Date: Thu, 11 Aug 2005 21:23:02 +0200 From: lars <lars@gmx.at> Cc: questions@freebsd.org Subject: Re: Long Uptime Message-ID: <42FBA596.7080402@gmx.at> In-Reply-To: <b7052e1e050811113342d855a0@mail.gmail.com> References: <42F976E8.60008@bomar.us> <1123772249.42fb67599fa7d@webmail.lsi.mine.nu> <42FB74E7.5050206@gmx.at> <54db43990508111037567c6750@mail.gmail.com> <b7052e1e050811113342d855a0@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Dmitry Mityugov wrote: >>>Apart from that, I must agree with Dave Horsfall - please provide an IP. >> >>Is there a critical patch that you believe those machines would need? >>Anything more serious than a potential denial of service attack? Yes, I recommend all patches. DOS is enough for me. > Indeed. If the machine is properly firewalled, what kind of attack > other than DoS can break it? All those on vulnerabilites that were fixed in patches after the last one applied. A firewall may or may not help you. If the attack is on a jail to which you allow access through your firewall, you've had it, e.g.. Or someone sends you a specially crafted file that exploits a vulnerability described in FreeBSD-SA-05:11.gzip and/or FreeBSD-SA-05:14.bzip2.asc. That's DOS, that kind of attack is serious enough for me to try to avoid. Or someone gains root privileges via the vulnerability described in FreeBSD-SA-05:16.zlib, FreeBSD-SA-05:17.devfs or FreeBSD-SA-05:18.zlib. I mean it's great FreeBSD can sustain such a long uptime. But, IMHO, it's nothing to brag about, since it simultaneously indicates missing patches, which I find worse. Planned downtime for maintenance is ok. Kind regards, lars.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?42FBA596.7080402>