Date: Fri, 21 Sep 2001 00:35:38 +0200 (CEST) From: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> To: Giorgos Keramidas <charon@labs.gr> Cc: David Kirchner <davidk@accretivetg.com>, Dennis Mathiasen <dennis@borg.com>, security@FreeBSD.ORG Subject: Re: NIMDA Virus (OT) Message-ID: <Pine.BSF.4.21.0109210024100.903-100000@lhotse.zaraska.dhs.org> In-Reply-To: <20010920220856.A25250@hades.hell.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 20 Sep 2001, Giorgos Keramidas wrote: > David Kirchner <davidk@accretivetg.com> wrote: > > That's a standard web page for an IIS server, I believe - Not actually > > owned by Microsoft itself. Their servers are in the 207.46 block. I > > haven't seen any hits from them this time. I saw *tons* from them during > > Code Red, though. I'm sure they took the lame approach to security though, > > and set up a firewall, this one to block outbound port 80 requests. > > So, nobody from Microsoft surfs the web? > ( Just kidding, they can set up a proxy and surf through that. ) Some people say that web server(s) should not be allowed to initiate any outbound connections (and especially to port 80) not necessary for normal operations, so if they have all servers on a separate subnet (what makes sense) they can just prohibit outbound HTTP from that network only. So setting up a proxy is not necessary. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.21.0109210024100.903-100000>