Firewall Wizards mailing list archives
Re: Botnets, IRC servers and firewalls?
From: "R. DuFresne" <dufresne () sysinfo com>
Date: Tue, 3 Feb 2004 10:01:18 -0500 (EST)
egress filtering is basically what is being discussed here, and has long been recommended, and long been rejected by the mass majority for quite sometime. On routers the complaint is that it takes up too many resources and slows the box down to a crawl. On the network it's been rejected for reasons such as; more complex rules to keep up with the fear that a needed strategic app/protocol might be blocked inadvertantly time/staffing issues make it just too much to impliment lack of buy in from the powers that be ingress filtering has proved to be useful in limiting the risks an organization has to endure and battle. The job now, is to convince the powers that be and the folks that admin the defensive devises that egress filtering would have prevented or dramatically reduced the costs associated with a large number of the viri/trojans in circulation the past 2-4 years, as well as those still in the thought processes of those folks that release these beasts. It's amazing how one can get folks to understand the importance of packet flow in one direction needs to be evaluated and limited, and yet frustrating that translating that logic in the other direction can be fraught with either total rejection of the concept, or a poo-poo'ing of the risks, even after faced witht eh costs of cleanup. Then come the champions of user education, a goood concept that has proved to be costly in and of itself, let alone, well, frustrating... Thanks, Ron DuFresne -- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ admin & senior security consultant: sysinfo.com http://sysinfo.com "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart testing, only testing, and damn good at it too! _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: Botnets, IRC servers and firewalls?, (continued)
- Re: Botnets, IRC servers and firewalls? Barney Wolff (Feb 02)
- Re: Botnets, IRC servers and firewalls? Luca Berra (Feb 02)
- Re: Botnets, IRC servers and firewalls? Victor B. Williams (Feb 02)
- Re: Botnets, IRC servers and firewalls? Mordechai T. Abzug (Feb 02)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 02)
- Re: Botnets, IRC servers and firewalls? Marcus J Ranum (Feb 02)
- Re: Botnets, IRC servers and firewalls? Mordechai T. Abzug (Feb 02)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 02)
- Re: Botnets, IRC servers and firewalls? Gadi Evron (Feb 03)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 03)
- Re: Botnets, IRC servers and firewalls? R. DuFresne (Feb 03)
- Message not available
- Re: Botnets, IRC servers and firewalls? Marcus J. Ranum (Feb 04)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 04)
- Re: Botnets, IRC servers and firewalls? Marcus J. Ranum (Feb 04)
- Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 04)
- Re: Botnets, IRC servers and firewalls? Joseph S D Yao (Feb 05)
- Re: Botnets, IRC servers and firewalls? Chris Blask (Feb 04)
- Re: Botnets, IRC servers and firewalls? Jeremiah Cornelius (Feb 04)
- Re: Botnets, IRC servers and firewalls? Chris Blask (Feb 04)
- Re: Botnets, IRC servers and firewalls? Barney Wolff (Feb 02)
- Message not available
- Re: Botnets, IRC servers and firewalls? Marcus J. Ranum (Feb 04)
- Re: Botnets, IRC servers and firewalls? Mark Tinberg (Feb 05)