Is it recommended to allow all outgoing connections from your
firewall??
Hunter Fuller
hackmiester at hackmiester.com
Tue May 16 15:34:36 PDT 2006
On 11 May 2006, at 1:56 AM, pauls at utdallas.edu wrote:
> --On May 10, 2006 6:22:11 PM -0700 Mark Jayson Alvarez
> <jay2xra at yahoo.com> wrote:
> Because if the machine has been compromised, it doesn't *matter*
> what the outgoing ruleset is. Or what anything else is, for that
> matter.
What if you're not in, but you can initiate an outgoing connection?
From a buggy PHP script on a web server for example?
>
> If I hack your box, one of the first things I'm going to do is
> install a rootkit. Then I'm going to wipe the logs of any evidence
> of my entry (but leave them intact otherwise), clean my tracks from
> the shell history file and remove any other evidence of my
> presence. "Bypassing" your firewall rules is the least of my worries.
>
> Paul Schmehl (pauls at utdallas.edu)
> Adjunct Information Security Officer
> The University of Texas at Dallas
> http://www.utdallas.edu/ir/security/
More information about the freebsd-questions
mailing list