Answer the question
In order to leave comments, you need to log in
Is it dangerous and what is the risk of open outgoing ports on a combat web server on which both the muzzle and the backend run?
Incoming ports are all closed (well, except for the 80th and rdp)
Answer the question
In order to leave comments, you need to log in
Solely to control that nothing extra on the server side will establish outgoing connections, it is reasonable to close all outgoing ports except those allowed. BackConnect is the traditional way to work with a captured machine (the machine itself connects to the one who captured it).
Advantages of such control. If BackConnect occupies an existing port, then some important application will not be able to occupy it, it will fall, it will become clear from the logs that the port is busy.
If BackConnect takes a new port, it will add a new rule, and the new firewall rule will be noticed.
This is theory. Never cared so much about protection. Didn't have time to set up the server.
If speech about a traffic outside - that like is not fraught. But the paranoid inside of you has to assess the risk for himself.
When a connection is established by any application, the system selects any free port. Therefore, "closing" outgoing ports means blocking access to applications anywhere on the Internet. If not a single application on your server (which is unrealistic) needs to go somewhere on the Internet, feel free to close it.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question