From owner-freebsd-security  Sat Feb  9  1: 5:20 2002
Delivered-To: freebsd-security@freebsd.org
Received: from theinternet.com.au (c20631.kelvn1.qld.optusnet.com.au [203.164.207.8])
	by hub.freebsd.org (Postfix) with ESMTP id 1726137B417
	for <security@FreeBSD.ORG>; Sat,  9 Feb 2002 01:05:16 -0800 (PST)
Received: (from akm@localhost)
	by theinternet.com.au (8.11.6/8.11.4) id g1993YZ67098;
	Sat, 9 Feb 2002 19:03:34 +1000 (EST)
	(envelope-from akm)
Date: Sat, 9 Feb 2002 19:03:34 +1000
From: Andrew Kenneth Milton <akm@theinternet.com.au>
To: "f.johan.beisser" <jan@caustic.org>
Cc: Darren Reed <avalon@coombs.anu.edu.au>,
	Brett Glass <brett@lariat.org>, security@FreeBSD.ORG
Subject: Re: Is the technique described in this article do-able with
Message-ID: <20020209190334.I32999@zeus.theinternet.com.au>
References: <200202090620.RAA19299@caligula.anu.edu.au> <20020208234001.R21734-100000@localhost>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.2.5.1i
In-Reply-To: <20020208234001.R21734-100000@localhost>; from jan@caustic.org on Sat, Feb 09, 2002 at 12:53:37AM -0800
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

+-------[ f.johan.beisser ]----------------------
|
| i wouldn't put it that far down, just yet. i don't see how much of an
| advantage it would be over a fully operational box, on the other hand.

Even if it were in a comatose state, you might have some problems with 
using natd since your userland is gone. You could only use kernel space
tools. 

I don't see any real difference over a FreeBSD box in a halted state 
(assuming it worked that way), and a Packet Filter that was running on
{MS|Free}DOS.

It might be easier (and faster) to configure FreeBSD not to come all the way up, 
(or restrict what does) rather than not to go all the way down (we have a 
nice rc system d8)

-- 
Totally Holistic Enterprises Internet|                      | Andrew Milton
The Internet (Aust) Pty Ltd          |                      |
ACN: 082 081 472 ABN: 83 082 081 472 |  M:+61 416 022 411   | Carpe Daemon
PO Box 837 Indooroopilly QLD 4068    |akm@theinternet.com.au| 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message