Date: Tue, 12 Feb 2002 09:15:41 +0000 From: Peter McGarvey <pmcgarvey@vianetworks.co.uk> To: Brett Glass <brett@lariat.org>, security@FreeBSD.ORG Subject: Re: Is the technique described in this article do-able with FreeBSD + ipf? Message-ID: <E16aZ2M-000Or0-00@pooh.noc.u-net.net> In-Reply-To: <4.3.2.7.2.20020208225248.026f08c0@localhost> References: <4.3.2.7.2.20020208225248.026f08c0@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Saturday 09 February 2002 05:53 am, Brett Glass wrote: > http://www.samag.com/documents/s=1824/sam0201d/0201d.htm > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message IMHO a mad idea. Interesting, but still mad. Personally I've got an OpenBSD box running as a Packet Filtering Bridge. I don't have any IPs bound to the bridged interfaces. And I have OpenBSD's PF filtering all traffic. For all intents it is totally transparent. Unless someone discovers a flaw in the TCP stack there is no way to remotely own the box. So it's just as secure as the halted Linux box. This also has the advantage of allowing me to log firewall traffic. -- TTFN, FNORD Peter McGarvey System Administrator Network Operations, VIA Networks UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E16aZ2M-000Or0-00>