Date: Tue, 05 Dec 2000 09:08:59 -0700 From: Wes Peters <wes@softweyr.com> To: John Howie <JHowie@msn.com> Cc: "David G. Andersen" <dga@pobox.com>, freebsd-security@FreeBSD.ORG Subject: Re: Fw: NAPTHA Advisory Updated - BindView RAZOR Message-ID: <3A2D131B.2548F379@softweyr.com> References: <200012050043.RAA27046@faith.cs.utah.edu> <011701c05e5a$bcfb3060$fd01a8c0@pacbell.net>
next in thread | previous in thread | raw e-mail | index | archive | help
John Howie wrote: > > David Andersen wrote: > > > This isn't a FreeBSD failure per se, but a resource control > > failure. Whether you want to point a finger at FreeBSD, ssh, or the > > operator of the box is entirely up to you. :-) > > > > I'm afraid I disagree - this is not purely a daemon problem. I wonder if you > had time to read the whole advisory for the FreeBSD information near the end > of the report (I've included it below). I'm sure he, just as I, read it and found it to report only daemon attacks: > > > > FreeBSD - FreeBSD 4.0-REL > > > > > > > > In testing FreeBSD, a few specific > > > > daemons/ports were targeted. For some, the > > > > stability of the system as a whole can be > > > > affected. The daemons targeted in this > > > > testing are not necessarily at fault for > > > > the problems encountered. > > > > > > > > SSH: > > > > > > > > NFS: > > > > > > > > BIND: > > > > > > > > Note: These services/ports can be > > > > similarly affected on other Linux and UNIX > > > > variants. > > If a daemon becomes unusable because it is subject to attack then that is, > while not ideal, at least tolerable. When the whole system becomes unusable > that points to problems in the kernel. They don't substantiate their vague claim of "the stability of the system as a whole can be affected." All of the specific instances they do list ARE daemon attacks. On the other hand, if they are attacking NFS, I can certainly see that making the system somewhat unstable, but it is better in 4.2. As David pointed out, NFS is usually NOT exposed outside your firewall. You do have a firewall, don't you? ;^) -- "Where am I, and what am I doing in this handbasket?" Wes Peters Softweyr LLC wes@softweyr.com http://softweyr.com/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3A2D131B.2548F379>