Re: How to tell if a Linux machine is a zombie?
On Tue, Jan 09, 2007 at 11:23:56AM -0800, Paul Johnson wrote:
> Douglas Tutty wrote:
>
> > On Mon, Jan 08, 2007 at 10:35:10PM -0800, Paul Johnson wrote:
> >> James Stevenson wrote:
> >>
> >> >> If I understand the matter correctly, a firewall can protect only
> >> >> against incoming messages, and is useless against spyware which
> >> >> "phones home" or zombie-ware which spews email spam.
> >> >
> >> > Not totally correct. A firewall is only as good as the traffic that is
> >> > permitted to flow across it. If you want to block something from
> >> > phoning home then yes you can block outbound traffic as well.
> >>
> >> Blocking outbound traffic on specific ports is the advisable method.
> >> Wholesale blocking outbound traffic might make it interesting to get
> >> internet connectivity.
> >
> > I use shorewall with default block everything all directions then open
> > things up as needed.
>
> I bet you have a rule someplace that allows outgoing traffic that's part of
> an existing connection.
Not that I specifically put in. I __think__ that's part of the
netfilter stuff directly. I just checked my shorewall configs and
there's nothing there allowing anything from the net and very specific
stuff out.
Doug.
Reply to: