Home page logo

fulldisclosure logo Full Disclosure mailing list archives

RE: Re: Microsoft Security, baby steps ?
From: "Geo." <geoincidents () getinfo org>
Date: Wed, 17 Mar 2004 13:25:36 -0500

From experience, you can't just lock down to that one server. You need to
allow port 80 and 443 access to different servers. Each day the list of
servers changes because of the Akamai caching that is used. I spend some
time configuring locked down systems to be able to talk to them. So yes, it
is an unreasonable request.

Actually you can, you simply enable IP Filtering. Since it blocks only
inbound connections you can then go out and do the windowsupdate dance.
Works on both W2K and XP.

The problem comes in when the rules wherever you are say that you must be
fully patched to get access to the internet or secure network.


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]