Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: management interface accessability (was Re: Worm / UDP1434)

  • From: E.B. Dreger
  • Date: Sun Jan 26 16:25:45 2003

RT> Date: Sun, 26 Jan 2003 15:07:41 -0600 (CST)
RT> From: Rob Thomas


RT> This is yet another reason why I tell folks with firewalls
RT> NOT to allow everything from the internal (often mistakenly
RT> labelled "trusted") net to the external nets.

Too true.  However, when a company president gets upset because
his kid couldn't play Quake over the network, ports magically
begin to open...

FWIW, it might be good to clarify the "stateful" remark a bit:
Keeping state on all outbound traffic could cause a problem.
However,

	check-state
	deny udp from any 1434 to any 1434
	allow udp from any 1434 to any keep-state
	deny udp from any to any 1434

works nicely for blocking the worm.


Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@brics.com>
To: blacklist@brics.com
Subject: Please ignore this portion of my mail signature.

These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@brics.com>, or you are likely to
be blocked.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.