Date: Mon, 8 Mar 1999 16:25:19 +0900 (JST) From: kuma@jp.freebsd.org To: FreeBSD-gnats-submit@freebsd.org Cc: horikawa@jp.freebsd.org Subject: docs/10482: possible typo in security.7 Message-ID: <199903080725.QAA01164@gaye.slab.tnr.sharp.co.jp>
next in thread | raw e-mail | index | archive | help
>Number: 10482 >Category: docs >Synopsis: typo? in security.7 man pages >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 7 23:30:00 PST 1999 >Closed-Date: >Last-Modified: >Originator: Norihiro Kumagai >Release: FreeBSD 3.1-RELEASE i386 >Organization: Japanese FreeBSD Manual Translation Project >Environment: Any box installed with 3.1-RELEASE >Description: In the following paragraph, (in line 365) It is a very good idea to protect internal services from external access by firewalling them off at your border routers. The idea here is to prevent saturation attacks from outside your LAN, not so much to protect internal services from root network-based root compromise. Always configure an exclusive firewall, i.e. 'firewall everything *except* ports A, B, C, D, and M-Z'. This way you can firewall off all of your low ports except for certain specific services such as named (if you are primary for a zone), ntalkd, sendmail, and other internet-accessible services. the phrase "root network-based root compromise" should be better "network-based root compromise", I guess. I am afraid that my poor English reading has lead me to misunderstanding, that is, "root network-based root compromise" is really right. In case of my misunderstanding, I would be happy to hear the meaning of "root network-based root compromise" for the future better Japanese translation. >How-To-Repeat: hit, "man security":-) >Fix: The following patch be applied: --- security.7-org Mon Mar 8 16:18:54 1999 +++ security.7 Mon Mar 8 16:20:44 1999 @@ -365,7 +365,7 @@ It is a very good idea to protect internal services from external access by firewalling them off at your border routers. The idea here is to prevent saturation attacks from outside your LAN, not so much to protect internal -services from root network-based root compromise. Always configure an exclusive +services from network-based root compromise. Always configure an exclusive firewall, i.e. 'firewall everything *except* ports A, B, C, D, and M-Z'. This way you can firewall off all of your low ports except for certain specific services such as named (if you are primary for a zone), ntalkd, sendmail, >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199903080725.QAA01164>