Don Marti dmarti@zgp.org
Fri Jan 31 11:17:23 PST 2003

begin Aaron Sherman quotation of Fri, Jan 31, 2003 at 01:39:12PM -0500:

> What you *can* do is not allow UDP traffic OUT of your firewall except
> for specific services that are required. Most people don't bother doing
> this, but it certainly would have helped staunch the bleeding....

What I'm wondering is why desktop machines and internal servers need
to exchange any packets with the outside at all, even with NAT,
a packet-filtering firewall, or a content-inspecting super-deluxe
stateful packet-filtering firewall.

Why not just use application-level proxies for mail, web traffic,
and any other information that needs to go to and from the outside?
A company IS department is not a general-purpose ISP.

"But I park right outside my office and I need to leave the office
window open so I can toss in a patch cable from the CD changer in
my car!"

Don Marti                  Even if we don't get DMCA reform, loudly
http://zgp.org/~dmarti     demanding DMCA reform is going to get the
dmarti@zgp.org             injustice of the DMCA in front of the next
KG6INA                     jury.  Make noise.  It counts.

More information about the linux-elitists mailing list