I typically block all inbound and outbound protocols/ports that are not being used - most commonly used ports 20, 21, 23, 25, 53, 80 and 110.
And, these are by "need to use basis" (except web, email and DNS) only. Based on the Microsoft site, that should resolve the problem. The full URL for the info you posted is: http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/ms02-027.asp Regards, Danny H. Cox Yield Dynamics, Inc. (408) 764-9822 -----Original Message----- From: Brian Fort (Mushkin) [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 11, 2002 5:12 PM To: [EMAIL PROTECTED] Subject: [gb-users] Virtual Cracks and Microsoft Security Bulleting MS02-027 Would a remote access filter block virtual cracks (also called secondary connections)? The reason I ask is because of the latest security bulletin involving Internet Explorer (MS02-027) which can be read at http://www.microsoft.com/technet/treeview/default.asp?url=/technet/secur ity/bulletin/ms02-027.asp. In the FAQ for the bulletin it states: -------------------------------------- Is there anything that can mitigate against this vulnerability? Yes. A successful attack requires that the attacker's server be able to send Gopher traffic to the intended target. Anything which inhibits the attacker's ability to send Gopher traffic would help protect against this vulnerability. Most notably, customers who block access to the Gopher protocol (TCP port 70) at the perimeter firewall would be protected against attempts to exploit this vulnerability across the Internet. -------------------------------------- So I basically need to know if remote access filters supersede virtual cracks. If not, is there anyway to block virtual cracks for the Gopher protocol (i.e. TCP port 70). NOTE: I'm talking about virtual cracks, not connections that are initiated on the external interface of the GNAT Box firewall. Thank You, Brian --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] To subscribe to the digest version first unsubscribe, then e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] Archive of the last 1000 messages: http://www.mail-archive.com/[email protected]
