From owner-freebsd-questions@FreeBSD.ORG Thu Aug 11 20:58:49 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 314BD16A420 for ; Thu, 11 Aug 2005 20:58:49 +0000 (GMT) (envelope-from estover@nativenerds.com) Received: from mail.nativenerds.com (host-70-0-111-24.midco.net [24.111.0.70]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7F11F43D46 for ; Thu, 11 Aug 2005 20:58:48 +0000 (GMT) (envelope-from estover@nativenerds.com) Received: from mail.nativenerds.com (localhost.nativenerds.com [127.0.0.1]) by mail.nativenerds.com (8.12.11/8.12.11) with ESMTP id j7BLI4cf028317 for ; Thu, 11 Aug 2005 15:18:04 -0600 (MDT) (envelope-from estover@nativenerds.com) Received: (from www@localhost) by mail.nativenerds.com (8.12.11/8.12.11/Submit) id j7BLI4JR028316; Thu, 11 Aug 2005 15:18:04 -0600 (MDT) (envelope-from estover@nativenerds.com) X-Authentication-Warning: mail.nativenerds.com: www set sender to estover@nativenerds.com using -f Received: from 208.34.9.238 (SquirrelMail authenticated user estover); by mail.nativenerds.com with HTTP; Thu, 11 Aug 2005 15:18:04 -0600 (MDT) Message-ID: <4030.208.34.9.238.1123795084.squirrel@208.34.9.238> In-Reply-To: <42FBA596.7080402@gmx.at> References: <42F976E8.60008@bomar.us> <1123772249.42fb67599fa7d@webmail.lsi.mine.nu> <42FB74E7.5050206@gmx.at> <54db43990508111037567c6750@mail.gmail.com> <42FBA596.7080402@gmx.at> Date: Thu, 11 Aug 2005 15:18:04 -0600 (MDT) From: estover@nativenerds.com To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.3a X-Mailer: SquirrelMail/1.4.3a MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal X-Virus-Scanned: ClamAV 0.85.1/1011/Tue Aug 9 03:20:28 2005 on mail.nativenerds.com X-Virus-Status: Clean X-Spam-Status: No, hits=0.3 required=5.0 tests=NO_REAL_NAME autolearn=no version=2.63 X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on mail.nativenerds.com Subject: Re: Long Uptime X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Aug 2005 20:58:49 -0000 > Dmitry Mityugov wrote: >>>>Apart from that, I must agree with Dave Horsfall - please provide an >>>> IP. >>> >>>Is there a critical patch that you believe those machines would need? >>>Anything more serious than a potential denial of service attack? > Yes, I recommend all patches. > DOS is enough for me. > >> Indeed. If the machine is properly firewalled, what kind of attack >> other than DoS can break it? > All those on vulnerabilites that were fixed in patches after the last one > applied. > > A firewall may or may not help you. > > If the attack is on a jail to which you allow access through your > firewall, > you've had it, e.g.. > > Or someone sends you a specially crafted file that exploits a > vulnerability > described in FreeBSD-SA-05:11.gzip and/or FreeBSD-SA-05:14.bzip2.asc. > That's DOS, that kind of attack is serious enough for me to try to avoid. > > Or someone gains root privileges via the vulnerability described in > FreeBSD-SA-05:16.zlib, FreeBSD-SA-05:17.devfs or FreeBSD-SA-05:18.zlib. > > I mean it's great FreeBSD can sustain such a long uptime. > But, IMHO, it's nothing to brag about, since it simultaneously indicates > missing patches, which I find worse. Missing patches?, Most people I know can apply patches with out rebooting a FreeBSD. > Planned downtime for maintenance is ok. It is , but this is bragging rights were talking here. > > Kind regards, > lars. > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "freebsd-questions-unsubscribe@freebsd.org" >