From owner-freebsd-current  Sat Sep  5 23:56:37 1998
Return-Path: <owner-freebsd-current@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA11229
          for freebsd-current-outgoing; Sat, 5 Sep 1998 23:56:37 -0700 (PDT)
          (envelope-from owner-freebsd-current@FreeBSD.ORG)
Received: from smtp02.primenet.com (smtp02.primenet.com [206.165.6.132])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA11224
          for <freebsd-current@FreeBSD.ORG>; Sat, 5 Sep 1998 23:56:36 -0700 (PDT)
          (envelope-from tlambert@usr01.primenet.com)
Received: (from daemon@localhost)
	by smtp02.primenet.com (8.8.8/8.8.8) id XAA29492;
	Sat, 5 Sep 1998 23:56:35 -0700 (MST)
Received: from usr01.primenet.com(206.165.6.201)
 via SMTP by smtp02.primenet.com, id smtpd029473; Sat Sep  5 23:56:26 1998
Received: (from tlambert@localhost)
	by usr01.primenet.com (8.8.5/8.8.5) id XAA13597;
	Sat, 5 Sep 1998 23:56:22 -0700 (MST)
From: Terry Lambert <tlambert@primenet.com>
Message-Id: <199809060656.XAA13597@usr01.primenet.com>
Subject: Re: Should FreeBSD-3.0 ship with RFC 1644 (T/TCP) turned off by
To: dg@root.com
Date: Sun, 6 Sep 1998 06:56:22 +0000 (GMT)
Cc: tom@uniserve.com, freebsd-current@FreeBSD.ORG
In-Reply-To: <199809060551.WAA10205@implode.root.com> from "David Greenman" at Sep 5, 98 10:51:26 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-current@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> >  Ugh... really?  I use Livingston Portmaster's and FreeBSD heavily.
> >
> >  Be aware that (depending on the model) Portmasters have had a long
> >history, and some sites are still running 4 year old firmware on them.
> >Always get the ComOS version.
> 
>    Terry's assertion about the Livingston being broken is the first I've
> seen. Previously all of the reports of brokeness were with Annex terminal
> servers.

You should subscribe to the portmaste-users list.

Basically, if you are running old code, you are at risk.

If you are running new code, then you are not at risk.

Typically, everyone is not at risk.  It is the atypical case where
someone has not updated (perhaps because they want to be a haven
for systtems crackers depending on old security holes).

Portmaster and Annex hardware were both at risk.

There are about three others, including the Cyclades RAS server,
which *used to be* at risk.  If you don't update code, expect the
extensions to fail.


That said, one of the reasons for leaving the extensions on by default
is to ensure that people complain about RFC non-compliance.

I, for one, wuld e unhappy if FreeBSD disabled these by default, even
though it's perfectly reasonable for my employer to disable them on
their derived work.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message