On Tue, 2003-08-12 at 21:11, Iain Buchanan wrote: > (this is an inbound rule, but I don't think it takes much to turn it > into an outbound rule) Actually, if you have any windows machines at all on your network inside, it is *essential* to block outbound traffic as well. This protects others from your machines, as well as protecting your users from exploits in internet explorer that use UNC paths instead of URLS to trick windows into transmitting the user's name and password to a foreign host, which netbios will blindly do. All the foreign server has to do is force plain text passwords and then he as a good record of passwords from inside your network. All this from a url that's really a unc sent in an html e-mail message. All of the ports in question, due to the inherent insecurity in the netbios protocol, should be blocked in and out of the firewall, just like you do for Sun RPC and NFS. Michael > > HTH, > -- > Iain Buchanan <iain@xxxxxxxxxxxxxxxxxxx> > > Lisa: Remember, Dad. The handle of the Big Dipper points to the > North Star. > > Homer: That's nice, Lisa, but we're not in astronomy class. We're in > the woods. > > The Call of the Simpsons -- Michael Torrie <torriem@xxxxxxxxxxxx> -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
