From owner-freebsd-security Tue Feb 12 1:18:22 2002 Delivered-To: freebsd-security@freebsd.org Received: from pooh.noc.u-net.net (pooh.noc.u-net.net [195.102.252.112]) by hub.freebsd.org (Postfix) with ESMTP id 24CE837B421 for ; Tue, 12 Feb 2002 01:18:17 -0800 (PST) Received: from pooh.noc.u-net.net ([195.102.252.112] helo=there) by pooh.noc.u-net.net with smtp (Exim 3.22 #1) id 16aZ2M-000Or0-00; Tue, 12 Feb 2002 09:15:42 +0000 Content-Type: text/plain; charset="iso-8859-1" From: Peter McGarvey Reply-To: pmcgarvey@vianetworks.co.uk Organization: VIA NETdotWORKS To: Brett Glass , security@FreeBSD.ORG Subject: Re: Is the technique described in this article do-able with FreeBSD + ipf? Date: Tue, 12 Feb 2002 09:15:41 +0000 X-Mailer: KMail [version 1.3] References: <4.3.2.7.2.20020208225248.026f08c0@localhost> In-Reply-To: <4.3.2.7.2.20020208225248.026f08c0@localhost> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Message-Id: X-EXIM-FILTER: PASS-s02 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Saturday 09 February 2002 05:53 am, Brett Glass wrote: > http://www.samag.com/documents/s=1824/sam0201d/0201d.htm > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message IMHO a mad idea. Interesting, but still mad. Personally I've got an OpenBSD box running as a Packet Filtering Bridge. I don't have any IPs bound to the bridged interfaces. And I have OpenBSD's PF filtering all traffic. For all intents it is totally transparent. Unless someone discovers a flaw in the TCP stack there is no way to remotely own the box. So it's just as secure as the halted Linux box. This also has the advantage of allowing me to log firewall traffic. -- TTFN, FNORD Peter McGarvey System Administrator Network Operations, VIA Networks UK To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message