Level3 routing issues?
Valdis.Kletnieks at vt.edu
Valdis.Kletnieks at vt.edu
Mon Jan 27 21:31:24 UTC 2003
On Mon, 27 Jan 2003 16:00:51 EST, alex at yuriev.com said:
> It is very easy.
>
> Deny everything.
> Allow outbound port 80
Bzzt! You just let in an ActiveX exploit. Or Javascript. Or....
> Allow mail server to 25
Bzzt! You just let in a new Outlook exploit.
> If you need AIM, allow AIM from workstations to oscar.aol.com and whatever
> the name of the other mahine.
Bzzt! You just let in an AIM exploit. That's assuming that you even *know*
what the current name of the other machine is this time around - this
laptop has had 6 IP addresses in as many hours. Remember there's a reason
why 'talk george at his-box.whatever.dom' isn't as common anymore....
> I am failing to see a problem.
Well.. other than you let a box that wants to talk on the VPN get outside
access to 3 things that are *KNOWN* vectors of malware which could then
attack the VPN side of things, no, there's no problem here.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20030127/63fb10f5/attachment.sig>
More information about the NANOG
mailing list