--On Tuesday, August 25, 2009 08:30:17 -0500 Colin Brace <[email protected]> wrote:
Bill, one more thing:
Bill Moran wrote:
You can add an ipfw rule to prevent the script from calling home, which
will effectively render it neutered until you can track down and actually
_fix_ the problem.
Mike Bristow above wrote: "The script is talking to 94.102.51.57 on port
7000". OK, so I how do I know what port the script is using for outgoing
traffic on MY box? 7000 is the remote host port, right?
FWIW, here are my core PF lines:
pass out quick on $ext_if proto 41
pass out quick on gif0 inet6
pass in quick on gif0 inet6 proto icmp6
block in log
That is to say: nothing is allowed in unless explicitly allowed
Everything allowed out.
(plus some ipv6 stuff I was testing with a tunnel)
The problem with blocking outbound ports is that it breaks things in odd ways.
For example, your mail server listens on port 25 (and possibly 465 as well) but
it communicates with connecting clients on whatever ethereal port the client
decided to use. If the port the client selects happens to be in a range that
you are blocking, communication will be impossible and the client will report
that your mail server is non-responsive.
It's much easier to block outgoing ports for services you *don't* want to
offer, but, if the service isn't running anyway, blocking the port is
non-productive.
--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
_______________________________________________
[email protected] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[email protected]"
