Date: Fri, 21 Mar 2014 12:20:37 -0700 From: "Ronald F. Guilmette" <rfg@tristatelogic.com> Cc: "freebsd-security@freebsd.org" <freebsd-security@freebsd.org> Subject: Re: NTP security hole CVE-2013-5211? Message-ID: <51381.1395429637@server1.tristatelogic.com> In-Reply-To: <AD479A36-993D-442A-AA07-AB52D8198624@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
In message <AD479A36-993D-442A-AA07-AB52D8198624@FreeBSD.org>, Remko Lodder <remko@FreeBSD.org> wrote: >Reading the mails from this thread leads me to believe that there is no >stateful firewall concept in place? I am not the poster to whom you were responding (info@rit.lt), however speaking only for myself I will confess that yes, in my case at least, although I have used ipfw for many years, I have never (until now) found any compelling need to either understand or make use of any of ipfw's stateful capabilities. >In my believing it is so that if you do not filter traffic, you are >making a deliberate choice to let everyone smack your service(s). I personally *do* most certainly filter traffic, and have done, since I first connected *any* machine of mine to the Internet. I can assure yoy that I never made any deliberate choice to let everyone smack me around. Nontheless, that clearly did happen, eventually, when evil-doers decided, relatively recently, to use & abuse me as an NTP reflector, but my participation in this was not in any sense deliberate on my part, and arose strictly out of ignorance, for which I am suitably humbled and apologetic. Regards, rfg
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51381.1395429637>