22 Jul
2004
22 Jul
'04
9:25 a.m.
Hi Thierry,
On Thu, 22 Jul 2004, Thierry Coutelier wrote:
No the idea is much better. With this reverse-firewall
it will stop dub
end-users
from sending attacks to other sites. The firewall could disallow source
IP spoofing.
It could filter out allthose 135-139 ports that go out.
You would protecccccc the Internet from a lot of attaks with this.
Hackers would anyway soon find a way around the box so it would not
help for those.
How can a normal firewall not be configured to do exactly the same?
Maybe most people configure their firewall to regulate incoming
traffic only, but I have a couple not-so-small thingies here that
*do* filter outbound traffic too.
Also, filtering 135-139 should be standard (in more serious setups
anyway) - even many ISPs actually do this. Thanks MS for another of
those huge security holes...
| Btw, some providers force a redirect of SMTP traffic
to their
| own mailserver. Have a look at:
|
| http://www.init7.ch/anti-spam/index.php
|
| No idea how they handle smtp-auth to other servers...
I don't like the idea. Only introduces problem for stand-alone mail
servers as ours.
AFAIK, the LiLux mailserver has a static IP, and it doesn't
exactly fit into the dial-up category. I guess technically,
it could quite simply use mailsvr.pt.lu as smarthost also.
Greets Eric