I have a Cisco PIX 501 and a dream...
I am not so concerned with malicious INBOUND traffic. My concern is with the risks from trojans and keyloggers etc - traffic EXITING my PC. I'm thinking that if I deny ALL outbound traffic then allow on a connection(port) by connection basis that I can see both what is trying to exit and then better understand and control it.
I would like to know how I can FIRST deny ALL outbound traffic from exiting my PC.
QUESTION: What is the syntax to stop ALL outbound traffic? Is it: "access-list deny_outbound deny tcp any any eq"? Then: "write mem" or "write memory" to set the changes?
Once all outbound traffic is denied I would like to allow traffic to exit on a port by port basis.
Right off I know that I want to allow outbound traffic to exit from port 80, 21, etc. What is the syntax for this? (I understand that a trojan or keylogger can be configured to use HTTP port 80, or other "trusted" ports" but that is for another post in another newsgroup.)
QUESTION: Please, what is the syntax for opening port 80 after it being closed by the "deny" command? And how do I seal the deal after entering that command - write mem?
- config t
- "write memory
Does anyone have the foggiest clue what I'm asking and how I might better do what I'm trying to do?
Please help me realize my dream. And thank you so much to the people that have helped me get this far, I seriously appreciate it. This stuff is pretty tricky and most of my friends are criminal types that are either in jail or don't have Cisco PIX's.
PS: To those that think that because they know more about something than someone else that they have the right to be smart asses.. You don't. Saying things like "just don't install keyloggers" is pretty stupid but let me point out the obvious. People don't install keyloggers on their own machines then ask how to protect against them. Well, maybe people by where you live but not where I'm from.
PPS: To those that can't tell that I'm kinda joking around and kinda serious and kinda frustrated etc... Don't worry about it, it's just a Usenet post, nothing to get exited about and guess what? You don't have to reply if you don't want to!!!!!! Seriously, you can just click on the next post and I swear you'll be ok!
PPPS: In case it's not obvious some fools give me shi* for my lack of firewall knowledge to the point of emailing me, suggesting that I give up computing etc.. It's kinda funny but a little scary at the same time...