From owner-freebsd-security Thu Nov 30 3:35:26 2000 Delivered-To: freebsd-security@freebsd.org Received: from probity.mcc.ac.uk (probity.mcc.ac.uk [130.88.200.94]) by hub.freebsd.org (Postfix) with ESMTP id 2901337B400 for ; Thu, 30 Nov 2000 03:35:21 -0800 (PST) Received: from dogma.freebsd-uk.eu.org ([130.88.200.97]) by probity.mcc.ac.uk with esmtp (Exim 2.05 #4) id 141Rzk-000KEp-00 for freebsd-security@freebsd.org; Thu, 30 Nov 2000 11:35:20 +0000 Received: (from rasputin@localhost) by dogma.freebsd-uk.eu.org (8.9.3/8.9.3) id LAA72117 for freebsd-security@freebsd.org; Thu, 30 Nov 2000 11:35:15 GMT (envelope-from rasputin) Date: Thu, 30 Nov 2000 11:35:15 +0000 From: Rasputin To: freebsd-security@freebsd.org Subject: Re: NATD: failed to write packet back (Permission denied) Message-ID: <20001130113515.A72030@dogma.freebsd-uk.eu.org> References: <20001126140033.E70192@149.211.6.64.reflexcom.com> <3A218C5B.9F677E51@FreeBSD.org> <200011270130.UAA88239@khavrinen.lcs.mit.edu> <3A221402.D88321D8@softweyr.com> <14882.49100.131730.989201@nomad.yogotech.com> <3A24AC77.51EF28C@softweyr.com> <200011291507.KAA16392@khavrinen.lcs.mit.edu> <3A253A44.D7EA9113@softweyr.com> <200011291802.NAA17650@khavrinen.lcs.mit.edu> <14885.22348.875384.616155@nomad.yogotech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0.1i In-Reply-To: <14885.22348.875384.616155@nomad.yogotech.com>; from nate@yogotech.com on Wed, Nov 29, 2000 at 12:21:48PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Wed, Nov 29, 2000 at 12:21:48PM -0700, Nate Williams wrote: > > > But you keep saying "on my home machine" and seem to insist that having > > > a single machine on the internet at home is somehow normal. > > > > To a large fraction of the world's population, having a ``home > > machine'' of any kind is out of the ordinary. Most of the people who > > have net access today have only one computer. > > > > In any case, the actual number doesn't make much difference -- the > > same argument (that you are perfectly capable of setting up your > > machines securely) still holds. > > And it involves installing a firewall on it, in case you're > configuration isn't as secure as you'd like it to be. (Because of > forgetfulness, lack of information, etc...) > > Many, many, many home users now have 'full-time' connections to the > internet, which means that accidental misconfigurations can easily be > prevented by using a simple firewall ruleset, such as the one that comes > 'out of the box' with FreeBSD today. Hear hear. There are many network services that don't run from inted/tcp-wrappers/etc, having their own (dubious?) security mechanisms. It's safer to block inbound access to that port if unneeded, especially if you don't have time to wade through cryptic access restiction docs. I trust BSD's TCP stack more than $APPLICATION. And to be blunt, It's *my* 'home PC', so I'll run what the hell I like on it, thanks all the same. If it upsets you, tough. It's not *your* data at risk, is it? Can we pack this thread in now please? -- Rasputin Jack of All Trades :: Master of Nuns To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message