John Nicholls wrote:
>
> [trying to limit outbound access in case of trojans]
>
> How about NOT allowing http access from inside but only E-mail e.g. the
> OpenBsd Firewall is running Sendmail and DNS and only accepting SMTP tcp on
> Port 25 and DNS udp/tcp on Port 53 and redirects to a web server running on
> port 80
> on a FreeBSD Box. The OpenBSD box would also be running pop3 which is only
> accessable from the inside. The inside users send mail via the smtp server
> and receive mail via pop3 but only from the inside. Can a trojan tunnel
> through this??
Well... I've seen TCP implemented on top of DNS. People I know claim to have
seen a slow but working version of NFS implemented on top of e-mail.
As I said: anything can be tunneled on top of everything, and there
isn't a darn thing you can do about it.
However, your approach seems sensible. Your default trojan would
definately attempt port 80 outbound, since this is the most common
port open in the world. Keeping that port closed is likely to make
it much much harder for a trojan to connect out. (But still far
from impossible).
Good luck :)
/Mike
--
Mikael Olsson, EnterNet Sweden AB, Box 393, S-891 28 �RNSK�LDSVIK
Phone: +46 (0)660 29 92 00 Direct: +46 (0)660 29 92 05
Mobile: +46 (0)70 66 77 636 Fax: +46 (0)660 122 50
WWW: http://www.enternet.se/ E-mail: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
