At 07:26 PM 8/1/2001, Delaney, Gavin J (EASD, IT) wrote: >Dave, >Restricting tcp/port80 initiated outbound connections from the DMZ is an >reasonable approach. actually restricting tcp:80 outgoing won't stop the worm from spreading. the worm itself never uses port 80 for outgoing traffic. it will just connect to port 80 but the port on the attacking machine is some regular outgoing port ( > 1024). so one had to deny tcp from server to any 80 cheerz corecode ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Aug 01 2001 - 14:23:31 PDT