[LINK] Acrobat phone home?
adam at todd.inoz.com
Fri Feb 6 12:34:57 EST 2004
>What it does demonstrate is that few firewall have few, if any, controls
>on internal clients establishing outbound connection. Email borne
Guilty as charged. Two workstations here have no restrictions on outbound
ports. All other systems are fully restricted and need to use my proxy.
Funny and just the other day I was telling Howard I was thinking of
dropping my proxy, but it actually does serve a purpose :)
>viruses would be far less effective if all outbound connections to port
>25 outside of the firewall were to be either blocked or redirected to a
>corporate mail server with all the bells and whistles.
No workstation here can access port 25 outside the DMZ. We have a
dedicated DMZ server that accepts port 25, processes the email and them
forwards it based on very strict rules (valid send and destination address)
to my main outbound mail server which processes it again.
We've never had an email virus active in this place to actually test the
Maybe I should grab a few linkers email addresses, put them in an outlook
address book, write one of the typical styled viri, with a self destruct on
delivery mechanism and test it :)
Nah, got better things to do :)
>The same goes for connections to port 110 (POP3) and port 80 (HTTP).
110 is blocked outbound, although I allow restricted inbound
connections. We only have two servers with 110 open for inside the network.
It's not that hard really.
More information about the Link