nanog mailing list archives
RE: botnets: web servers, end-systems and Vint Cerf
From: <michael.dillon () bt com>
Date: Mon, 19 Feb 2007 16:06:32 -0000
NATting firewalls don't help at all with email-delivered malware, browser exploits, etc.
If the firewall is configured to block all outgoing traffic to port 25 servers, then it helps considerably. After all outgoing email should be going to port 587. And if the system designer is creative enough, then this firewall thingy which is reputed to protect you from bad stuff, would also download and install the latest patches to protect against browser exploits. If this is all run on a separate CPU it can also do some pretty in-depth inspection and do things like block .exe attachements in email. None of this is rocket science. The hardware available today can do this. This hardware is not expensive. It does, however, require systems vendors to have a bit of imagination and that seems to be in rather short supply in the modern world. --Michael Dillon
Current thread:
- Re: botnets: web servers, end-systems and Vint Cerf, (continued)
- Re: botnets: web servers, end-systems and Vint Cerf Sean Donelan (Feb 17)
- Re: botnets: web servers, end-systems and Vint Cerf Gadi Evron (Feb 17)
- Re: botnets: web servers, end-systems and Vint Cerf Sean Donelan (Feb 17)
- Re: botnets: web servers, end-systems and Vint Cerf Danny McPherson (Feb 17)
- Re: botnets: web servers, end-systems and Vint Cerf virendra rode // (Feb 17)
- Re: botnets: web servers, end-systems and Vint Cerf Danny McPherson (Feb 17)
- Re: botnets: web servers, end-systems and Vint Cerf Roland Dobbins (Feb 19)
- Re: botnets: web servers, end-systems and Vint Cerf Roland Dobbins (Feb 19)