From owner-freebsd-security Sun Sep 26 9: 4:43 1999 Delivered-To: freebsd-security@freebsd.org Received: from lariat.lariat.org (lariat.lariat.org [206.100.185.2]) by hub.freebsd.org (Postfix) with ESMTP id 285D014A05 for ; Sun, 26 Sep 1999 09:04:40 -0700 (PDT) (envelope-from brett@lariat.org) Received: from mustang (IDENT:ppp0.lariat.org@lariat.lariat.org [206.100.185.2]) by lariat.lariat.org (8.9.3/8.9.3) with ESMTP id KAA20546; Sun, 26 Sep 1999 10:04:32 -0600 (MDT) Message-Id: <4.2.0.58.19990926092055.0472f9d0@localhost> X-Sender: brett@localhost X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Sun, 26 Sep 1999 09:22:52 -0600 To: Ollivier Robert , freebsd-security@FreeBSD.ORG From: Brett Glass Subject: Re: default rc.firewall In-Reply-To: <19990926123539.C18956@keltia.freenix.fr> References: <4.2.0.58.19990924115715.0480e340@localhost> <4.2.0.58.19990924113626.0480db00@localhost> <4.2.0.58.19990924111600.04809a90@localhost> <3.0.5.32.19990923152232.007c94c0@memes.com> <199909241733.LAA27644@mt.sri.com> <4.2.0.58.19990924113626.0480db00@localhost> <199909241749.LAA27881@mt.sri.com> <4.2.0.58.19990924115715.0480e340@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At 12:35 PM 9/26/99 +0200, Ollivier Robert wrote: >Anyone running IIS on a public machine is waiting/asking for security problems. You'd be amazed at how many folks are ABSOLUTELY ADAMANT about it. Microsoft has gotten them "locked in" via SQL Server and ASPs, and they are in denial about the risks. I try to help them firewall, but warn them that firewalls cannot do much good when you can break in via HTTP and exploit the hack via port 80. --Brett To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message