[Intrusions] SSH brute forcers
Ken Connelly
Ken.Connelly at uni.edu
Thu Jun 2 01:05:46 GMT 2005
Merton Campbell Crockett wrote:
>Everyone has ingress security policies and filters but it seems precious
>few have corresponding egress security policies and filters.
>
>If you are not permitting CIDR blocks listed in RFC3330 into your network,
>it would be reasonable not to permit packets from or to those CIDR blocks
>to exit from your network. Using Cisco IOS access lists, it only takes 15
>statements to filter out RFC3330 CIDR blocks and another 24 to filter out
>CIDR blocks that have not yet been assigned by IANA.
>
>
IMHO, a better egress filter is to allow only your internal public
netblock(s) to exit.
- ken
More information about the Intrusions
mailing list