[55297] in North American Network Operators' Group
Re: management interface accessability (was Re: Worm / UDP1434)
daemon@ATHENA.MIT.EDU (E.B. Dreger)
Sun Jan 26 16:23:35 2003
Date: Sun, 26 Jan 2003 21:23:01 +0000 (GMT)
From: "E.B. Dreger" <eddy+public+spam@noc.everquick.net>
To: NANOG <nanog@merit.edu>
In-Reply-To: <ROTMAILER.0301261506260.15961-100000@dragon.sauron.net>
Errors-To: owner-nanog-outgoing@merit.edu
RT> Date: Sun, 26 Jan 2003 15:07:41 -0600 (CST)
RT> From: Rob Thomas
RT> This is yet another reason why I tell folks with firewalls
RT> NOT to allow everything from the internal (often mistakenly
RT> labelled "trusted") net to the external nets.
Too true. However, when a company president gets upset because
his kid couldn't play Quake over the network, ports magically
begin to open...
FWIW, it might be good to clarify the "stateful" remark a bit:
Keeping state on all outbound traffic could cause a problem.
However,
check-state
deny udp from any 1434 to any 1434
allow udp from any 1434 to any keep-state
deny udp from any to any 1434
works nicely for blocking the worm.
Eddy
--
Brotsman & Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Date: Mon, 21 May 2001 11:23:58 +0000 (GMT)
From: A Trap <blacklist@brics.com>
To: blacklist@brics.com
Subject: Please ignore this portion of my mail signature.
These last few lines are a trap for address-harvesting spambots.
Do NOT send mail to <blacklist@brics.com>, or you are likely to
be blocked.
