Firewall Wizards mailing list archives
Re: Benefit of firewall over NAT-only 'protected' network
From: Paul Robertson <proberts () patriot net>
Date: Wed, 28 May 2003 09:05:30 -0400 (EDT)
On Wed, 28 May 2003 ark () eltex net wrote:
nuqneH, What's wrong with irc? It is a good communication tool.
It's a great communication tool- however, as I stated, it's the #1 control vector for trojaned machines. Since 99% of the example I used, small offices don't have *any business reason* to do IRC, it's perfectly legitimate to block it for those users by default.
Even "out of the box" irc is not more insecure than widely-used ICQ. I even encourage users to use corporate IRC server as generic messaging tool. It is far better than using ICQ (with mirabilis servers usually!) as _really many_ companies that have no own IM system do.
It's not about IRC as an attack vector, it's about IRC as a control vector and the small number of people who have a business case to use it from work. I use IRC, and I even use IRC from work- but I don't go out via 6667 from the office directly. In fact, most large companies would do good to block and log outbound TCP 6667, some of the largest botnets I've seen have been on sites that allow all TCP outbound. I don't know about you, but I'd really rather not see people try to clean up an internal worm infection, deal with child pornography on what could be business-critical servers, and have RIAA/MPAA filing suits left and right because they let out a port that _they_neither_need_,_nor_use. Regards, Paul ----------------------------------------------------------------------------- Paul D. Robertson "My statements in this message are personal opinions proberts () patriot net which may have no basis whatsoever in fact." probertson () trusecure com Director of Risk Assessment TruSecure Corporation _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Benefit of firewall over NAT-only 'protected' network Hugh Blandford (May 27)
- Re: Benefit of firewall over NAT-only 'protected' network Paul Robertson (May 27)
- Re: Benefit of firewall over NAT-only 'protected' network Tina Bird (May 28)
- Re: Benefit of firewall over NAT-only 'protected' network Frank Knobbe (May 28)
- Re: Benefit of firewall over NAT-only 'protected' network Chuck Swiger (May 30)
- Re: Benefit of firewall over NAT-only 'protected' network Frank Knobbe (May 31)
- Re: Benefit of firewall over NAT-only 'protected' network Tina Bird (May 28)
- Re: Benefit of firewall over NAT-only 'protected' network Paul Robertson (May 27)
- Re: Benefit of firewall over NAT-only 'protected' network Hugh Blandford (May 28)
- Re: Benefit of firewall over NAT-only 'protected' network Paul Robertson (May 28)
- Re: Benefit of firewall over NAT-only 'protected' network Bill Royds (May 30)
- Re: Benefit of firewall over NAT-only 'protected' network Paul Robertson (May 28)
- Re: Benefit of firewall over NAT-only 'protected' network ark (May 28)
- Re: Benefit of firewall over NAT-only 'protected' network Paul Robertson (May 28)
- <Possible follow-ups>
- Re: Benefit of firewall over NAT-only 'protected' network salgak (May 28)