Blaine Kahle said: > Moot argument. If you have malicious software running on your "trusted" > network, you're already toast. Firewall-foo will not save you.
If you are already compromised, but there are no available ports for the cracker to make use of, this limits what can be done with your system. e.g. If you have ports that the malicious user can make use of, they can install an FTP or HTTP server on a non-default port and distribute illegal software over your bandwidth. You might not even notice until your ISP gave you the bandwidth bill. If all your ports are accounted for, the malicious user would have to kill one of your processes to get to a port that will go through the firewall. This will certainly alert you to the problem sooner. Just because you've got one compromised system doesn't mean the cracker owns everything. Secure in layers and catch them before they get too far. Allowing incoming ports that don't always have listeners is bad practice. -Mad _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux