Firewall Wizards mailing list archives
Re: Permissive Firewall Policy
From: Kevin <kkadow () gmail com>
Date: Fri, 22 Sep 2006 17:45:19 -0500
On 9/21/06, Kevin Hinze <kevin.hinze () navigators org> wrote:
New to the list, so hope this has not already been covered numerous times.
I don't think anybody has posted anything nearly this silly ever before, I will give you the benefit of the doubt and assume from how you phrase the question that it isn't your idea.
I have been asked to move from a restrictive policy of only allowed/permitted ports are allowed through the Firewall to a permissive policy of deny known "bad" port/protocols and allow all else. Does anyone have lists, bookmarks or the like to show a list of known "bad" ports?
There are several lists of known ports used by exploits and malware, or you could just take the list of permitted destination ports in the default Squid configuration and "invert" it.
I believe this is a bad idea but need some information to prove how difficult it will be to manage.
I don't know that it will be difficult to manage, but it will definitely be difficult to demonstrate effectiveness. Just about any TCP or UDP port can carry a "bad" protocol, many dangerous applications are port-agile, so blocking specific ports won't do much to stop the communications. You could be better off just forgetting about writing IP filter rules and instead use an IPS product to block all known bad protocols and transactions? Kevin _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Permissive Firewall Policy Kevin Hinze (Sep 22)
- Re: Permissive Firewall Policy Marcus J. Ranum (Sep 23)
- Re: Permissive Firewall Policy ArkanoiD (Sep 23)
- Re: Permissive Firewall Policy Scott C. Kennedy (Sep 23)
- Re: Permissive Firewall Policy Anton Chuvakin (Sep 25)
- Re: Permissive Firewall Policy J. Oquendo (Sep 25)
- Re: Permissive Firewall Policy Kevin (Sep 23)
- Re: Permissive Firewall Policy Devdas Bhagat (Sep 23)
- Re: Permissive Firewall Policy Tim Shea (Sep 23)
- <Possible follow-ups>
- Re: Permissive Firewall Policy Fetch, Brandon (Sep 23)
- Re: Permissive Firewall Policy Marcus J. Ranum (Sep 23)