[Dshield] Zombie Prevention : May I Sample Some Opinion?

Frank Knobbe frank at knobbe.us
Tue Nov 15 22:41:49 GMT 2005


On Tue, 2005-11-15 at 11:22 -0500, David Cary Hart wrote:
> What's the thinking du jour on p2p, IM, IRC and BitTorrent? Help me out
> here, folks, without creating a thesis, what are some of the basics that
> I am overlooking?

Heh... the obvious? ;)

Default deny on outbound firewall rules. Only allow what is necessary
for business. For the most part, employees don't need to listen to
RealAudio, use IM, do P2P, etc. Use proxies for FTP/HTTP. No
straight-out SMTP (that should be relayed through your servers). I would
also not allow POP3 to the outside and prevent use of webmail services
(through DNS blackholing or fw filters).

Keeping your outbound access very tight goes a long way in preventing
zombies.

Cheers,
Frank

PS: Host-based hardening still applies of course...

-- 
It is said that the Internet is a public utility. As such, it is best
compared to a sewer. A big, fat pipe with a bunch of crap sloshing
against your ports.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part
Url : http://www.dshield.org/pipermail/list/attachments/20051115/50812f35/attachment.bin


More information about the list mailing list