seth vidal wrote:
Hi,
Mike noticed that someone had setup an irc bot running on
fedorapeople.org talking to an irc channel that was not remotely fedora
related. Even if it had been fedora-related it's still not something we
want running
fedorapeople.org. I put in an outgoing port reject to
things bound to 6667. I'll work on a slightly better option soon but I
wanted to let everyone know about this and ask if there were any other
suggestions on how to best block this sort of thing.
Is any outbound NEW connection supposed to be used from
fedorapeople.org
accept maybe for a few named sockets on trusted remote hosts?
If not, I suppose you could lock it down for most of the 65535-give-or-take
ports, with few exceptions for like the Puppet master (but only from/by user
root) and the DNS servers and such and so forth?
Locking it down still sounds fair enough to me, to say the least.
-- Jeroen