Date: Thu, 20 Sep 2001 14:33:07 -0700 (PDT) From: David Kirchner <davidk@accretivetg.com> To: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl> Cc: Giorgos Keramidas <charon@labs.gr>, Dennis Mathiasen <dennis@borg.com>, <security@FreeBSD.ORG> Subject: Re: NIMDA Virus (OT) Message-ID: <20010920143246.O85958-100000@localhost> In-Reply-To: <Pine.BSF.4.21.0109210024100.903-100000@lhotse.zaraska.dhs.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 21 Sep 2001, Krzysztof Zaraska wrote: > Some people say that web server(s) should not be allowed to initiate any > outbound connections (and especially to port 80) not necessary for normal > operations, so if they have all servers on a separate subnet (what makes > sense) they can just prohibit outbound HTTP from that network only. So > setting up a proxy is not necessary. Me, I just prefer to patch the holes instead of hiding behind filters. ;-) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010920143246.O85958-100000>