[ previous ] [ next ] [ threads ]
 
 From:  Don Munyak <don dot munyak at gmail dot com>
 To:  "A dot L dot M dot Buxey at lboro dot ac dot uk" <A dot L dot M dot Buxey at lboro dot ac dot uk>
 Cc:  m0n0wall at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall] Blocking outbound traffic - concessus
 Date:  Fri, 1 Apr 2005 09:02:21 -0500 
> however, as m0n0 has NO IDEA AT ALL about what the traffic really is
> (no packet inspection) anyone with more than half a clue could simply
> run whatever they wanted through those open ports.

We are running an in-line IPS directly behind m0n0wall for added
layered security, and are quite pleased.

internet--router--m0n0--IPS--lan

You would not beleive the crap the IPS is catching/blocking. 

Anyway, I was originally just wondering how everyone else is doing
things. More to confirm my thoughts as well as improve upon the steps
I've taken.

- Don


On Apr 1, 2005 3:29 AM, A dot L dot M dot Buxey at lboro dot ac dot uk <A dot L dot M dot Buxey at lboro dot ac dot uk> wrote:
> Hi,
> 
> > What types of traffic are you blocking from a business perspective ? I
> > am just curious about what traffic I might want to block in the LAN
> > outbound direction..ie P2P, IM, 445 ports.
> 
> for the purpose in which we are using/testing m0n0 we are only allowing
> 
> 80/443 ('web' and 'secure web')
> 22 ('ssh')
> 465/993/995 ('SSL mail protocols')
> 554 ('RTSP')
> 
> ..and of those, only the required TCP or UDP port.
> 
> however, as m0n0 has NO IDEA AT ALL about what the traffic really is
> (no packet inspection) anyone with more than half a clue could simply
> run whatever they wanted through those open ports.
> 
> such traffic, with our current setup, is actually trapped by a few more boxes
> further along the network (and detected with SNORT etc)
> 
> alan
>