Usually, though perhaps only in my organization, most of these outgoing
"attacks" are all if not mostly all but accidents. They're probably running
demo programs that are written to request restricted ports. A good example is
the variety of Web Search programs.
What needs to be enforced is a written/signed agreement that employees must not
attempt to do damage otuside the LAN. It's far more effective to general trust
your users, have them be productive, and raise awareness of netiquette.
Rudy Amid (rudy @
com), Systems "I'm IT!" Administrator NB: IMHO!
>/` Hummingbird Communications, Ltd. 1 Sparks Ave. Toronto, Ont. __
" Canada. M2H 2W1. 416-496-2200 Fax 496-2207 [URL] http://www.hcl.com |
PGP key fingerprint is on my home page at http://www.warped.com/~radix \_)
On Tue, 3 Dec 1996, Pauline van Winsen - Uniq Professional Services wrote:
> the reason i routinely restrict all outgoing traffic to a known set of
> IP address & protocols is that you significantly reduce the chance of
> one of your own users launching attacks on other sites on the Internet.
> the risks to your organisation from this sort of activity may be quite large.
> damage to reputation being the major risk.
> if all sites restricted outgoing traffic to a known set of IP addresses, the
> risk of attacks such as the TCP SYN denial of service attack would be
> reduced as the perpertrators would be easier to track down. this requires
> co-operation from all internet users, but you have to start somewhere.
> Pauline van Winsen pauline @
> Uniq Professional Services Pty Ltd www.uniq.com.au
> PO Box 70, Paddington, NSW 2021, (Sydney) Australia
> Phone: +61-2-9380-6360 Fax: +61-2-9380-6416 Pager: 016 287 000
> "Never try to flirt with your boss... he's your bread & butter and
> not your honey."
> The boss is not your honey - Book 3, Woman's World, circa 1964.