Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 14 Nov 2004 02:58:54 -0800
From:      "Loren M. Lang" <lorenl@alzatex.com>
To:        Jonathon McKitrick <jcm@FreeBSD-uk.eu.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: Why use a firewall with dialup?
Message-ID:  <20041114105854.GA21962@alzatex.com>
In-Reply-To: <20041113211237.GA54907@dogma.freebsd-uk.eu.org>
References:  <20041113211237.GA54907@dogma.freebsd-uk.eu.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Sat, Nov 13, 2004 at 09:12:37PM +0000, Jonathon McKitrick wrote:
>=20
> I've been using one for some time, but now that I have a mini network, it
> has become a bit of a hassle updating the rules.
>=20
> If I disable all services but ssh, stay STABLE, and do not have a broadba=
nd
> connection, what danger is there?

Well, there is a possible DoS attack as your system gets hit with a load
of TCP SYN packets which your system will respond with ICMP errors or
SYN-ACK depending on the port.  A firewall could drop all incoming
packets not to TCP port 22 or part of an outgoing connection plus block
incoming pings.  And if you move ssh to, say, port 1243, there's very
little chance anyone might even find your machine if they can't see ur
outgoing traffic.

Oh, and don't ever think your dial-up connection reduces the chance that
you'll be attacked.  You'd be a great target to use as a decoy when they
decide to take down the FBI going through five cracked machines to hide
their tracks.

>=20
> jm
> --=20
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o=
rg"

--=20
I sense much NT in you.
NT leads to Bluescreen.
Bluescreen leads to downtime.
Downtime leads to suffering.
NT is the path to the darkside.
Powerful Unix is.

Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc
Fingerprint: B3B9 D669 69C9 09EC 1BCD  835A FAF3 7A46 E4A3 280C
=20

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041114105854.GA21962>