Date: Mon, 27 Nov 2000 00:57:54 -0700 From: Wes Peters <wes@softweyr.com> To: Garrett Wollman <wollman@khavrinen.lcs.mit.edu> Cc: Doug Barton <DougB@FreeBSD.ORG>, freebsd-security@FreeBSD.ORG Subject: Re: NATD: failed to write packet back (Permission denied) Message-ID: <3A221402.D88321D8@softweyr.com> References: <001701c057c4$1e1ac010$0200a8c0@n2> <20001126110756.C34151@149.211.6.64.reflexcom.com> <000b01c057dd$f9423ab0$0200a8c0@n2> <20001126113720.A70192@149.211.6.64.reflexcom.com> <3A2183E7.6039C582@FreeBSD.org> <20001126140033.E70192@149.211.6.64.reflexcom.com> <3A218C5B.9F677E51@FreeBSD.org> <200011270130.UAA88239@khavrinen.lcs.mit.edu>
next in thread | previous in thread | raw e-mail | index | archive | help
Garrett Wollman wrote:
>
> <<On Sun, 26 Nov 2000 14:19:07 -0800, Doug Barton <DougB@FreeBSD.ORG> said:
> > allow udp from any to any out
>
> > But that's for my private home network. I trust myself to only send out
> > useful, productive packets. :)
>
> I must admit to being puzzled by home firewalls, at least among this
> group of people. If you've got some promiscuous operating system from
> Washington State running, I can somewhat understand doing that. If
> you just have a single machine, which is under your direct control,
> then doing packet filtering is just silly. If your machine is
My "machine"? You certainly don't understand my basement/network operating
center, which includes a mixture of Free/Net/OpenBSD, Solaris, various
Windows, and a lone Atari 520ST. OK, so the Atari isn't really on the
network.
> properly configured and secured, filtering out packets which would
> otherwise be thrown away anyway serves no useful purpose. (If the
> bandwidth potentially wasted matters to you, that's a problem you have
> to deal with at the upstream side anyway.)
Since I have T-1 speeds coming into said basement, it is entirely likely
that somebody may notice and attempt to hijack one or more of my machines
to use in a DDOS attack. In fact, somebody already has tried. And failed.
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
wes@softweyr.com http://softweyr.com/
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A221402.D88321D8>