Re: Benefit of firewall over NAT-only 'protected' network

[Tina Bird <tbird () precision-guesswork com>]

On Tue, 27 May 2003, Paul Robertson wrote:

> On Wed, 28 May 2003, Hugh Blandford wrote:
>
> > Please take into consideration that if they had a firewall, it would be
> > setup to allow all outbound traffic and let the 'responses' back in.  There
>
> That's a silly and mostly specious pre-requisite.  For instance, most
> small office users have *no* need for IRC, and given that IRC is *the*
> major control vector for trojaned machines, why the heck would you allow it
> outbound from a small office?  Nuke 6667/tcp outbound and you decrease the
> chance of being owned rather significantly, and you break less than 1/2 of
> 1% of SOHO users.

if you continue down the road of "what things do i block to prevent most
attacks," please be sure to add the microsoft netbios and netbeui ports
(TCP/UDP 137-139, 445) -- at least at stanford, blocking those inbound and
outbound at our perimeter has prevented a great deal of grief.

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards