From owner-freebsd-security Sun Mar 26 23:33:25 1995 Return-Path: security-owner Received: (from majordom@localhost) by freefall.cdrom.com (8.6.10/8.6.6) id XAA10521 for security-outgoing; Sun, 26 Mar 1995 23:33:25 -0800 Received: from pluto.ops.NeoSoft.com (root@pluto.ops.NeoSoft.COM [198.64.212.23]) by freefall.cdrom.com (8.6.10/8.6.6) with ESMTP id XAA10511 for ; Sun, 26 Mar 1995 23:33:23 -0800 Received: from metal.ops.neosoft.com (root@glenn-slip45.nmt.edu [129.138.5.145]) by pluto.ops.NeoSoft.com (8.6.10/8.6.10) with ESMTP id BAA24902; Mon, 27 Mar 1995 01:33:09 -0600 Received: (from smace@localhost) by metal.ops.neosoft.com (8.6.11/8.6.10) id AAA00466; Mon, 27 Mar 1995 00:10:47 -0700 From: Scott Mace Message-Id: <199503270710.AAA00466@metal.ops.neosoft.com> Subject: Re: your mail To: jkh@violet.berkeley.edu (Jordan K. Hubbard) Date: Mon, 27 Mar 1995 00:10:46 -0700 (MST) Cc: security@FreeBSD.org In-Reply-To: <199503270551.VAA06922@violet.berkeley.edu> from "Jordan K. Hubbard" at Mar 26, 95 09:51:52 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Content-Length: 2588 Sender: security-owner@FreeBSD.org Precedence: bulk > > Path: agate!spool.mu.edu!uwm.edu!news.alpha.net!solaris.cc.vt.edu!swiss.ans.net!potogold.rmii.com!craig.vaultbbs.com!csteiner > From: csteiner@vaultbbs.com (Craig Steiner) > Newsgroups: comp.os.386bsd.questions > Subject: FreeBSD vs. Satan & Security > Date: Sun, 26 Mar 1995 23:38:03 > Organization: Vault Information Services > Lines: 26 > Distribution: world > Message-ID: > NNTP-Posting-Host: craig.vaultbbs.com > X-Newsreader: Trumpet for Windows [Version 1.0 Rev A] > > I assume I am not the only one who has heard about a program called "Satan" > which is going to be released in early April. Apparently it's a program to > help system administrators find holes in their system security--the only > catch being that anyone in the world will be able to run it against any system > on the net. So obviously it'll be a great tool for hackers... > > Does anyone know how FreeBSD 2.0 will stack up against this program? Are we > going to have a bunch of holes discovered by teenagers just looking to make > life difficult for us? > > Also, in Linux and System-V systems there are files called hosts.deny and > hosts.allow that allow you to allow/deny access to specific hosts on the net > to particular services (or all services). Are there any equivalents in BSD? > I've read over the TCP/IP Admin. manual as well as scanned the man pages and I hosts.allow and deny are simply from the cert tcp wrappers... I KNOW thats all the Linux ones are.... > can't find anything. I have a number of sites that I'd like to block access > from before the Satan program is released. As far as I'm concerned if your system is on the net and not firewalled you are asking for it. My system for example alows everything out, but only alows smtp, ftp and telnet (the latter two from only one secure site). A couple of other harmless things are opened up for me also... I don't use the firewall built into freebsd. I use a firewall developed at NeoSoft Inc. If works on any bsd derrived system. There is one reason that I don't use the one built into freebsd because it can be modified when the system is up. The NeoSoft firewall is compiled into the kernel, (which in turn can be set schg) so it becomes very hard for someone to modify your firewall should they somehow get in... I think this is a crucial point if your machine is protecting other machines.... SATAN is going to hurt others alot more than it will ever hurt FreeBSD. Simply due to the fact that compared to other OS's on the net, FreeBSD is a minority... Scott