[unisog] Blocking inbound Internet traffic

Gary Flynn flynngn at jmu.edu
Thu May 8 15:04:29 GMT 2003


Reg Quinton wrote:
>>I'm wondering just how blocking inbound TCP connections really helps.
>>Have you just bought some time? Won't the p2p applications just take
>>over your bandwidth?
> 
> 
> I think there are two issues here -- 1) p2p apps (bandwidth); 2) security
> (eg. no admin password).
> 
> On 1) blocking inbound TCP helps but isn't a complete solution.
> 
> On 2) it helps a lot -- it's hard to compromise a machine if you can't
> connect to a service.

The security aspect is the issue I'm most interested in.
Obviously it would drastically reduce compromises due
to poorly maintained servers and rogue trojan/ssh ports
(though nothing for user loaded IRC BOTS). Our Network
Services group is more interested in the measure as a
bandwidth management issue.

It would seem to me that the next step in p2p will be
encrypted communications on port 80. Might even start
using web services and XML to describe music! :) Once
its encrypted through an open port, nothing short of forcing
all web services through a proxy is going to be able to
manage it individually. Raw bandwidth limits per IP will still
be possible though.

If ISPs and universities start refusing incoming connection
requests, I would guess the p2p apps would migrate to
a polling architecture similar to the IRC BOTS that now
seem to be so popular with malware. They'll work fine
under incoming connection restrictions.

Would it be safe to assume that the majority of institutions
on this list do NOT block services in RESNET?

-- 
Gary Flynn
Security Engineer - Technical Services
James Madison University

Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe



More information about the unisog mailing list