Date: Tue, 16 May 2006 17:34:58 +0000 From: Hunter Fuller <hackmiester@hackmiester.com> To: pauls@utdallas.edu Cc: freebsd-questions@freebsd.org Subject: Re: Is it recommended to allow all outgoing connections from your firewall?? Message-ID: <637FEE6F-1603-4187-BC6A-B351666ABBE3@hackmiester.com> In-Reply-To: <6B0EC275D1AE8D66D26A2093@paul-schmehls-powerbook59.local> References: <20060511012211.12062.qmail@web51610.mail.yahoo.com> <6B0EC275D1AE8D66D26A2093@paul-schmehls-powerbook59.local>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11 May 2006, at 1:56 AM, pauls@utdallas.edu wrote: > --On May 10, 2006 6:22:11 PM -0700 Mark Jayson Alvarez > <jay2xra@yahoo.com> wrote: > Because if the machine has been compromised, it doesn't *matter* > what the outgoing ruleset is. Or what anything else is, for that > matter. What if you're not in, but you can initiate an outgoing connection? From a buggy PHP script on a web server for example? > > If I hack your box, one of the first things I'm going to do is > install a rootkit. Then I'm going to wipe the logs of any evidence > of my entry (but leave them intact otherwise), clean my tracks from > the shell history file and remove any other evidence of my > presence. "Bypassing" your firewall rules is the least of my worries. > > Paul Schmehl (pauls@utdallas.edu) > Adjunct Information Security Officer > The University of Texas at Dallas > http://www.utdallas.edu/ir/security/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?637FEE6F-1603-4187-BC6A-B351666ABBE3>