Home page logo

basics logo Security Basics mailing list archives

Re: Spyware
From: dallas jordan <dallas.jordan () gmail com>
Date: Wed, 15 Dec 2004 14:09:24 -0500

I believe as a general rule, all traffic should be denied unless
explicitly permitted.  this includes incoming as well as outgoing
traffic.  You should start off with a "deny all" rule and then only
allow specific traffic through your firewall.  This way, there is less
chance you may miss something.  HTH.

On Tue, 14 Dec 2004 17:37:48 -0500, Matt Stern <sternm () comprehensive com> wrote:
Hello all:

I was just wondering if spyware sends its answers "back home" on any
particular TCP or UDP port.  If so, then couldn't I doubly safeguard the
LAN (after trying to keep all the spyware off the workstations) by
disallowing outbound communications via the firewall, for those ports?
Or conversely, instead of allowing all outbound traffic, only allow the
usual ports, such as 80, 443, 23, etc?


Matthew H. Stern, CCP/CDP, sternm () comprehensive com
Serving the IT industry since 1976
Comprehensive Computer Services Inc.
Phone: 631 755-2250, Fax 755-2254
560 Broad Hollow Road, Melville NY 11747

Dallas Jordan CCNA, Security+
Ernst & Young LLP
Security & Technology Solutions (STS)
Office:   404-817-5940
Mobile:  843-991-0271
EY/Comm:   7455673
E-mail:  Dallas.Jordan () ey com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]