From owner-freebsd-security@FreeBSD.ORG  Sat Dec 24 22:48:33 2011
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id DD5D41065672
	for <freebsd-security@freebsd.org>;
	Sat, 24 Dec 2011 22:48:33 +0000 (UTC)
	(envelope-from steve@localhost.lu)
Received: from zimbra.iongroup.lu (zimbra.iongroup.lu [85.93.212.20])
	by mx1.freebsd.org (Postfix) with ESMTP id 9A81E8FC16
	for <freebsd-security@freebsd.org>;
	Sat, 24 Dec 2011 22:48:33 +0000 (UTC)
Received: from localhost (localhost.localdomain [127.0.0.1])
	by zimbra.iongroup.lu (Postfix) with ESMTP id 86EC671E10A;
	Sat, 24 Dec 2011 23:31:13 +0100 (CET)
Received: from zimbra.iongroup.lu ([127.0.0.1])
	by localhost (zimbra.iongroup.lu [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id yNwz+f325Mk7; Sat, 24 Dec 2011 23:31:12 +0100 (CET)
Received: from [192.168.178.37] (unknown [94.252.118.123])
	by zimbra.iongroup.lu (Postfix) with ESMTPSA id C286971E0B4;
	Sat, 24 Dec 2011 23:31:12 +0100 (CET)
Mime-Version: 1.0 (Apple Message framework v1251.1)
Content-Type: text/plain; charset=iso-8859-1
From: Steve Clement <steve@localhost.lu>
In-Reply-To: <alpine.BSF.2.00.1112241603370.24400@freeman.4gh.net>
Date: Sat, 24 Dec 2011 23:31:11 +0100
Content-Transfer-Encoding: quoted-printable
Message-Id: <35589C3B-0C5F-4260-A2AD-386C2B19756C@localhost.lu>
References: <4EF4A120.1000305@freebsd.org>
	<20111223195713.GA61589@server.vk2pj.dyndns.org>
	<CAPjTQNExAg5UrtvcH3rsX_S_Odjuhi=wRLL7BpgR_SwJR706HA@mail.gmail.com>
	<alpine.BSF.2.00.1112241603370.24400@freeman.4gh.net>
To: Stuart Barkley <stuartb@4gh.net>
X-Mailer: Apple Mail (2.1251.1)
Cc: freebsd-security@freebsd.org
Subject: Re: Merry Christmas from the FreeBSD Security Team
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Dec 2011 22:48:33 -0000

On Dec 24, 2011, at 10:21 PM, Stuart Barkley wrote:

>> The solution for this situation is BalaBit SCB.
>>=20
>> http://www.balabit.com/network-security/scb
>=20
> This had me scared for a bit, but it looks like an interesting box.

This scare me too. And IMHO reading your logs would help as well.

Putting another layer on top of it (which might have additional vulns =
etc etc) only makes it more obscure.
It also won't save you if you never read your logs until now.

So rock over to: /var/log and have fun ;)

cheers,

Steve
--=20
The Hackerspace in Luxembourg!
SYN2cat Hackerspace.lu A.S.B.L.
11, rue du Cimeti=E8re | L-8018 Strassen
http://www.hacker.lu
xmpp:SteveClement@jabber.hackerspaces.org
mailto:steve@localhost.lu
https://www.twitter.com/SteveClement
.lu: +352 20 333 55 65