On Mon, 27 Jan 2003 16:00:51 EST, [EMAIL PROTECTED] said: > It is very easy. > > Deny everything. > Allow outbound port 80
Bzzt! You just let in an ActiveX exploit. Or Javascript. Or.... > Allow mail server to 25 Bzzt! You just let in a new Outlook exploit. > If you need AIM, allow AIM from workstations to oscar.aol.com and whatever > the name of the other mahine. Bzzt! You just let in an AIM exploit. That's assuming that you even *know* what the current name of the other machine is this time around - this laptop has had 6 IP addresses in as many hours. Remember there's a reason why 'talk [EMAIL PROTECTED]' isn't as common anymore.... > I am failing to see a problem. Well.. other than you let a box that wants to talk on the VPN get outside access to 3 things that are *KNOWN* vectors of malware which could then attack the VPN side of things, no, there's no problem here.
msg08578/pgp00000.pgp
Description: PGP signature
