Their reason was a lot of the sites that were visited used Passive
FTP, that randomly uses any port above port 1024.
Why not just restrict the ip ranges to a few hundred (thousand) ports?
This is explained in the active vs passive ftp site,
http://slacksite.com/other/ftp.html under the topic ft
>I never agreed with it, but one
>of their reasons to open this was passive FTP. Their reason was a lot of
>the sites that were visited used Passive FTP, that randomly uses any port
>above port 1024.
Why not just restrict the ip ranges to a few hundred (thousand) ports?
This is explained in the a
At 11:44 PM 11/13/02 -0500, you wrote:
I never agreed with it, but one
of their reasons to open this was passive FTP. Their reason was a lot of
the sites that were visited used Passive FTP, that randomly uses any port
above port 1024.
quick reply, hope this hasn't been covered ad naseum...
a s
Read
http://slacksite.com/other/ftp.html
A pretty good explanation of Active vs Passive FTP.
Brian
-Original Message-
From: Chris Alliey [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 13, 2002 8:44 PM
To: Chris Berry; [EMAIL PROTECTED]
Subject: RE: Open All Outbound Ports?
I
As a server engineer, I've
had to deal with the NIMDA and other worms/virii/ as you can guess,
that was a little worrisome.
Chris
-Original Message-
From: Chris Berry [mailto:compjma@;hotmail.com]
Sent: Monday, November 11, 2002 4:03 PM
To: [EMAIL PROTECTED]
Subject: R
>From my point of view there will be a big lack of security if you open all
outbound ports. Every application would have full access to the internet
- do you really want it?
More then 50% of all security risks are base insinde your network. So it
is very important to have an strict policy
; 'tony tony'; [EMAIL PROTECTED]
Subject: RE: Open All Outbound Ports?
In addition, in case your network inadvertently becomes a zombie in a DDos,
there is no way you can prevent DoS traffice from leaaving your network.
Just wondering, if you do have a web server and if thats allowed to mak
> Consider espionage. The information goes out.
And what is worse, if someone uses something like scp/ssh, you might get a
whiff of it even if you are running monitoring tools.
Not only that, it becomes easier for a malicious user to attack other
companies if all outbound access is allowed. For
On Sun, 2002-11-10 at 22:25, [EMAIL PROTECTED] wrote:
> In-Reply-To: <[EMAIL PROTECTED]>
>
> ---snip--
>
> >opening all outbound ports is a bad idea. classic example is here..
> >
> >director of marketing takes laptop home.
> >
> >director gets hacked via Trojan downloaded from non corporate mail
Opening all outbound ports will also alow peer-peer programs (like
Kazza, Napster etc) and Spyware which will consume *most* of your
bandwidth.
So asside from the obvious security risks (tojans etc), you can also
watch your bandwidth go down, down, down.
Unless ofcourse, you work for an ISP/T
: Friday, November 08, 2002 2:34 PM
To: [EMAIL PROTECTED]
Subject: Open All Outbound Ports?
Hi,
Our firewall group has came to me several times over the last few months
wanting my approval to open all of the "OUTBOUND" ports on our firewall
facing the internet. Their argument is tha
-Naveed
-Original Message-
From: Garbrecht, Frederick [mailto:FGarbrecht@;ecogchair.org]
Sent: Sunday, November 10, 2002 12:25 AM
To: 'tony tony'; [EMAIL PROTECTED]
Subject: RE: Open All Outbound Ports?
A couple of things come to mind. Spyware programs installed by internal
users ina
From: tony tony <[EMAIL PROTECTED]>
Our firewall group has came to me several times over the last few >months
wanting my approval to open all of the OUTBOUND ports on our >firewall
facing the internet.
Not a good idea. One of the most important things during a security breach
is to keep the
Consider espionage. The information goes out.
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
: +49 4331 4472124 - Fax: -2200
***
Fingerprint: FC19 7F6D 4405 EF4F AE25 96CD 8DAB B7D6 F3B6 9F01
tony tony <[EMAIL PROTECTED]>
08.11.02 02:33
An: [EMAIL PROTECTED]
Kopie:
Thema: Open All Outbound Ports?
Hi
Bad idea, That would allow remote access style trojans and ddos bots to have a
nice big foot hole to step in, just my 2 cents
--
Windows is a 32-bit extension and a
graphical
shell for a 16-bit patch to an
8-bit operating system originally
coded for a 4-bit microprocessor,
written by a 2-bit com
In-Reply-To: <[EMAIL PROTECTED]>
---snip--
>opening all outbound ports is a bad idea. classic example is here..
>
>director of marketing takes laptop home.
>
>director gets hacked via Trojan downloaded from non corporate mail.
>
>director brings laptop back to work.
>
>using netcat hack
EMAIL PROTECTED]
Subject: Open All Outbound Ports?
Hi,
Our firewall group has came to me several times over the last few months
wanting my approval to open all of the "OUTBOUND" ports on our firewall
facing
the internet. Their argument is that this would not significantly reduce
On Thu, 2002-11-07 at 20:33, tony tony wrote:
> Hi,
>
> Our firewall group has came to me several times over the last few months
> wanting my approval to open all of the OUTBOUND ports on our firewall facing
> the internet. Their argument is that this would not significantly reduce our
> secur
Hi Tony,
Running your server with all outbound ports open is NOT secure. Even if the
administrators claim they know all the applications using the ports they will never,
for example, know when there is a trojan horse lying and waiting för an inbound
connection...firewalling is a way to control
@;yahoo.com]
Sent: Thursday, November 07, 2002 7:34 PM
To: [EMAIL PROTECTED]
Subject: Open All Outbound Ports?
Hi,
Our firewall group has came to me several times over the last few months
wanting my approval to open all of the OUTBOUND ports on our firewall
facing
the internet. Their argument is
Hi,
Our firewall group has came to me several times over the last few months
wanting my approval to open all of the OUTBOUND ports on our firewall facing
the internet. Their argument is that this would not significantly reduce our
security and it will reduce their time/effort in administration
22 matches
Mail list logo