North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Level3 routing issues?
- From: Valdis.Kletnieks
- Date: Mon Jan 27 16:39:49 2003
On Mon, 27 Jan 2003 16:00:51 EST, alex@yuriev.com said:
> It is very easy.
>
> Deny everything.
> Allow outbound port 80
Bzzt! You just let in an ActiveX exploit. Or Javascript. Or....
> Allow mail server to 25
Bzzt! You just let in a new Outlook exploit.
> If you need AIM, allow AIM from workstations to oscar.aol.com and whatever
> the name of the other mahine.
Bzzt! You just let in an AIM exploit. That's assuming that you even *know*
what the current name of the other machine is this time around - this
laptop has had 6 IP addresses in as many hours. Remember there's a reason
why 'talk george@his-box.whatever.dom' isn't as common anymore....
> I am failing to see a problem.
Well.. other than you let a box that wants to talk on the VPN get outside
access to 3 things that are *KNOWN* vectors of malware which could then
attack the VPN side of things, no, there's no problem here.
Attachment:
pgp00020.pgp
Description: PGP signature
|
