From owner-freebsd-security Fri Sep 24 11:29:47 1999 Delivered-To: freebsd-security@freebsd.org Received: from kerouac.deepwell.com (deepwell.com [209.63.174.12]) by hub.freebsd.org (Postfix) with SMTP id 1DEDF14CF8 for ; Fri, 24 Sep 1999 11:29:41 -0700 (PDT) (envelope-from freebsd@deepwell.com) Received: (qmail 22904 invoked from network); 24 Sep 1999 19:15:23 -0000 Received: from proxy.dcomm.net (HELO terry) (209.63.175.10) by deepwell.com with SMTP; 24 Sep 1999 19:15:23 -0000 Message-Id: <4.2.0.58.19990924112627.018902c0@mail1.dcomm.net> X-Sender: freebsd@mail.deepwell.com X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.0.58 Date: Fri, 24 Sep 1999 11:28:18 -0700 To: nate@mt.sri.com (Nate Williams), freebsd-security@freebsd.org From: Deepwell Internet Subject: Re: default rc.firewall In-Reply-To: <199909241733.LAA27644@mt.sri.com> References: <4.2.0.58.19990924111600.04809a90@localhost> <3.0.5.32.19990923152232.007c94c0@memes.com> <4.2.0.58.19990924111600.04809a90@localhost> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > >Building a firewall is somtimes a hit/miss proposition because you never >know *what* kind of traffic is being generated on a LAN, and what I've >found is that too often I shut someone down from doing something they >think they want. > >(On the other hand, with the number of hacks available to the world, >we've been able to convince the users and management that some of the >'nice' services they like are no longer a good idea, usually by pointing >them to a CERT advisory and/or similar document explaing how we can get >broken into with the service. :( ) This happens to us quite frequently where we think we're implementing a good filter rule and someone comes along and say "But I want to share my win98 drives to the Internet" or something equally stupid. Hrrrmph. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message