|
![](/i/fill.gif) |
>> To this day I have never yet seem a firewall which blocks *outbound*
>> traffic. So I don't see why this would even be an issue.
>>
>
> That's because you haven't seen many firewalls!
>
> At my current place of employment, there are three different layers of
> firewalls between the user environment and the public Internet. not only
> do each layer block unauthorized traffic in both directions, there isn't
> even a default route out to the Internet. You need to talk to the proxy
> server infrastructure, and it only accepts specific ports.
>
> And looking in the other direction, there are also firewalls between the
> labs, UAT environments, and regular network, as well as protecting the
> mainframes from the unwashed masses.
>
> For B2B extranets, it's even more prevalent. There, firewalls will
> usually also be very strict in what they allow out, because the last
> thing you want is a letter from the legal dept. of Boeing, NASA, or say,
> the London Stock Exchange saying you are trying to infect their network
> with bots.
And you're seriously saying that somebody would go to all that trouble,
and then allow arbitrary Internet traffic so long as it's on TCP port 80?
Post a reply to this message
|
![](/i/fill.gif) |