> >Bottom line: if someone can install arbitrary software on your
> >machines and have it run, and if you allow any form of communication
> >with the outside world, you're pretty much out of luck.
> >
> >--
> >Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
>
> Thanks for your Reply, your answer is what I suspected. Ok so it sounds
> like Web access from inside the Network is risky. Do you know of any
> Firewall which could stop the Bo2k trojan?
>
> How about NOT allowing http access from inside but only E-mail e.g. the
> OpenBsd Firewall is running Sendmail and DNS and only accepting SMTP tcp on
> Port 25 and DNS udp/tcp on Port 53 and redirects to a web server running on
> port 80
> on a FreeBSD Box. The OpenBSD box would also be running pop3 which is only
> accessable from the inside. The inside users send mail via the smtp server
> and receive mail via pop3 but only from the inside. Can a trojan tunnel
> through this??
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
