From owner-freebsd-questions@FreeBSD.ORG Thu Aug 11 19:22:38 2005 Return-Path: X-Original-To: questions@freebsd.org Delivered-To: freebsd-questions@FreeBSD.ORG Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9073816A41F for ; Thu, 11 Aug 2005 19:22:38 +0000 (GMT) (envelope-from lars@gmx.at) Received: from mail.gmx.net (mail.gmx.de [213.165.64.20]) by mx1.FreeBSD.org (Postfix) with SMTP id B991843D46 for ; Thu, 11 Aug 2005 19:22:37 +0000 (GMT) (envelope-from lars@gmx.at) Received: (qmail invoked by alias); 11 Aug 2005 19:22:36 -0000 Received: from 215.60.79.83.cust.bluewin.ch (EHLO [192.168.1.11]) [83.79.60.215] by mail.gmx.net (mp019) with SMTP; 11 Aug 2005 21:22:36 +0200 X-Authenticated: #912863 Message-ID: <42FBA596.7080402@gmx.at> Date: Thu, 11 Aug 2005 21:23:02 +0200 From: lars User-Agent: Mozilla Thunderbird 1.0.6 (X11/20050722) X-Accept-Language: en-us, en MIME-Version: 1.0 References: <42F976E8.60008@bomar.us> <1123772249.42fb67599fa7d@webmail.lsi.mine.nu> <42FB74E7.5050206@gmx.at> <54db43990508111037567c6750@mail.gmail.com> In-Reply-To: X-Enigmail-Version: 0.92.0.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-Y-GMX-Trusted: 0 Cc: questions@freebsd.org Subject: Re: Long Uptime X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Aug 2005 19:22:38 -0000 Dmitry Mityugov wrote: >>>Apart from that, I must agree with Dave Horsfall - please provide an IP. >> >>Is there a critical patch that you believe those machines would need? >>Anything more serious than a potential denial of service attack? Yes, I recommend all patches. DOS is enough for me. > Indeed. If the machine is properly firewalled, what kind of attack > other than DoS can break it? All those on vulnerabilites that were fixed in patches after the last one applied. A firewall may or may not help you. If the attack is on a jail to which you allow access through your firewall, you've had it, e.g.. Or someone sends you a specially crafted file that exploits a vulnerability described in FreeBSD-SA-05:11.gzip and/or FreeBSD-SA-05:14.bzip2.asc. That's DOS, that kind of attack is serious enough for me to try to avoid. Or someone gains root privileges via the vulnerability described in FreeBSD-SA-05:16.zlib, FreeBSD-SA-05:17.devfs or FreeBSD-SA-05:18.zlib. I mean it's great FreeBSD can sustain such a long uptime. But, IMHO, it's nothing to brag about, since it simultaneously indicates missing patches, which I find worse. Planned downtime for maintenance is ok. Kind regards, lars.