Firewall Wizards mailing list archives
Re: Permissive Firewall Policy
From: "Scott C. Kennedy" <sck () nogas org>
Date: Sat, 23 Sep 2006 20:46:56 -0400 (EDT)
The ones above 65000 are known to be bad on alternative Tuesdays, Thursdays, and after 7pm on the weekends. Seriously, the problem with this question is it is the wrong way to look at things. If you block 31337 aka "the Back Orifice port" then someone just changes to use 53 or 80 or 25 or you get my point. The reality is that if you're going to just block "bad" ports, then don't use a network firewall at all, and defend on the desktop. Network access control is only useful when you can define what your network should have, and you're backed with the political clout to tell people "no." Try to convince those who asked you "to move from a restrictive policy ... to a permissive policy", that it's a bad idea. Try to use decent analogies to help explain the issues to them. My first pass would be... A restrictive policy only allows bank tellers and managers access to the vault. A permissive policy only blocks convicted bank robbers from accessing the vault. Now, they can counter that the network isn't a bank vault... But at some point, either they are convinced that it's not such a good idea, or you're convinced that "telnet is bad, m-kay?" Good Luck & update your resume... Scott On Fri, September 22, 2006 4:17 pm, Marcus J. Ranum wrote:
Kevin Hinze wrote:Does anyone have lists, bookmarks or the like to show a list of known bad ports?Any port between 1 and 65000 are known to be bad at least some of the time. mjr. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Permissive Firewall Policy Kevin Hinze (Sep 22)
- Re: Permissive Firewall Policy Marcus J. Ranum (Sep 23)
- Re: Permissive Firewall Policy ArkanoiD (Sep 23)
- Re: Permissive Firewall Policy Scott C. Kennedy (Sep 23)
- Re: Permissive Firewall Policy Anton Chuvakin (Sep 25)
- Re: Permissive Firewall Policy J. Oquendo (Sep 25)
- Re: Permissive Firewall Policy Kevin (Sep 23)
- Re: Permissive Firewall Policy Devdas Bhagat (Sep 23)
- Re: Permissive Firewall Policy Tim Shea (Sep 23)
- <Possible follow-ups>
- Re: Permissive Firewall Policy Fetch, Brandon (Sep 23)
- Re: Permissive Firewall Policy Marcus J. Ranum (Sep 23)