How to Own the Internet In Your Spare Time

xenofile writes "A chilling paper has recently been posted analyzing the various threats worms pose to the Internet, and the relative ease of exploiting say the 30,000,000 Kazaa hosts to completely cripple large portions of the net." Lots of good stuff in this paper. It sorta combines many things you've probably read, and demonstrates how the net could be seriously taken by someone who wants it.

Sysadmins, reconfigure your firewalls

[geirt]

The obvious solution:

Many sysadmins understand that they need to put their servers behind a firewall, protecting the servers from malicious inbound traffic from the internet. Now is the time to educate these sysadmins that they need to configure the firewalls to also block outbound access from the servers to the internet.

For instance, a web server don't need outbound access to the internet at all, you are not going to use the server to browse the internet, so please block all outbound traffic from the web server. If this server get infected by a new worm, the worm can't spread to other hosts trough http. Simple.

I have read a lot about firewalls lately, most focus on securing the inbound traffic, a few talks about egress filtering to stop address spoofing, but none writes about blocking outbound access from the servers, to stop worms from spreading from your server.

Re:Uh-oh, someone has a superiorty complex.

[MadWilli]

Why further the problem.

Check out this link to begin learning about denial-of-service attacks. Here's another if your appetite for self-education has been whet.