Re: Home PC Networking

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2006-11-29 David Gillett wrote:
> > >  2. I'd like a list of the (incomming/out going) ports that should
> > > be blocked on my firewall. It is a general home PC used for
                                       ^^^^^^^^^^^^^^^
> > > browsing, gaming, MSN etc.
> >
> > Incoming: 1-65535, both TCP and UDP
> > Outgoing: none
>            ^^^^
>
>   Terribly old school.

Nope. Only working setting for the given scenario.

> Workable around 1993, when anyone with an Internet connection could be
> reasonably assumed to be a qualified admin, familiar with every
> executable on the box and its network behaviour. Not true since
> consumers found the web.
>   See Bejtlich, Richard, "Extrusion Detection", Addison-Wesley.  
> Filtering and monitoring the outbound traffic is a powerful way to 
> limit and detect issues you actually need to worry about.

Maybe for people with sufficient knowledge of networking protocols and
technologies, but we're talking about a "general home PC" here, not a
company network. The only reason for outbound filtering in this scenario
would be to stop malware from communicating outbound. However, filtering
of remote ports for outgoing traffic is more likely to break valid
connections than to intercept malware communication. Not to mention that
the only reasonable way to prevent malware from communicating outbound
is to prevent it from being run in the first place.

Regards
Ansgar Wiechers
-- 
"Multidimensionale Ordnung sieht fuer den einfach gestrickten Betrachter
halt meistens wie Chaos aus, weil er die Ordnung nicht erfassen kann."
--Jürgen P. Meier in dasr