Slashdot Mirror

← Back to Stories (view on slashdot.org)

Reverse Firewalls As An Anti-Spam Tool

Posted by timothy on from the to-each-his-own dept.

An anonymous reader writes "VeriSign's principal scientist Phillip Hallam-Baker believes one answer to stopping spammers and even crackers is by using reverse firewalls. He says reverse firewalls should be embedded in every cable modem and wireless access point for home users. "A traditional firewall is designed to stop attacks from the outside coming in; a reverse firewall stops an attack going out," Hallam-Baker said. Apparently, a reverse firewall would reduce the value of recruiting your home PC as a member of a botnet because "normal users have no need to send out floods of e-mail, which reverse firewalls can stop, but they do allow a normal flow of e-mail. ""

7 of 513 comments (clear)

  1. Great Reverse Firewall for Mac OS X by toupsie · · Score: 4, Informative
    If you have got a Mac, there is a program called "Little Snitch" that is an excellent reverse firewall. While I am not worried as much about my Mac becoming a part of a botnet, it is amazing to see how often my installed software packages want to "phone home". I have even caught third party web advertisers wanting to open ports outside of 80 and 443.

    A cable modem with a reverse firewall sounds nice but I would rather handle this at the CPU level. I want to choose what to block and accept.

    --
    Strange women lying in ponds distributing swords is no basis for a system of government.
  2. Re:And who will control what to control? by Capt'n+Hector · · Score: 4, Informative

    Put away that tin foil hat. Would you say the same thing about normal firewalls? After all, normal firewalls don't allow traffic from Bittorrent, most online games, etc etc etc without configuration. So.... "Who will control what defines an attack?" The answer is, as always, you.

    --
    Quid festinatio swallonis est aetherfuga inonusti?
    Africus aut Europaeus?
  3. Re:Oh yeah, router manufacturers will buy this... by comet_11 · · Score: 4, Informative

    For the love of jesus, I hate any slashdot article relating to viruses. I have to read through comment after comment using the accursed "virii".

    "Virii" is, and let me put this gently, not a goddamn word. I say this not just for your sake, but in the hope that at least a hundredth of the people operating under this painful warping of the english language. Read this, I beg you, and stop making me - and anyone who knows the word - cringe.

    --
    By reading this comment, you immediately waive any and all rights regarding it.
  4. Re:A better idea... by PetoskeyGuy · · Score: 5, Informative

    Enhanced SMTP better known as ESMTP is not hypothetical. It's out there, it works, mail clients know about it. It's optional and most ISP's I've used don't have strong authentication. They could, but choose not to. Search Google for Ehanced SMTP or you'll find an ESMTP mail server.

    It seems your proposing the same argument the article does. Basically security needs to be enabled by default. The internet is no longer a place where you can trust. They are suggesting a hardware fix, your suggesting software.

    Either way it will most likely require some pretty big players like AOL or Microsoft to implement it before it would achieve critical mass. Designing a different way of doing things isn't hard, it's getting everyone else to agree to it and use it.

    AOL started implementing SPF to stop spam. If AOL/MSN/Yahoo all decide to stop accepting mail that doesn't come form SPF using sites, adoption should happen in about a fortnight.

  5. Re:Obligitory form-letter post by Artega+VH · · Score: 4, Informative

    Did you select from that "form" randomly or did you want to actually make an insighful point?

    (x) Users of email will not put up with it
    Actually if implemented properly (allowing people to configure it) people WILL put up with it..

    (x) Requires immediate total cooperation from everybody at once
    No. Every user that gets one of these things helps.

    (x) Lack of centrally controlling authority for email
    Huh?

    (x) Open relays in foreign countries
    No. Every user that gets this helps.

    (x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical
    I think this is practical. Just like a regular firewall is practical. (Might as well make this thing a proper full blown hardware firewall)

    (x) Countermeasures should not involve sabotage of public networks
    (x) Countermeasures must work if phased in gradually
    Pardon?

    (x) This is a stupid idea, and you're a stupid company for suggesting it.
    Yes - very amusing. We're all laughing at your stupidity.

    This is not a fix-all solution. But it's a simple solution that would help to alleviate some of the spam problem.

    --
    groklaw, wired and slashdot. The holy trinity of work based time wasting.
  6. Just to be pedantic by fishbot · · Score: 4, Informative

    but a firewall is a piece of software which allows or denies packets based on their properties; it cares not in which direction they are flowing.

    A reverse firewall, then, is just a firewall. It's like the difference between a slash and a forward slash (pet peeve). In fact, if you use an iptables or ipchains firewall, you only need a few extra rules to implement this on your gateway machine.

  7. Re:This isn't normal behavior? by 13Echo · · Score: 4, Informative

    It is strange that people working for free, I am talking open source here, do not produce something that is useful for home users. All the OSS firewalls I have looked out require you to have a good to expert knowledge (depending on firewall) of networking in order to effectivly use them. They all seem to be just creating replacements for professional products rather than somehting that is useable by the average Joe.


    You mean, like Firestarter?

    http://firestarter.sourceforge.net/

    It doesn't require any knowledge to configure the firewall.