Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Level3 routing issues?

  • From: Valdis.Kletnieks
  • Date: Mon Jan 27 16:39:49 2003

On Mon, 27 Jan 2003 16:00:51 EST, alex@yuriev.com said:
> It is very easy. 
> 
> Deny everything.
> Allow outbound port 80

Bzzt! You just let in an ActiveX exploit. Or Javascript. Or....

> Allow mail server to 25

Bzzt! You just let in a new Outlook exploit.

> If you need AIM, allow AIM from workstations to oscar.aol.com and whatever
> the name of the other mahine.

Bzzt! You just let in an AIM exploit.  That's assuming that you even *know*
what the current name of the other machine is this time around - this
laptop has had 6 IP addresses in as many hours.  Remember there's a reason
why 'talk george@his-box.whatever.dom' isn't as common anymore....

> I am failing to see a problem.

Well.. other than you let a box that wants to talk on the VPN get outside
access to 3 things that are *KNOWN* vectors of malware which could then
attack the VPN side of things, no, there's no problem here.

Attachment: pgp00020.pgp
Description: PGP signature




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.