Firewall Wizards mailing list archives
Re: Code Red: What security specialist don't mention in warnings (Frank Knobbe)
From: Joseph Steinberg <Joseph () whale-com com>
Date: Thu, 2 Aug 2001 12:23:11 -0400
Web servers should only respond to incoming web requests. Web servers do
not need to
establish connections to the Internet. So if a web server is behind a stateful firewall, and the firewall rules allow incoming web request to the web server, but denies outgoing connections from the web server to the Internet, then the Code Red worm can be contained.
Depends on the application and the location of the web server -- it may need to access content from the internet... Also, what if your web server needs to send outbound email (confirmation messages, etc.)... BTW: The generic Code Red worm may just deface and connect outward, but the same vulnerability could have been exploited to steal the information on the web server, or turn it into a host for a staged attack against other DMZ/internal machines. As the vulnerability is at the application-level, a firewall will not likely mitigate against this. _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://list.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Code Red: What security specialist don't mention in warnings (Frank Knobbe) Joseph Steinberg (Aug 02)
- Re: Re: Code Red: What security specialist don't mention in warnings(Frank Knobbe) Bob Washburne (Aug 04)
- Re: Re: Code Red: What security specialist don't mention in warnings (Frank Knobbe) Dustin D. Trammell (Aug 04)
- Re: Re: Code Red: What security specialist don't mention in warnings (Frank Knobbe) R. DuFresne (Aug 05)
- Re[2]: Re: Code Red: What security specialist don't mention in warnings (Frank Knobbe) Dustin D. Trammell (Aug 05)
- Re: Re: Code Red: What security specialist don't mention in warnings (Frank Knobbe) R. DuFresne (Aug 05)