[linux-elitists] MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!
Fri Jan 31 11:17:23 PST 2003
begin Aaron Sherman quotation of Fri, Jan 31, 2003 at 01:39:12PM -0500:
> What you *can* do is not allow UDP traffic OUT of your firewall except
> for specific services that are required. Most people don't bother doing
> this, but it certainly would have helped staunch the bleeding....
What I'm wondering is why desktop machines and internal servers need
to exchange any packets with the outside at all, even with NAT,
a packet-filtering firewall, or a content-inspecting super-deluxe
stateful packet-filtering firewall.
Why not just use application-level proxies for mail, web traffic,
and any other information that needs to go to and from the outside?
A company IS department is not a general-purpose ISP.
"But I park right outside my office and I need to leave the office
window open so I can toss in a patch cable from the CD changer in
Don Marti Even if we don't get DMCA reform, loudly
http://zgp.org/~dmarti demanding DMCA reform is going to get the
firstname.lastname@example.org injustice of the DMCA in front of the next
KG6INA jury. Make noise. It counts.
More information about the linux-elitists