Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 9 Dec 1999 08:20:47 -0500
From:      Justin Wells <jread@semiotek.com>
To:        "Scott I. Remick" <scott@computeralt.com>
Cc:        freebsd-security@FreeBSD.ORG
Subject:   Re: What kind of attack is this?
Message-ID:  <19991209082046.A93512@semiotek.com>
In-Reply-To: <4.2.2.19991208173403.00be7790@mail.computeralt.com>
References:  <4.2.2.19991208162315.00b5f4e0@mail.computeralt.com> <Pine.LNX.3.95.991208170102.30438R-100000@arden.iss.net> <4.2.2.19991208173403.00be7790@mail.computeralt.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Wed, Dec 08, 1999 at 05:46:17PM -0500, Scott I. Remick wrote:

> >Yes, definately block everything except what's needed.  And then question
> >yourself and others on what really is needed.
> 
> Which is what I'd like to do, but what I like to do and what needs to be 
> done here are seldom the same thing.  I will push for a closed-firewall but 
> it'll probably end up being open by default when it goes up.

You know... it sounds like the people who you have to deal with don't 
really understand what they're talking about. If I were you I would run 
trafshow on the network, get a list of all the packets that anyone 
ever sends, and use that to build a closed firewall that allows 
everything people already do. I would put that up, and then I would 
say to my boss "Yeah I put up a firewall that allows everything, except
the bad stuff", and if anyone EVER notices that anything is blocked, say 
"Oh, looks like a bug in the firewall, I'll fix that straight away". 

Of course my definition of "bad stuff" would be anything that anyone 
isn't currently doing, but you don't have to tell anyone that :-) 

If mostly "use the internet" means internal people have to have access 
to everything on the outside world you can set a firewall rule that 
allows all outgoing connections, and only blocks incoming ones. 

Blocking UDP is tough though. The main thing is to make sure you don't 
let the UDP packets from the outside world hit anything dangerous like 
the NFS and X ports. 

Justin



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19991209082046.A93512>