From owner-freebsd-questions Wed Feb 7 11: 5:31 2001 Delivered-To: freebsd-questions@freebsd.org Received: from clmboh1-smtp3.columbus.rr.com (unknown [65.24.0.112]) by hub.freebsd.org (Postfix) with ESMTP id 9860B37B503 for ; Wed, 7 Feb 2001 11:05:13 -0800 (PST) Received: from mail.iowna.com (dhcp065-024-023-038.columbus.rr.com [65.24.23.38]) by clmboh1-smtp3.columbus.rr.com (8.11.2/8.11.2) with ESMTP id f17J2fr05447; Wed, 7 Feb 2001 14:02:42 -0500 (EST) Message-ID: <3A819B5B.807609F3@mail.iowna.com> Date: Wed, 07 Feb 2001 14:00:43 -0500 From: Bill Moran X-Mailer: Mozilla 4.76 [en] (X11; U; FreeBSD 4.2-STABLE i386) X-Accept-Language: en MIME-Version: 1.0 To: "J. Miguel =?iso-8859-1?Q?Gon=E7alves?=" Cc: questions@FreeBSD.ORG Subject: Re: Router (Firewall) Security References: Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG "J. Miguel Gonçalves" wrote: > > Hi! > > I am about to install a FreeBSD 4.2 box (DX4 @ 100 MHz, 12 MB RAM, 210 MB disk) as a cable > router/firewall for a small network. > > I will disable all network services and the maintenance is going to be done over a serial console. > It is immossible for an external attacker to reach the firewall machine and execute commands, > right? The only thing he can do is circunvert the firewall and penetrate the internal network, > right? Never say "impossible" However, if you add "nearly" in front of "impossible" you've got the right idea. Theoretically, it should be impossible. -Bill To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message