Great Circle Associates Firewalls
(February 1997) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: Re: Filtering outbound packets
From: mike @ ptes . com (Mike Bernhardt)
Date: Tue, 4 Feb 1997 12:03:24 -0900
To: msmith @ usair . com, firewalls @ GreatCircle . COM 
Outbound, we only filter for source addresses that are not from our net
i.e. possibly spoofed addresses, or least bad ones. I don't care what
protocols go out, as long as they leave here with legitimate addresses.

At 6:57 AM 2/3/97, Mark Smith wrote:
>What is the general practice for readers of this list on filtering
>outbound packets at the router between the ISP and the DMZ ?
>
>The original intent was to limit the chances of mounting
>attacks/FSP/general bad stuff using our site as base camp.  Now,
>however, we have a mail application which appears to drive the router at
>max CPU, allegedly due to the filtering in place.   That outbound
>filtering allows only the "good" protocols to their known ports.
Indexed By Date Previous: class1 -vs- class 2
From: mdb @ dosmanos . cwiz . com (Martin D. Baldenegro)
Next: Re: Rewriting User Names
From: mike @ ptes . com (Mike Bernhardt)
Indexed By Thread Previous: Filtering outbound packets
From: Mark Smith <msmith @ usair . com>
Next: Re: Filtering outbound packets
From: Paul Ferguson <pferguso @ cisco . com>
Google
 
Search Internet Search www.greatcircle.com