Firewall Wizards mailing list archives

Re: Botnets, IRC servers and firewalls?

From: "R. DuFresne" <dufresne () sysinfo com>
Date: Tue, 3 Feb 2004 10:01:18 -0500 (EST)



egress filtering is basically what is being discussed here, and has long
been recommended, and long been rejected by the mass majority for quite
sometime.  On routers the complaint is that it takes up too many resources
and slows the box down to a crawl.  On the network it's been rejected for
reasons such as;

more complex rules to keep up with

the fear that a needed strategic app/protocol might be blocked
inadvertantly

time/staffing issues make it just too much to impliment

lack of buy in from the powers that be

ingress filtering has proved to be useful in limiting the risks an
organization has to endure and battle.  The job now, is to convince the
powers that be and the folks that admin the defensive devises that egress
filtering would have prevented or dramatically reduced the costs
associated with a large number of the viri/trojans in circulation the past
2-4 years, as well as those still in the thought processes of those folks
that release these beasts.  It's amazing how one can get folks to
understand the importance of packet flow in one direction needs to be
evaluated and limited, and yet frustrating that translating that logic in
the other direction can be fraught with either total rejection of the
concept, or a poo-poo'ing of the risks, even after faced witht eh costs of
cleanup.  Then come the champions of user education, a goood concept that
has proved to be costly in and of itself, let alone, well, frustrating...

Thanks,

Ron DuFresne
-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com

"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart

testing, only testing, and damn good at it too!

_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Current thread:

Re: Botnets, IRC servers and firewalls?, (continued)
- Re: Botnets, IRC servers and firewalls? Barney Wolff (Feb 02)
  - Re: Botnets, IRC servers and firewalls? Luca Berra (Feb 02)
- Re: Botnets, IRC servers and firewalls? Victor B. Williams (Feb 02)
- Re: Botnets, IRC servers and firewalls? Mordechai T. Abzug (Feb 02)
  - Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 02)
  - Re: Botnets, IRC servers and firewalls? Marcus J Ranum (Feb 02)
    - Re: Botnets, IRC servers and firewalls? Mordechai T. Abzug (Feb 02)
    - Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 02)
    - Re: Botnets, IRC servers and firewalls? Gadi Evron (Feb 03)
    - Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 03)
    - Re: Botnets, IRC servers and firewalls? R. DuFresne (Feb 03)
    - Message not available
    - Re: Botnets, IRC servers and firewalls? Marcus J. Ranum (Feb 04)
    - Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 04)
    - Re: Botnets, IRC servers and firewalls? Marcus J. Ranum (Feb 04)
    - Re: Botnets, IRC servers and firewalls? Paul Robertson (Feb 04)
    - Re: Botnets, IRC servers and firewalls? Joseph S D Yao (Feb 05)
    - Re: Botnets, IRC servers and firewalls? Chris Blask (Feb 04)
    - Re: Botnets, IRC servers and firewalls? Jeremiah Cornelius (Feb 04)
    - Re: Botnets, IRC servers and firewalls? Chris Blask (Feb 04)
    - Message not available
    - Re: Botnets, IRC servers and firewalls? Marcus J. Ranum (Feb 04)
    - Re: Botnets, IRC servers and firewalls? Mark Tinberg (Feb 05)

(Thread continues...)