|
Focus on Microsoft
RE: Browser Vulns Jul 14 2004 03:27PM Eric McCarty (eric lawmpd com) (1 replies) RE: Browser Vulns Jul 17 2004 02:09AM Laura A. Robinson (laurarobinson earthlink net) (2 replies) RE: Browser Vulns Jul 19 2004 06:39PM Harlan Carvey (keydet89 yahoo com) (1 replies) Re: Browser Vulns Jul 19 2004 04:25PM Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] (sbradcpa pacbell net) (1 replies) |
|
|
Privacy Statement |
> On that note someone pinged me the other day looking for a "Best
> practices" of Egress filtering. Anyone have [besides going down the
> IANA port listing] a rogues gallery of ports that need to be
> proactively blocked? Going down the Snort rule database would
> probably be a start, too I guess... ;-)
>
> [I would argue that the incident has occurred and blocking the ports
> is just putting a tourniquet on the wound..but ....I digress...
If you can, block by default and allow what you want.
That goes for outbound ports as well; if you have a DNS server and you
know it only needs to connect/send to dest port 53, why not ban it
from connecting to any other ports?
If you've locked it down well, it can make life very hard for a
cracker who is attempting to connect to the shell he's spawned with
his exploit.
cheers,
Jamie
--
James Riden / j.riden (at) massey.ac (dot) nz [email concealed] / Systems Security Engineer
GPG public key available at: http://www.massey.ac.nz/~jriden/
This post does not necessarily represent the views of my employer.
------------------------------------------------------------------------
---
------------------------------------------------------------------------
---
[ reply ]