Level3 routing issues?

• Previous message (by thread): Level3 routing issues?
• Next message (by thread): Level3 routing issues?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 27 Jan 2003 16:00:51 EST, alex at yuriev.com said:
> It is very easy. 
> 
> Deny everything.
> Allow outbound port 80

Bzzt! You just let in an ActiveX exploit. Or Javascript. Or....

> Allow mail server to 25

Bzzt! You just let in a new Outlook exploit.

> If you need AIM, allow AIM from workstations to oscar.aol.com and whatever
> the name of the other mahine.

Bzzt! You just let in an AIM exploit.  That's assuming that you even *know*
what the current name of the other machine is this time around - this
laptop has had 6 IP addresses in as many hours.  Remember there's a reason
why 'talk george at his-box.whatever.dom' isn't as common anymore....

> I am failing to see a problem.

Well.. other than you let a box that wants to talk on the VPN get outside
access to 3 things that are *KNOWN* vectors of malware which could then
attack the VPN side of things, no, there's no problem here.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030127/63fb10f5/attachment.sig>

• Previous message (by thread): Level3 routing issues?
• Next message (by thread): Level3 routing issues?
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]