|
Full Disclosure
mailing list archives
Re: Sony: No firewall and no patches
From: Bruno Cesar Moreira de Souza <bcmsouza () yahoo com br>
Date: Tue, 10 May 2011 06:53:42 -0700 (PDT)
On May 10, 2011, Dobbins, Roland <rdobbins () arbor net> wrote:
On May 10, 2011, at 1:40 PM, Tracy Reed wrote:
If you have traffic going out to a high numbered port and you are not keeping state how do you know if that is a
reply packet to an existing inbound connection or if it is an unauthorized outbound connection?
You use stateless ACLs to filter outbound traffic as well, only allowing traffic
originating from required well-known ports to ephemeral high ports.
--------------------------------
The stateless ACLs would not prevent ACK tunneling (http://ntsecurity.nu/papers/acktunneling/).
Although your infrastructure would be stronger against DDoS attacks, your environment would be more susceptible to
covert channels and backdoors. If the organization security concern is mainly availability, I could agree in deploying
a packet filter to protect external servers. However, if an external intrusion or sensitive data leakage would cause
more damage to the organization's business or reputation, I would not recommend it. Additionally, the organization may
have different DMZ's or external networks with different security levels.
Regards,
Bruno Cesar M. de Souza
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
Re: Sony: No firewall and no patches Pete Smith (May 10)
Re: Sony: No firewall and no patches nix (May 10)
Re: Sony: No firewall and no patches Bruno Cesar Moreira de Souza (May 10)
(Thread continues...)
|
