Their reason was a lot of the sites that were visited used Passive
FTP, that randomly uses any port above port 1024.
Why not just restrict the ip ranges to a few hundred (thousand) ports?
This is explained in the active vs passive ftp site,
http://slacksite.com/other/ftp.html under the topic ft
>I never agreed with it, but one
>of their reasons to open this was passive FTP. Their reason was a lot of
>the sites that were visited used Passive FTP, that randomly uses any port
>above port 1024.
Why not just restrict the ip ranges to a few hundred (thousand) ports?
This is explained in the a
At 11:44 PM 11/13/02 -0500, you wrote:
I never agreed with it, but one
of their reasons to open this was passive FTP. Their reason was a lot of
the sites that were visited used Passive FTP, that randomly uses any port
above port 1024.
quick reply, hope this hasn't been covered ad naseum...
a s
Read
http://slacksite.com/other/ftp.html
A pretty good explanation of Active vs Passive FTP.
Brian
-Original Message-
From: Chris Alliey [mailto:[EMAIL PROTECTED]]
Sent: Wednesday, November 13, 2002 8:44 PM
To: Chris Berry; [EMAIL PROTECTED]
Subject: RE: Open All Outbound Ports?
I
As a server engineer, I've
had to deal with the NIMDA and other worms/virii/ as you can guess,
that was a little worrisome.
Chris
-Original Message-
From: Chris Berry [mailto:compjma@;hotmail.com]
Sent: Monday, November 11, 2002 4:03 PM
To: [EMAIL PROTECTED]
Subject: R
; 'tony tony'; [EMAIL PROTECTED]
Subject: RE: Open All Outbound Ports?
In addition, in case your network inadvertently becomes a zombie in a DDos,
there is no way you can prevent DoS traffice from leaaving your network.
Just wondering, if you do have a web server and if thats allowed to mak
> Consider espionage. The information goes out.
And what is worse, if someone uses something like scp/ssh, you might get a
whiff of it even if you are running monitoring tools.
Not only that, it becomes easier for a malicious user to attack other
companies if all outbound access is allowed. For
On Sun, 2002-11-10 at 22:25, [EMAIL PROTECTED] wrote:
> In-Reply-To: <[EMAIL PROTECTED]>
>
> ---snip--
>
> >opening all outbound ports is a bad idea. classic example is here..
> >
> >director of marketing takes laptop home.
> >
> >director gets hacked via Trojan downloaded from non corporate mail
Opening all outbound ports will also alow peer-peer programs (like
Kazza, Napster etc) and Spyware which will consume *most* of your
bandwidth.
So asside from the obvious security risks (tojans etc), you can also
watch your bandwidth go down, down, down.
Unless ofcourse, you work for an ISP/T
Crazy.
If you gonna allow every port out, I would only only allow every port
out with the introduction of a proxy server and some content filtering.
But never directly out from workstation to internet.
e.g. M$ ISA Proxy server with TrendMicro Interscan WebProtect.
This will at least attempt to he
-Naveed
-Original Message-
From: Garbrecht, Frederick [mailto:FGarbrecht@;ecogchair.org]
Sent: Sunday, November 10, 2002 12:25 AM
To: 'tony tony'; [EMAIL PROTECTED]
Subject: RE: Open All Outbound Ports?
A couple of things come to mind. Spyware programs installed by internal
users ina
From: tony tony <[EMAIL PROTECTED]>
Our firewall group has came to me several times over the last few >months
wanting my approval to open all of the OUTBOUND ports on our >firewall
facing the internet.
Not a good idea. One of the most important things during a security breach
is to keep the
Consider espionage. The information goes out.
--
James W. Meritt CISSP, CISA
Booz | Allen | Hamilton
phone: (410) 684-6566
Bad idea, That would allow remote access style trojans and ddos bots to have a
nice big foot hole to step in, just my 2 cents
--
Windows is a 32-bit extension and a
graphical
shell for a 16-bit patch to an
8-bit operating system originally
coded for a 4-bit microprocessor,
written by a 2-bit com
In-Reply-To: <[EMAIL PROTECTED]>
---snip--
>opening all outbound ports is a bad idea. classic example is here..
>
>director of marketing takes laptop home.
>
>director gets hacked via Trojan downloaded from non corporate mail.
>
>director brings laptop back to work.
>
>using netcat hack
A couple of things come to mind. Spyware programs installed by internal
users inadvertently can ramp up outgoing traffic considerably and waste your
bandwidth. Opening up outgoing ports also makes it much easier for
peer-to-peer file sharing applications on your internal LAN to do their
dirty wor
On Thu, 2002-11-07 at 20:33, tony tony wrote:
> Hi,
>
> Our firewall group has came to me several times over the last few months
> wanting my approval to open all of the OUTBOUND ports on our firewall facing
> the internet. Their argument is that this would not significantly reduce our
> secur
Hi Tony,
Running your server with all outbound ports open is NOT secure. Even if the
administrators claim they know all the applications using the ports they will never,
for example, know when there is a trojan horse lying and waiting för an inbound
connection...firewalling is a way to control
Tony -
Here is what is say...
First define the business need of the port to be opened..
Second provide the name of the business application that needs this port
open
third provide the project plan for implementation of the application.
fourth tell me who the business owner is for the project.
If
19 matches
Mail list logo
