-------- From academic-firewalls-owner@net.tamu.edu Fri Jul 19 07:37:00 1996 Organization: NTUA-NOC, National Technical University of Athens, GREECE X-Disclaimer: My opinions do not necessarily represent those of my employer. X-Home-Address: 7 Elvetias St., Agia Paraskevi GR15342, Athens, GREECE X-Home-Phone: +30-1-639-4-638 X-Work-Phone: +30-1-772-1-861 X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Date: Fri, 19 Jul 1996 14:51:29 +0300 (EET DST) From: y.adamopoulos@noc.ntua.gr Reply-To: y.adamopoulos@noc.ntua.gr To: academic-firewalls@net.tamu.edu Subject: outgoing connections restricted? Hi, I want the oppinion of the group on restictions on outgoing connections on academic sites. Do you block outgoing traffic to ports like echo, chargen, r* (or others) regardless to where they are directed? Do you block outgoing connections at all and for what reason? TIA. - -Yiorgos. Y.Adamopoulos@noc.ntua.gr -------- From academic-firewalls-owner@net.tamu.edu Fri Jul 19 08:33:07 1996 In-Reply-To: <199607191151.OAA04206@noc.ntua.gr> Date: Fri, 19 Jul 1996 08:18:02 -0500 From: Doug Hughes To: academic-firewalls@net.tamu.edu Subject: Re: outgoing connections restricted? >Hi, > > >I want the oppinion of the group on restictions on outgoing connections >on academic sites. Do you block outgoing traffic to ports like echo, >chargen, r* (or others) regardless to where they are directed? > >Do you block outgoing connections at all and for what reason? > >TIA. > > >-Yiorgos. > Y.Adamopoulos@noc.ntua.gr > > > It sounds like a nice neighborly thing to do. I can't see any reason to not block chargen and discard access (for those that want to launch denial of service attacks on some other site), unless you have a relatively underpowered router. Each access list you add will have some (perhaps infinitessimal) affect on your router, and may increase latency, which may be important if you have time sensitive applications. - -- ____________________________________________________________________________ Doug Hughes Engineering Network Services System/Net Admin Auburn University doug@eng.auburn.edu -------- From academic-firewalls-owner@net.tamu.edu Fri Jul 19 12:48:02 1996 X-Sun-Charset: US-ASCII Date: Fri, 19 Jul 1996 10:43:16 -0700 From: jhall@sqi.com (John Hall) To: academic-firewalls@net.tamu.edu Subject: Re: outgoing connections restricted? In addition to blocking many of the "privileged" ports that nobody really needs outbound, I suggest filtering anything that is going outbound, but does not have a source IP address from your network. That should make it nearly impossible for someone to setup a spoof attack from your network. - ---------------------------------------------------------------------------- John Hall | jhall@sqi.com | Siemens Medical Systems Inc. Network Administrator | | Ultrasound Group - ---------------------------------------------------------------------------- "Some say the evil of our days is love of machines over people, or of money; others speak of drugs, or of debauchery, but I disagree: it is nothing more than love of authority without responsibility. There is a remedy, but few choose it even for themselves, and fewer still for all." -- H. C., Atropine