 00:27:02.0391 (UTC) 
> FILETIME=[FDF6F870:01C5503F]
>
>
> Hello All,
>
> Someone within our company wants our Internet facing web servers to have
> unrestricted outbound access. Port 80 is the only port permitted from
> the outside coming in. I need the experts opinion why we do not want to
> permit this PLEASE. Two things I could think of are if the web servers
> were compromised, then the hacker would have the ability offload any
> data they want. Another being if they were infected with a worm they
> would bring down the Internet T1 in their attempt to find other devices
> to infect.
>
> Thanks in advance for everyone's input.
>
> Paul