From owner-freebsd-security Thu Jun 14 19:24:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.gmx.net (pop.gmx.net [194.221.183.20]) by hub.freebsd.org (Postfix) with SMTP id A9F0D37B405 for ; Thu, 14 Jun 2001 19:24:15 -0700 (PDT) (envelope-from Gerhard.Sittig@gmx.net) Received: (qmail 12096 invoked by uid 0); 15 Jun 2001 02:24:14 -0000 Received: from p3ee21631.dip.t-dialin.net (HELO speedy.gsinet) (62.226.22.49) by mail.gmx.net (mail04) with SMTP; 15 Jun 2001 02:24:14 -0000 Received: (from sittig@localhost) by speedy.gsinet (8.8.8/8.8.8) id VAA07509 for freebsd-security@freebsd.org; Thu, 14 Jun 2001 21:45:42 +0200 Date: Thu, 14 Jun 2001 21:45:42 +0200 From: Gerhard Sittig To: "'freebsd-security@freebsd.org'" Subject: Re: apache security question Message-ID: <20010614214542.K17514@speedy.gsinet> Mail-Followup-To: "'freebsd-security@freebsd.org'" References: <20010614212241.G49807@mail.webmonster.de> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 1.0i In-Reply-To: <20010614212241.G49807@mail.webmonster.de>; from karsten@rohrbach.de on Thu, Jun 14, 2001 at 09:22:41PM +0200 Organization: System Defenestrators Inc. Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, Jun 14, 2001 at 21:22 +0200, Karsten W. Rohrbach wrote: > > Yonatan Bokovza(Yonatan@xpert.com)@2001.06.14 21:34:09 +0000: > > > > You do have a firewall, right? > > why? for a web-only server? *grin* > the only service that listens is httpd on tcp port 80, for > severe network scanning and synflood handling consult the > blackhole(4) man page. Consulting the "man 4 blackhole" output was exactly what I did lately when the TCP_RESTRICT_RST setting became obsolete. Your statement made me curious, because I remembered the WARNING section: ----- man 4 blackhole -------------------------------------------- [ ... ] WARNING The TCP and UDP blackhole features should not be regarded as a replace- ment for ipfw(8) as a tool for firewalling your system. In order to cre- ate a highly secure system, you should use ipfw(8) to protect your sys- tem, and not the blackhole feature. This mechanism is not a substitute for securing your system, but should be used together with other security mechanisms. [ ... ] ----- man 4 blackhole -------------------------------------------- virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message