From owner-freebsd-hackers  Thu Sep 17 23:00:41 1998
Return-Path: <owner-freebsd-hackers@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id XAA12019
          for freebsd-hackers-outgoing; Thu, 17 Sep 1998 23:00:41 -0700 (PDT)
          (envelope-from owner-freebsd-hackers@FreeBSD.ORG)
Received: from smtp04.primenet.com (smtp04.primenet.com [206.165.6.134])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id XAA12013;
          Thu, 17 Sep 1998 23:00:38 -0700 (PDT)
          (envelope-from tlambert@usr04.primenet.com)
Received: (from daemon@localhost)
	by smtp04.primenet.com (8.8.8/8.8.8) id XAA28028;
	Thu, 17 Sep 1998 23:00:15 -0700 (MST)
Received: from usr04.primenet.com(206.165.6.204)
 via SMTP by smtp04.primenet.com, id smtpd027951; Thu Sep 17 23:00:05 1998
Received: (from tlambert@localhost)
	by usr04.primenet.com (8.8.5/8.8.5) id UAA00693;
	Thu, 17 Sep 1998 20:11:16 -0700 (MST)
From: Terry Lambert <tlambert@primenet.com>
Message-Id: <199809180311.UAA00693@usr04.primenet.com>
Subject: Re: problem using 3 x znyx314 cards for 12 de ethernets
To: rotel@indigo.ie
Date: Fri, 18 Sep 1998 03:11:14 +0000 (GMT)
Cc: tlambert@primenet.com, sthaug@nethelp.no, hackers@FreeBSD.ORG,
        questions@FreeBSD.ORG
In-Reply-To: <199809172153.WAA01841@indigo.ie> from "Niall Smart" at Sep 17, 98 10:53:19 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-hackers@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

> These are different issues, someone can be partly responsible for
> a smurf attack without ever realising it and (more importantly)
> without _their_ security/quality of service being compromised.  I
> don't care how many boxes get hacked as long as they aren't mine,
> but it's reasonable to complain about a configuration which makes
> it too easy for script kiddies to exploit the ineptitude or
> carelessness of admins to affect _other_ competant and careful
> admins boxes.
> 
> It's akin to shipping sendmail with open relaying.

If you want a C2 hardened system, quit pussyfooting around and start
addressing the real issues leading up to C2 certification.  Otherwise,
griping about something that will never happen given a correctly
configured firewall, and which "fixing" will break a behaviour that
is universally known to be useful, seems a bit counter-productive.

8-(.


					Terry Lambert
					terry@lambert.org
---
Any opinions in this posting are my own and not those of my present
or previous employers.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message