Date: Sun, 20 Sep 1998 01:32:23 +0000 From: Niall Smart <rotel@indigo.ie> To: Terry Lambert <tlambert@primenet.com>, rotel@indigo.ie Cc: sthaug@nethelp.no, hackers@FreeBSD.ORG, questions@FreeBSD.ORG Subject: Re: problem using 3 x znyx314 cards for 12 de ethernets Message-ID: <199809200032.BAA05064@indigo.ie> In-Reply-To: <199809180311.UAA00693@usr04.primenet.com>; Terry Lambert <tlambert@primenet.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sep 18, 3:11am, Terry Lambert wrote: } Subject: Re: problem using 3 x znyx314 cards for 12 de ethernets > > These are different issues, someone can be partly responsible for > > a smurf attack without ever realising it and (more importantly) > > without _their_ security/quality of service being compromised. I > > don't care how many boxes get hacked as long as they aren't mine, > > but it's reasonable to complain about a configuration which makes > > it too easy for script kiddies to exploit the ineptitude or > > carelessness of admins to affect _other_ competant and careful > > admins boxes. > > > > It's akin to shipping sendmail with open relaying. > > If you want a C2 hardened system, quit pussyfooting around and start > addressing the real issues leading up to C2 certification. I'm not familiar with the orange book in any detail but suspect C2 hardening would be of little more use than providing a checkbox in a feature list; seeing C2 Solaris rooted by a standard exploit doesn't exactly engender confidence in the level of real-world security required for certification. > Otherwise, > griping about something that will never happen given a correctly > configured firewall, and which "fixing" will break a behaviour that > is universally known to be useful, seems a bit counter-productive. Its unfortunate that useful and well-known features are often both insecure and acheiveable through secure means. :) How about a compromise - no replies to broadcast ping's from outside the hosts subnet by default? Niall -- Niall Smart, rotel@indigo.ie. Amaze your friends and annoy your enemies: echo '#define if(x) if (!(x))' >> /usr/include/stdio.h To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199809200032.BAA05064>