Date: Sat, 9 Feb 2002 19:03:34 +1000 From: Andrew Kenneth Milton <akm@theinternet.com.au> To: "f.johan.beisser" <jan@caustic.org> Cc: Darren Reed <avalon@coombs.anu.edu.au>, Brett Glass <brett@lariat.org>, security@FreeBSD.ORG Subject: Re: Is the technique described in this article do-able with Message-ID: <20020209190334.I32999@zeus.theinternet.com.au> In-Reply-To: <20020208234001.R21734-100000@localhost>; from jan@caustic.org on Sat, Feb 09, 2002 at 12:53:37AM -0800 References: <200202090620.RAA19299@caligula.anu.edu.au> <20020208234001.R21734-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
+-------[ f.johan.beisser ]----------------------
|
| i wouldn't put it that far down, just yet. i don't see how much of an
| advantage it would be over a fully operational box, on the other hand.
Even if it were in a comatose state, you might have some problems with
using natd since your userland is gone. You could only use kernel space
tools.
I don't see any real difference over a FreeBSD box in a halted state
(assuming it worked that way), and a Packet Filter that was running on
{MS|Free}DOS.
It might be easier (and faster) to configure FreeBSD not to come all the way up,
(or restrict what does) rather than not to go all the way down (we have a
nice rc system d8)
--
Totally Holistic Enterprises Internet| | Andrew Milton
The Internet (Aust) Pty Ltd | |
ACN: 082 081 472 ABN: 83 082 081 472 | M:+61 416 022 411 | Carpe Daemon
PO Box 837 Indooroopilly QLD 4068 |akm@theinternet.com.au|
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020209190334.I32999>