Date: Thu, 14 Jun 2001 21:45:42 +0200 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: "'freebsd-security@freebsd.org'" <freebsd-security@freebsd.org> Subject: Re: apache security question Message-ID: <20010614214542.K17514@speedy.gsinet> In-Reply-To: <20010614212241.G49807@mail.webmonster.de>; from karsten@rohrbach.de on Thu, Jun 14, 2001 at 09:22:41PM %2B0200 References: <EB513E68D3F5D41191CA00025558810150D448@mailserv.xpert.com> <20010614212241.G49807@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 14, 2001 at 21:22 +0200, Karsten W. Rohrbach wrote: > > Yonatan Bokovza(Yonatan@xpert.com)@2001.06.14 21:34:09 +0000: > > > > You do have a firewall, right? > > why? for a web-only server? *grin* > the only service that listens is httpd on tcp port 80, for > severe network scanning and synflood handling consult the > blackhole(4) man page. Consulting the "man 4 blackhole" output was exactly what I did lately when the TCP_RESTRICT_RST setting became obsolete. Your statement made me curious, because I remembered the WARNING section: ----- man 4 blackhole -------------------------------------------- [ ... ] WARNING The TCP and UDP blackhole features should not be regarded as a replace- ment for ipfw(8) as a tool for firewalling your system. In order to cre- ate a highly secure system, you should use ipfw(8) to protect your sys- tem, and not the blackhole feature. This mechanism is not a substitute for securing your system, but should be used together with other security mechanisms. [ ... ] ----- man 4 blackhole -------------------------------------------- virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010614214542.K17514>