Date: Mon, 6 Sep 1999 20:13:08 +0200 From: Brad Knowles <blk@skynet.be> To: Mike Smith <mike@smith.net.au> Cc: freebsd-questions@freebsd.org, freebsd-stable@freebsd.org Subject: Re: softupdates in latest build? Message-ID: <v04205531b3f9b409c3d7@[195.238.1.121]> In-Reply-To: <199909061741.KAA19927@dingo.cdrom.com> References: <199909061741.KAA19927@dingo.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
At 10:41 AM -0700 1999/9/6, Mike Smith wrote: > By the time an attacker has enough access rights on > your system to make use of the packet filter, they have enough access > rights to add it if it's not there. That's certainly true. However, if this feature is disabled by default, this throws just one more roadblock in front of some script kiddie that might want to break into your system. It won't stop a determined cracker (nothing will), and it won't stop someone with half an ounce of intelligence (they can just rebuild the kernel), but if you at least turn this off by default then they're forced to rebuild the kernel in order to enable this feature, and that would require a reboot. That might just make the system that much more noticable if someone tries to crack into it and install a password sniffer, and that much less easy to compromise security at that site. -- These are my opinions -- not to be taken as official Skynet policy ____________________________________________________________________ |o| Brad Knowles, <blk@skynet.be> Belgacom Skynet NV/SA |o| |o| Systems Architect, News & FTP Admin Rue Col. Bourg, 124 |o| |o| Phone/Fax: +32-2-706.11.11/12.49 B-1140 Brussels |o| |o| http://www.skynet.be Belgium |o| \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ Unix is like a wigwam -- no Gates, no Windows, and an Apache inside. Unix is very user-friendly. It's just picky who its friends are. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04205531b3f9b409c3d7>