From owner-freebsd-security  Thu Sep 20 15:35:36 2001
Delivered-To: freebsd-security@freebsd.org
Received: from pa169.kurdwanowa.sdi.tpnet.pl (pa169.kurdwanowa.sdi.tpnet.pl [213.77.148.169])
	by hub.freebsd.org (Postfix) with ESMTP id C94E837B412
	for <security@FreeBSD.ORG>; Thu, 20 Sep 2001 15:35:31 -0700 (PDT)
Received: by pa169.kurdwanowa.sdi.tpnet.pl (Postfix, from userid 1001)
	id E46F11D14; Fri, 21 Sep 2001 00:35:38 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by pa169.kurdwanowa.sdi.tpnet.pl (Postfix) with ESMTP
	id A1215552A; Fri, 21 Sep 2001 00:35:38 +0200 (CEST)
Date: Fri, 21 Sep 2001 00:35:38 +0200 (CEST)
From: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl>
X-Sender: kzaraska@lhotse.zaraska.dhs.org
To: Giorgos Keramidas <charon@labs.gr>
Cc: David Kirchner <davidk@accretivetg.com>,
	Dennis Mathiasen <dennis@borg.com>, security@FreeBSD.ORG
Subject: Re: NIMDA Virus (OT)
In-Reply-To: <20010920220856.A25250@hades.hell.gr>
Message-ID: <Pine.BSF.4.21.0109210024100.903-100000@lhotse.zaraska.dhs.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Thu, 20 Sep 2001, Giorgos Keramidas wrote:

> David Kirchner <davidk@accretivetg.com> wrote:
> > That's a standard web page for an IIS server, I believe - Not actually
> > owned by Microsoft itself. Their servers are in the 207.46 block. I
> > haven't seen any hits from them this time. I saw *tons* from them during
> > Code Red, though. I'm sure they took the lame approach to security though,
> > and set up a firewall, this one to block outbound port 80 requests.
> 
> So, nobody from Microsoft surfs the web?
> ( Just kidding, they can set up a proxy and surf through that. )
Some people say that web server(s) should not be allowed to initiate any
outbound connections (and especially to port 80) not necessary for normal
operations, so if they have all servers on a separate subnet (what makes
sense) they can just prohibit outbound HTTP from that network only. So
setting up a proxy is not necessary. 




To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message