BLU Discuss list archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Discuss] web server can't see out but others can see in

Subject: [Discuss] web server can't see out but others can see in
From: richard.pieri at gmail.com (Rich Pieri)
Date: Wed, 26 Sep 2012 15:59:52 -0400
In-reply-to: <20120926191020.GM5298@dragontoe.org>
References: <CADVqGWB_=dyrxNRXMPLr3kLtMaoGS9McPX1WLUV0eqH3=EXy4g@mail.gmail.com> <D1B1A95FBDCF7341AC8EB0A97FCCC477197BE8EB@SN2PRD0410MB372.namprd04.prod.outlook.com> <20120926191020.GM5298@dragontoe.org>

On Wed, 26 Sep 2012 14:10:20 -0500
Derek Martin <invalid at pizzashack.org> wrote:

> Agreed... though if the web server is the only service that's
> listening to external connections, or all the other listening services
> are blocked off by a firewall, again there's not much difference in
> risk, with the latter being a little weaker than the former (as your
> firewall may be buggy/broken).

Meh. I'm more concerned about hosting an exposed server in a virtual
guest on the private network. Ask Google about VMware and VirtualBox
guest privilege escalation advisories. The server should be in a DMZ
where it can't be used as a proxy against the internal network.

-- 
Rich P.

References:
- [Discuss] web server can't see out but others can see in
  - From: eric at aaca-boston.org (Eric Chadbourne)
- [Discuss] web server can't see out but others can see in
  - From: blu at nedharvey.com (Edward Ned Harvey (blu))
- [Discuss] web server can't see out but others can see in
  - From: invalid at pizzashack.org (Derek Martin)

Prev by Date: [Discuss] web server can't see out but others can see in
Next by Date: [Discuss] web server can't see out but others can see in
Previous by thread: [Discuss] web server can't see out but others can see in
Next by thread: [Discuss] web server can't see out but others can see in
Index(es):
- Date
- Thread


BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Boston Linux & Unix / webmaster@blu.org