From owner-freebsd-questions@FreeBSD.ORG Sun Nov 14 10:59:36 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BA3AD16A4CE for ; Sun, 14 Nov 2004 10:59:36 +0000 (GMT) Received: from hosea.tallye.com (joel.tallye.com [216.99.199.78]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9809C43D39 for ; Sun, 14 Nov 2004 10:59:15 +0000 (GMT) (envelope-from lorenl@alzatex.com) Received: from hosea.tallye.com (hosea.tallye.com [127.0.0.1]) by hosea.tallye.com (8.12.8/8.12.10) with ESMTP id iAEAxEYs022393 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO) for ; Sun, 14 Nov 2004 02:59:15 -0800 Received: (from sttng359@localhost) by hosea.tallye.com (8.12.8/8.12.10/Submit) id iAEAwsLD022385; Sun, 14 Nov 2004 02:58:54 -0800 X-Authentication-Warning: hosea.tallye.com: sttng359 set sender to lorenl@alzatex.com using -f Date: Sun, 14 Nov 2004 02:58:54 -0800 From: "Loren M. Lang" To: Jonathon McKitrick Message-ID: <20041114105854.GA21962@alzatex.com> References: <20041113211237.GA54907@dogma.freebsd-uk.eu.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable In-Reply-To: <20041113211237.GA54907@dogma.freebsd-uk.eu.org> User-Agent: Mutt/1.4.1i X-GPG-Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc X-GPG-Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C cc: freebsd-questions@freebsd.org Subject: Re: Why use a firewall with dialup? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 14 Nov 2004 10:59:36 -0000 On Sat, Nov 13, 2004 at 09:12:37PM +0000, Jonathon McKitrick wrote: >=20 > I've been using one for some time, but now that I have a mini network, it > has become a bit of a hassle updating the rules. >=20 > If I disable all services but ssh, stay STABLE, and do not have a broadba= nd > connection, what danger is there? Well, there is a possible DoS attack as your system gets hit with a load of TCP SYN packets which your system will respond with ICMP errors or SYN-ACK depending on the port. A firewall could drop all incoming packets not to TCP port 22 or part of an outgoing connection plus block incoming pings. And if you move ssh to, say, port 1243, there's very little chance anyone might even find your machine if they can't see ur outgoing traffic. Oh, and don't ever think your dial-up connection reduces the chance that you'll be attacked. You'd be a great target to use as a decoy when they decide to take down the FBI going through five cracked machines to hide their tracks. >=20 > jm > --=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --=20 I sense much NT in you. NT leads to Bluescreen. Bluescreen leads to downtime. Downtime leads to suffering. NT is the path to the darkside. Powerful Unix is. Public Key: ftp://ftp.tallye.com/pub/lorenl_pubkey.asc Fingerprint: B3B9 D669 69C9 09EC 1BCD 835A FAF3 7A46 E4A3 280C =20