mailing list archives
From: Liran Cohen <theog () tehila gov il>
Date: Thu, 16 Dec 2004 14:20:17 +0200
I would recommend blocking all unnecessary traffic in either case, the
benefits are a) users will not be able to use applications you do not
approve of, b) you can look at the firewall logs for irregular traffic
thus identifying some of the malicious traffic. mind you though, many
malwares use standard ports to communicate with each other or with their
There are some content inspection utilities which may filter the ports
you allow so that no one can transfer unwanted data.
Here's a nice project I really like (many more are at freshmeat.net and
Security and Communication consultant
theog () tehila gov il
Matt Stern wrote:
I was just wondering if spyware sends its answers "back home" on any
particular TCP or UDP port. If so, then couldn't I doubly safeguard the
LAN (after trying to keep all the spyware off the workstations) by
disallowing outbound communications via the firewall, for those ports?
Or conversely, instead of allowing all outbound traffic, only allow the
usual ports, such as 80, 443, 23, etc?