nanog mailing list archives
Re: management interface accessability (was Re: Worm / UDP1434)
From: "Christopher L. Morrow" <chris () UU NET>
Date: Sun, 26 Jan 2003 21:40:23 +0000 (GMT)
On Sun, 26 Jan 2003, Rob Thomas wrote:
Hey, Chris. ] or the one that steathily permitted udp 1434 from the outside world :( Yeah. :( This is yet another reason why I tell folks with firewalls NOT to allow everything from the internal (often mistakenly labelled "trusted") net to the external nets.
The unfortunate but required security precautions are that you really should filter as low down in the network as possible, this allows the most granular filtering as possible. Much of that could be accomplished with simple router acls. Filtering as close to the end hosts allows you to explicitly permit/deny traffic to the services required without as many compromises on acl length or granularity. Note, it may require some automation of the acl deployment or management of the acls could become 'complex' :)
Current thread:
- Re: management interface accessability (was Re: Worm / UDP1434), (continued)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Chris Lloyd (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Stephen J. Wilcox (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Chris Lloyd (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Iljitsch van Beijnum (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Christopher L. Morrow (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Christopher L. Morrow (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Rob Thomas (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) E.B. Dreger (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) Christopher L. Morrow (Jan 26)
- Re: management interface accessability (was Re: Worm / UDP1434) alex (Jan 27)
- Re: management interface accessability (was Re: Worm / UDP1434) Christopher L. Morrow (Jan 27)