On Mon, 2 Feb 2004, Mordechai T. Abzug wrote:
> Two words: Preaching. Choir. :)
The choir isn't big enough!
>
> That said, IMHO, you should be grateful for all the sites that allow
> all outbound. Firewalling is an arms race. If most sites blocked
> default outbound, bot/zombie authors would escalate the race by doing
> something like tunneling via https or some other service that was
> still allowed.
https is like the downloader trojan sites, they're easier to get shut down
than entire IRC networks. HTTPS still has connect headers, so it's not
that difficult to track.
I'd rather not win by saying "I'm better than my peers!," I'd rather win
by saying "Those things don't work anymore!"
If we're not using the firewalls we have effectively to stop the threats
we have, then we as a community fail. It's worse when the devices are
capable of stopping the threat in a "normal" configuration- but the
"common" configuration doesn't do it.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
proberts_at_patriot.net which may have no basis whatsoever in fact."
probertson_at_trusecure.com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Feb 03 2004
Intro
