From owner-freebsd-security Wed Nov 29 11:22: 8 2000 Delivered-To: freebsd-security@freebsd.org Received: from ns.yogotech.com (ns.yogotech.com [206.127.123.66]) by hub.freebsd.org (Postfix) with ESMTP id 49BA437B400 for ; Wed, 29 Nov 2000 11:22:03 -0800 (PST) Received: from nomad.yogotech.com (nomad.yogotech.com [206.127.123.131]) by ns.yogotech.com (8.9.3/8.9.3) with ESMTP id MAA24261; Wed, 29 Nov 2000 12:21:51 -0700 (MST) (envelope-from nate@nomad.yogotech.com) Received: (from nate@localhost) by nomad.yogotech.com (8.8.8/8.8.8) id MAA17974; Wed, 29 Nov 2000 12:21:49 -0700 (MST) (envelope-from nate) From: Nate Williams MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <14885.22348.875384.616155@nomad.yogotech.com> Date: Wed, 29 Nov 2000 12:21:48 -0700 (MST) To: Garrett Wollman Cc: Wes Peters , freebsd-security@FreeBSD.ORG Subject: Re: NATD: failed to write packet back (Permission denied) In-Reply-To: <200011291802.NAA17650@khavrinen.lcs.mit.edu> References: <001701c057c4$1e1ac010$0200a8c0@n2> <20001126110756.C34151@149.211.6.64.reflexcom.com> <000b01c057dd$f9423ab0$0200a8c0@n2> <20001126113720.A70192@149.211.6.64.reflexcom.com> <3A2183E7.6039C582@FreeBSD.org> <20001126140033.E70192@149.211.6.64.reflexcom.com> <3A218C5B.9F677E51@FreeBSD.org> <200011270130.UAA88239@khavrinen.lcs.mit.edu> <3A221402.D88321D8@softweyr.com> <14882.49100.131730.989201@nomad.yogotech.com> <3A24AC77.51EF28C@softweyr.com> <200011291507.KAA16392@khavrinen.lcs.mit.edu> <3A253A44.D7EA9113@softweyr.com> <200011291802.NAA17650@khavrinen.lcs.mit.edu> X-Mailer: VM 6.75 under 21.1 (patch 12) "Channel Islands" XEmacs Lucid Reply-To: nate@yogotech.com (Nate Williams) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > > But you keep saying "on my home machine" and seem to insist that having > > a single machine on the internet at home is somehow normal. > > To a large fraction of the world's population, having a ``home > machine'' of any kind is out of the ordinary. Most of the people who > have net access today have only one computer. > > In any case, the actual number doesn't make much difference -- the > same argument (that you are perfectly capable of setting up your > machines securely) still holds. And it involves installing a firewall on it, in case you're configuration isn't as secure as you'd like it to be. (Because of forgetfulness, lack of information, etc...) Many, many, many home users now have 'full-time' connections to the internet, which means that accidental misconfigurations can easily be prevented by using a simple firewall ruleset, such as the one that comes 'out of the box' with FreeBSD today. Nate To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message