> Consider espionage. The information goes out. And what is worse, if someone uses something like scp/ssh, you might get a whiff of it even if you are running monitoring tools.
Not only that, it becomes easier for a malicious user to attack other companies if all outbound access is allowed. For example, if only the http port is open such a user might not be able to use an exploit for ssh against an external host. Lots of small reasons like this why opening *ALL* outbound ports might not be a great idea. With Regards, Sumit Dhar http://www.rootshell.be/~dhar
