[jadmin] iptables and Jabber
Matthias Wimmer
m at tthias.eu
Tue Mar 13 02:44:24 CDT 2007
Hi Benjamin!
Benjamin Podszun schrieb:
>
>> Why do you filter outgoing connections at all?
>>
>
> That's reasonable and should be done all the time, imo. Why?
>
Maybe my statement was unclear. It related just to filtering in his
special case: Local machine and filtering based on TCP ports.
> 1) To minimize the impact of any intrusion, which has to connect to the
> outside most of the time (think: Remote shell on Port X. Download malware
> from somewhere. Join a botnet in channel #foobar etc..). You might get
> infected/compromised, but the stuff might be dead code on your machine.
>
This intrusion may just use open ports. E.g. I expect that he has port
80 open and the script will then be able to download files from any
other webserver. IRC port might be open as well.
> 2) Control. I want to specify where each app might connect to.
>
But then you have to use better strategies than selecting accepted
outgoing ports. You will then need more fine-grained control based on
applications and users.
Matthias
More information about the JAdmin
mailing list