| ▲ | ninkendo 6 hours ago | |||||||||||||||||||||||||
> But it's often disabled for the same reason as having router-level firewalls in the first place. Yeah, anything that allows hosts to signal that they want to accept connections, is likely the first thing a typical admin would want to turn off. It’s interesting because nowadays it’s egress that is the real worry. The first thing malware does is phone home to its CNC address and that connection is used to actually control nodes in a bot net. Ingress being disabled doesn’t really net you all that much nowadays when it comes to restricting malware. In an ideal world we’d have IPv6 in the 90’s and it would have been “normal” for firewalls to be things you have on your local machine, and not at the router level, and allowing ports is something the OS can prompt the user to do (similar to how Windows does it today with “do you want to allow this application to listen for connections” prompt.) But even if that were the case I’m sure we would have still added “block all ingress” as a best practice for firewalls along the way regardless. | ||||||||||||||||||||||||||
| ▲ | forgotaccount3 5 hours ago | parent [-] | |||||||||||||||||||||||||
> Ingress being disabled doesn’t really net you all that much nowadays when it comes to restricting malware. But how much of this is because ingress is typically disabled so ingress attacks are less valuable relative to exploiting humans in the loop to install something that ends up using egress as part of it's function. | ||||||||||||||||||||||||||
| ||||||||||||||||||||||||||