Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Botnets, IRC servers and firewalls?

From: Paul Robertson <proberts () patriot net>
Date: Mon, 2 Feb 2004 21:31:54 -0500 (EST)
On Mon, 2 Feb 2004, Mordechai T. Abzug wrote:


Two words: Preaching.  Choir.  :)


The choir isn't big enough!



That said, IMHO, you should be grateful for all the sites that allow
all outbound.  Firewalling is an arms race.  If most sites blocked
default outbound, bot/zombie authors would escalate the race by doing
something like tunneling via https or some other service that was
still allowed.


https is like the downloader trojan sites, they're easier to get shut down
than entire IRC networks.  HTTPS still has connect headers, so it's not
that difficult to track.

I'd rather not win by saying "I'm better than my peers!," I'd rather win
by saying "Those things don't work anymore!"

If we're not using the firewalls we have effectively to stop the threats
we have, then we as a community fail.  It's worse when the devices are
capable of stopping the threat in a "normal" configuration- but the
"common" configuration doesn't do it.

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
proberts () patriot net      which may have no basis whatsoever in fact."
probertson () trusecure com  Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: