On Fri, Jun 15, 2001 at 07:19:29PM +0100, Robert Davies wrote: > On Friday 15 June 2001 17:56, Eric N. Valor wrote: > > At 07:03 AM 6/15/2001 -0500, Bryan Walton wrote: > > > For instance, I > > had a user-administered system sitting outside our firewall come up with > > an > > IRC robot due to a DNS-based crack. > > > > However, if I'd suddenly seen > > port 6667 traffic trying to leave the system (the usual IRC port) I'd > > have > > known something funny was going on. Only after the box was turned into > > skript-kiddie scanner and I received a few polite notifications did I > > realize there was a problem and take steps to rectify. > > <snip> > > Yes, having a default DENY on the output chain is a bit more work, but it > > also allows you to do a daily audit of possible problems. It all depends > > on your determined security stance. > > So are my assumptions innacurate? If not what real benefit does a policy of > deny on the output chain have for a home system (not commercial firewall > installation)? Just reread his explanation. If someone is able to get a program on a system inside your home network, they can have that initiate the connection and work from there. No incoming connections needed. Most common case are script kiddies with scanners or ddos trojans; they (usually) use an irc server to `command' their army. Regards, Filip -- hundred-and-one symptoms of being an internet addict: 79. All of your most erotic dreams have a scrollbar at the right side.
Description: PGP signature