[rescue] Fair Warning RPC Worm
Michael A. Turner
mturner at whro.org
Tue Aug 12 14:03:52 CDT 2003
<huge snip>
> >
> >Uhm... I can't understand what is so hard about putting a
> firewall into
> >that place. One day's work and then you are in a whole different
> >posture. Unbelievable. At least for your users!
> >
> >Cripes man!!! This is no way to live!
> >
> >-Daniel
Imagine this. You work in an office with a single T1 that runs in to
the buidling. It is easy to put a firewall in. you make a DMZ with the T1 on
one side and the office on the other no muss no fuss.
Now imagine this. You have a frame relay, 20 T1s,1 DS3, many ISDN
connection, and two total control chasis with 100 modems each. All the ISDN
and Modem people are downstream customers, the T1s and the frame relay both
go downstream to customers and upstream to our providers. The DS3 is
strictly backbone for us. The T1s up stream all go to different providers.
The downstream T1s go to many different schools and areas. In you NOC you
are running just about every app under the sun for these downstream , and
outside, customers. Most of these are using High ports and more need to be
opened at any time. Your Ip range runs from 64.5.129.* to 64.5.156.* but a
lot of those numbers are being used by the downstream school who must be
considered hostile in this case, so simple 64.5.*.* filterring is not going
to work. If you block a port that someone above you wants open then it gets
reopend, like port 135 has to be open so they can use exchange from home
from there provider.
Now the question. Where do you put the one firewall? what do you block?
if you do multiple Firewalls how do you sync all the rules? I would have
snuck one in a while ago if I had a good answer to this question.
Michael A. Turner
Systems Engineer WHRO
michael.turner at whro.org
http://www.whro.org
More information about the rescue
mailing list