From owner-freebsd-questions@FreeBSD.ORG Fri Aug 22 17:08:49 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4CABE16A4BF for ; Fri, 22 Aug 2003 17:08:49 -0700 (PDT) Received: from lon1-mail-2.visp.demon.net (lon1-mail-2.visp.demon.net [193.195.70.5]) by mx1.FreeBSD.org (Postfix) with ESMTP id 23CCA43F85 for ; Fri, 22 Aug 2003 17:08:48 -0700 (PDT) (envelope-from lewiz@blue.lewiz.org) Received: from mail.lewiz.org (host-70a-en-u-211.dial.beeb.net [62.56.2.211] (may be forged))3.2.1-GA) with ESMTP id ALL28287; Sat, 23 Aug 2003 01:08:41 +0100 (BST) Received: from blue.lewiz.org ([192.168.0.11]) by mail.lewiz.org with smtp (Exim 4.20) id 19qLx5-0001s8-Va for questions@freebsd.org; Sat, 23 Aug 2003 01:08:19 +0100 Received: (nullmailer pid 1392 invoked by uid 4001); Sat, 23 Aug 2003 00:08:28 -0000 Date: Sat, 23 Aug 2003 01:08:28 +0100 From: Lewis Thompson To: FreeBSD-questions Message-ID: <20030823000827.GA1281@lewiz.org> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="HcAYCG3uE/tztfnV" Content-Disposition: inline X-GPG-Fingerprint: 90A4 939E 3847 A3E4 8103 2A48 22DA B428 542F ED3F X-GPG-Info: http://www.westwood.karoo.net/pgpkey / horowitz.surfnet.nl User-Agent: Mutt/1.5.4i X-MailScanner-Information: Please contact the ISP for more information X-MailScanner: Found to be clean Subject: Security question (simple). X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 23 Aug 2003 00:08:49 -0000 --HcAYCG3uE/tztfnV Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi, I'm fairly new to network/machine security (but I know enough to write some firewall rules, just the basics. I guess I'm getting on for novice, or something ;) I'm running two jails on my box, which has a dialup connection to the 'net. It's all firewalled off and only certain things are available =66rom outside. For incoming WWW I have some port-forwarding going on (natd), which bounces it to the httpd running in the jail. Am I right in thinking if I am running some inherently insecure application there is ABSOLUTELY NO WAY anybody can exploit it if it's not listening on the dial-up interface? I mean, without rooting the host system first. Or, if it's not, it's still pretty hard, right? -lewiz. --=20 I was so much older then, I'm younger than that now. --Bob Dylan, 1964. ------------------------------------------------------------------------ -| msn:purple@lewiz.net | jab:lewiz@jabber.org | url:http://lewiz.net |- --HcAYCG3uE/tztfnV Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE/RrB7Itq0KFQv7T8RAvQ8AJ44g7mn1xP3GLW0vggj6QkOuNTUowCg9TTI 2yOeKsujzQH4C9zyxS64gf4= =yriU -----END PGP SIGNATURE----- --HcAYCG3uE/tztfnV--