[ previous ] [ next ] [ threads ]
 
 From:  A dot L dot M dot Buxey at lboro dot ac dot uk
 To:  Don Munyak <don dot munyak at gmail dot com>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Blocking outbound traffic - concessus
 Date:  Fri, 1 Apr 2005 09:29:01 +0100
Hi,

> What types of traffic are you blocking from a business perspective ? I
> am just curious about what traffic I might want to block in the LAN
> outbound direction..ie P2P, IM, 445 ports.

for the purpose in which we are using/testing m0n0 we are only allowing

80/443 ('web' and 'secure web')
22 ('ssh')
465/993/995 ('SSL mail protocols')
554 ('RTSP')

..and of those, only the required TCP or UDP port.

however, as m0n0 has NO IDEA AT ALL about what the traffic really is
(no packet inspection) anyone with more than half a clue could simply
run whatever they wanted through those open ports. 

such traffic, with our current setup, is actually trapped by a few more boxes
further along the network (and detected with SNORT etc)

alan