mailing list archives
From: "Jon Lawhead" <samurai () berkeley edu>
Date: Wed, 15 Dec 2004 16:33:26 -0800
Unfortunately the spyware industry isn't nice enough to standardize what port its programs use
when phoning home. You best bet would just be to prevent any unauthorized programs from getting
out; that way they'll be blocked no matter what port they try.
UC Berkeley Rescomp/SINE
On Tue, 14 Dec 2004 17:37:48 -0500
Matt Stern <sternm () comprehensive com> wrote:
I was just wondering if spyware sends its answers "back home" on any particular TCP or UDP port.
If so, then couldn't I doubly safeguard the LAN (after trying to keep all the spyware off the
workstations) by disallowing outbound communications via the firewall, for those ports? Or
conversely, instead of allowing all outbound traffic, only allow the
usual ports, such as 80, 443, 23, etc?
Matthew H. Stern, CCP/CDP, sternm () comprehensive com
Serving the IT industry since 1976
Comprehensive Computer Services Inc.
Phone: 631 755-2250, Fax 755-2254
560 Broad Hollow Road, Melville NY 11747