Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Botnets, IRC servers and firewalls?

From: "Mordechai T. Abzug" <morty () frakir org>
Date: Mon, 2 Feb 2004 21:13:36 -0500
On Mon, Feb 02, 2004 at 05:02:58PM -0500, Paul Robertson wrote:


Now that most firewalls don't proxy, it seems way too many places
are allowing TCP straight out to any port, so long as it originates
inside (certainly the "NAT is a firewall crowd.")  How many people
routinely block TCP/6667, or non-allowed applications?  How many of
you who don't block it do regular reports on connections initiated
inside to external servers that aren't on port 80, 443, etc?


Two words: Preaching.  Choir.  :)

That said, IMHO, you should be grateful for all the sites that allow
all outbound.  Firewalling is an arms race.  If most sites blocked
default outbound, bot/zombie authors would escalate the race by doing
something like tunneling via https or some other service that was
still allowed.

- Morty
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: