Frank Gruellich wrote:
The penetration is not the ICMP but the DNS resolve. hackers.com is a
bad guy's domain running some "special" kind of DNS server. I've seen
shells running this way.
You can't completely block malware from accessing the Internet, but you
can make it really, really difficult...
No, it's IMHO not that difficult.
Kind
regards, Frank.
Didn't MS Windows just change (xp/sp2) so that infected machines can't open more that like 10 half open sockets? That
was viewed as solving the wrong problem. i.e we wouldn't have to block outbound traffic in drastic/major ways if
infection didn't happen in the first place. Not that that is possible either but weigh fix with the problem carefully.
Out of curiosity Frank, are you blocking malicious IM type softwares/plugins/add-ons or users? If so how?
/djb
