[102928] in North American Network Operators' Group
Re: Customer-facing ACLs
daemon@ATHENA.MIT.EDU (Adrian Chadd)
Sat Mar 8 03:19:24 2008
Date: Sat, 8 Mar 2008 17:28:24 +0900
From: Adrian Chadd <adrian@creative.net.au>
To: Mark Foster <blakjak@blakjak.net>
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.62.0803082034580.11036@maverick.blakjak.net>
Errors-To: owner-nanog@merit.edu
On Sat, Mar 08, 2008, Mark Foster wrote:
>
> To me, at least half the users likely to be running either Linux or Mac
> are going to be the same users who're going to request they be allowed
> outbound SSH.... is the blocking of outbound SSH considered to be
> sufficiently useful that we're advocating it these days?
>
> (Aren't we all just moving SSH to non-standard ports within our
> networks anyway?)
.. I'm surprised botnets aren't big enough right now to do surreptitious port
scans of machines (there's 'only' 64k ports nowdays!) over timeframes measured
in weeks, from arbitrary bots (ie, not a single IP) to get a scanning footprint
to later submit in the "crack" queue.
Makes me think about Google, to be honest.
Who has more machines, botnets, or google? :)
Adrian
