mailing list archives
Re: Permissive Firewall Policy
From: "Anton Chuvakin" <anton () chuvakin org>
Date: Mon, 25 Sep 2006 09:30:48 -0700
Any port between 1 and 65000 are known to be bad at least some of the time.
Holy cow! Is this for real? Somebody still asking a question like that?
It feels like a bit that would be posted to celebrate this list's 10th
anniversary or something :-)
But! I think for the outbound access the question borders on making
[some] sense. Yes, the general "block all that are not needed based on
the policy" is still there, but I almost feel that it makes sense to
spell out some of the *especially* ugly ports to watch, kind of like
telnet for inbound 10 years ago ... Or maybe not :-)
Anton Chuvakin, Ph.D., GCIA, GCIH, GCFA
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com