Wired mag article on spammers playing traceroute games with trojaned boxes
Michael.Dillon at radianz.com
Michael.Dillon at radianz.com
Fri Oct 10 10:32:36 UTC 2003
>I mentioned before that it doesn't really make much sense with web
>hosting because the port can easily be changed so it's not very effective
>at all.
Stop thinking of policing the user and start
thinking of providing a security service. The
default setting of the security service might
include a block on port 80 inbound, but if the
user needs to enable this traffic, give them a
web form that they can use to reconfigure their
settings.
Or, if you can't handle such a variety of
individual ACLs on your equipment, give them
the option of buying a broadband router with
a recommended default config and un-blocked
service.
If the user has to intervene in order to enable
a server type application to function, that
makes it a lot harder for trojan exploits to
take hold.
--Michael Dillon
More information about the NANOG
mailing list