From owner-freebsd-doc Sun Mar 7 23:30:16 1999 Delivered-To: freebsd-doc@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 33B891505C for ; Sun, 7 Mar 1999 23:30:15 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.2/8.9.2) id XAA44886; Sun, 7 Mar 1999 23:30:00 -0800 (PST) (envelope-from gnats@FreeBSD.org) Received: from od3.sharp.co.jp (od3.sharp.co.jp [202.32.86.132]) by hub.freebsd.org (Postfix) with ESMTP id CD54E14D43 for ; Sun, 7 Mar 1999 23:26:48 -0800 (PST) (envelope-from kuma@slab.tnr.sharp.co.jp) Received: by od3.sharp.co.jp; id QAA02110; Mon, 8 Mar 1999 16:26:24 +0900 (JST) Received: from unknown(133.159.14.115) by od3.sharp.co.jp via smap (4.1) id xma001840; Mon, 8 Mar 99 16:25:22 +0900 Received: from td1.tnr.sharp.co.jp (root@td1.tnr.sharp.co.jp [133.159.52.20]) by od.sharp.co.jp (8.8.5/3.5W-98081113) with ESMTP id QAA27095; Mon, 8 Mar 1999 16:25:20 +0900 (JST) Received: from mailfwd.slab.tnr.sharp.co.jp ([10.32.30.11]) by td1.tnr.sharp.co.jp (8.8.5/3.5W-97080613) with ESMTP id QAA22906; Mon, 8 Mar 1999 16:25:19 +0900 (JST) Received: from server01.slab.tnr.sharp.co.jp ([10.32.50.4]) by mailfwd.slab.tnr.sharp.co.jp (8.8.4+2.7Wbeta4/3.6Wbeta7) with ESMTP id QAA14801; Mon, 8 Mar 1999 16:24:11 +0900 (JST) Received: from gaye.slab.tnr.sharp.co.jp (gaye.slab.tnr.sharp.co.jp [10.32.49.117]) by server01.slab.tnr.sharp.co.jp (8.8.5/3.6Wbeta7 98051815) with ESMTP id QAA27467; Mon, 8 Mar 1999 16:25:19 +0900 (JST) Received: (from kuma@localhost) by gaye.slab.tnr.sharp.co.jp (8.8.7/3.5Wpl5) id QAA01164; Mon, 8 Mar 1999 16:25:19 +0900 (JST) Message-Id: <199903080725.QAA01164@gaye.slab.tnr.sharp.co.jp> Date: Mon, 8 Mar 1999 16:25:19 +0900 (JST) From: kuma@jp.freebsd.org Reply-To: kuma@jp.freebsd.org To: FreeBSD-gnats-submit@freebsd.org Cc: horikawa@jp.freebsd.org X-Send-Pr-Version: 3.2 Subject: docs/10482: possible typo in security.7 Sender: owner-freebsd-doc@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 10482 >Category: docs >Synopsis: typo? in security.7 man pages >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-doc >State: open >Quarter: >Keywords: >Date-Required: >Class: doc-bug >Submitter-Id: current-users >Arrival-Date: Sun Mar 7 23:30:00 PST 1999 >Closed-Date: >Last-Modified: >Originator: Norihiro Kumagai >Release: FreeBSD 3.1-RELEASE i386 >Organization: Japanese FreeBSD Manual Translation Project >Environment: Any box installed with 3.1-RELEASE >Description: In the following paragraph, (in line 365) It is a very good idea to protect internal services from external access by firewalling them off at your border routers. The idea here is to prevent saturation attacks from outside your LAN, not so much to protect internal services from root network-based root compromise. Always configure an exclusive firewall, i.e. 'firewall everything *except* ports A, B, C, D, and M-Z'. This way you can firewall off all of your low ports except for certain specific services such as named (if you are primary for a zone), ntalkd, sendmail, and other internet-accessible services. the phrase "root network-based root compromise" should be better "network-based root compromise", I guess. I am afraid that my poor English reading has lead me to misunderstanding, that is, "root network-based root compromise" is really right. In case of my misunderstanding, I would be happy to hear the meaning of "root network-based root compromise" for the future better Japanese translation. >How-To-Repeat: hit, "man security":-) >Fix: The following patch be applied: --- security.7-org Mon Mar 8 16:18:54 1999 +++ security.7 Mon Mar 8 16:20:44 1999 @@ -365,7 +365,7 @@ It is a very good idea to protect internal services from external access by firewalling them off at your border routers. The idea here is to prevent saturation attacks from outside your LAN, not so much to protect internal -services from root network-based root compromise. Always configure an exclusive +services from network-based root compromise. Always configure an exclusive firewall, i.e. 'firewall everything *except* ports A, B, C, D, and M-Z'. This way you can firewall off all of your low ports except for certain specific services such as named (if you are primary for a zone), ntalkd, sendmail, >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-doc" in the body of the message