[Firehol-support] Key loggers and others that communicate back to a base

[Tsaousis, Costa]

Firehol will do just fine allowing very specific services from your LAN
machines to the internet.
For HTTP/HTTPS I suggest to install a proxy and control the allowed URLs
there. So, direct layer 3 HTTP/HTTPS should not be allowed. Only through
the proxy. Firehol can also setup a transparent HTTP proxy for you (but not
HTTPS - HTTPS cannot be intercepted - the clients will have to be
configured to use the proxy for HTTPS).

Costa



On Wed, Sep 3, 2014 at 1:35 AM, Whit Blauvelt <whit at transpect.com> wrote:

> To the degree it can set what types of services you can be a client of,
> yes.
> But if the key logger or whatever is using an HTTP(S) POST or GET to send
> your data across, and you allow HTTP(S) clients out over the firewall,
> you've still got trouble.
>
> You could allow only HTTP(S) clients to connect to specific IPs. For most
> of
> us, that would be a nonstarter. But if you wanted to have a system that
> could only connect to your bank, and your bank's at a fixed IP, you could
> easily do that.
>
> Whit
>
> On Tue, Sep 02, 2014 at 08:45:14PM +0100, Robin wrote:
> > I feel I need to install a firewall and ubuntu comes with a very simple
> one,
> > but I noticed it did not stop outgoing comms, or provide for a white
> list,
> > dealing with communications going from  key loggers, zombie machines,
> etc.
> > Does firehol help in this regard?
> >
> >
>
> > _______________________________________________
> > Firehol-support mailing list
> > Firehol-support at lists.firehol.org
> > http://lists.firehol.org/mailman/listinfo/firehol-support
>
> _______________________________________________
> Firehol-support mailing list
> Firehol-support at lists.firehol.org
> http://lists.firehol.org/mailman/listinfo/firehol-support
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.firehol.org/pipermail/firehol-support/attachments/20140903/ffad72c6/attachment.html>