From owner-freebsd-questions Thu Nov 9 15:56:10 2000 Delivered-To: freebsd-questions@freebsd.org Received: from guru.mired.org (okc-27-149-77.mmcable.com [24.27.149.77]) by hub.freebsd.org (Postfix) with SMTP id A380C37B479 for ; Thu, 9 Nov 2000 15:56:07 -0800 (PST) Received: (qmail 30229 invoked by uid 100); 9 Nov 2000 23:56:07 -0000 From: Mike Meyer MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14859.14742.972837.412365@guru.mired.org> Date: Thu, 9 Nov 2000 17:56:06 -0600 (CST) To: Gary Dunn Cc: questions@freebsd.org Subject: Re: ipfw/database/logging development In-Reply-To: <5065544@toto.iv> X-Mailer: VM 6.75 under 21.1 (patch 10) "Capitol Reef" XEmacs Lucid X-face: "5Mnwy%?j>IIV\)A=):rjWL~NB2aH[}Yq8Z=u~vJ`"(,&SiLvbbz2W`;h9L,Yg`+vb1>RG% *h+%X^n0EZd>TM8_IB;a8F?(Fb"lw'IgCoyM.[Lg#r\ Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Gary Dunn types: > What concerns me is that in the past year there has been a huge > increase in the number of households using cable modems (aka RoardRunner). Even > small businesses and schools. Few of these people have a clue about network > security. Some install a "firewall" application, but I am skeptical about the > effectiveness of such programs. As far as I know, cable modem service providers > offer no security, not even simple IP address blocking at the router. > > Are we all being placed at greater risk because of inadequate security measures > involving cable modems? Or is the threat a mirage? Maybe yes, maybe no. If there are lots of unprotected systems that are on 7x24, that's a problem. A DOS attack with 50,000 PCs scattered all over the network is *much* nastier than anything that can be mounted from even a large university. I don't know how good the "firewall" applications are either. There are some "DSL/Cable routers" that have built-in firewall functionality, and seem pretty good. Since they are nearly plug-n-play for a small LAN of windows boxes (i.e. - just configure the windows boxes as DHCP clients, and you're done), one can hope they become popular for sharing network connections, etc.