Some protocols are inherently unsafe so that allowing your users to
communicate out with them simultaneously allows outside users access to your
internal network. Many of these are the CHATT protocols like IRC or ICQ.
Basically many chat or peer-to-peer protocols work by allowing any one who
joins the group to communicate directly with anyone else in the group. the
server broadcasts the port the your client is using so others can now send
directly to that user as an established connection (by relaying through the
server that your client has connected to). This bypasses all your rules about
preventing external users inside.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of [EMAIL PROTECTED]
Sent: Thursday, May 24, 2001 14:28
To: [EMAIL PROTECTED]
Subject: Allowing outgoing services
OK, this could be a silly question, but it never hurts to ask. (I hope.) Let's say I generally trust all of our internal users. What are the downsides to allowing all services from our internal users going out to the internet? (Of course I would be limiting the incoming services.) Any major problem with this that I am missing? Thanks.
Scott
