Wired mag article on spammers playing traceroute games with trojaned boxes

Michael.Dillon at radianz.com Michael.Dillon at radianz.com
Fri Oct 10 10:32:36 UTC 2003


>I mentioned before that it doesn't really make much sense with web 
>hosting because the port can easily be changed so it's not very effective 

>at all. 

Stop thinking of policing the user and start
thinking of providing a security service. The
default setting of the security service might
include a block on port 80 inbound, but if the
user needs to enable this traffic, give them a
web form that they can use to reconfigure their
settings.

Or, if you can't handle such a variety of
individual ACLs on your equipment, give them
the option of buying a broadband router with 
a recommended default config and un-blocked
service.

If the user has to intervene in order to enable
a server type application to function, that
makes it a lot harder for trojan exploits to
take hold.

--Michael Dillon





More information about the NANOG mailing list