From owner-freebsd-security  Thu Nov 30  7:31:15 2000
Delivered-To: freebsd-security@freebsd.org
Received: from khavrinen.lcs.mit.edu (khavrinen.lcs.mit.edu [18.24.4.193])
	by hub.freebsd.org (Postfix) with ESMTP id 8EF8737B404
	for <freebsd-security@FreeBSD.ORG>; Thu, 30 Nov 2000 07:31:10 -0800 (PST)
Received: (from wollman@localhost)
	by khavrinen.lcs.mit.edu (8.9.3/8.9.3) id KAA29203;
	Thu, 30 Nov 2000 10:29:42 -0500 (EST)
	(envelope-from wollman)
Date: Thu, 30 Nov 2000 10:29:42 -0500 (EST)
From: Garrett Wollman <wollman@khavrinen.lcs.mit.edu>
Message-Id: <200011301529.KAA29203@khavrinen.lcs.mit.edu>
To: Rasputin <rasputin@FreeBSD-uk.eu.org>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: NATD: failed to write packet back (Permission denied)
In-Reply-To: <20001130113515.A72030@dogma.freebsd-uk.eu.org>
References: <20001126140033.E70192@149.211.6.64.reflexcom.com>
	<3A218C5B.9F677E51@FreeBSD.org>
	<200011270130.UAA88239@khavrinen.lcs.mit.edu>
	<3A221402.D88321D8@softweyr.com>
	<14882.49100.131730.989201@nomad.yogotech.com>
	<3A24AC77.51EF28C@softweyr.com>
	<200011291507.KAA16392@khavrinen.lcs.mit.edu>
	<3A253A44.D7EA9113@softweyr.com>
	<200011291802.NAA17650@khavrinen.lcs.mit.edu>
	<14885.22348.875384.616155@nomad.yogotech.com>
	<20001130113515.A72030@dogma.freebsd-uk.eu.org>
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

<<On Thu, 30 Nov 2000 11:35:15 +0000, Rasputin <rasputin@FreeBSD-uk.eu.org> said:

> There are many network services that don't run from inted/tcp-wrappers/etc,
> having their own (dubious?) security mechanisms.

> It's safer to block inbound access to that port if unneeded, especially if
> you don't have time to wade through cryptic access restiction docs.

Safer still not to run applications whose access-control model you
don't fully understand.

-GAWollman



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message