Date: Thu, 14 Jun 2001 21:45:42 +0200 From: Gerhard Sittig <Gerhard.Sittig@gmx.net> To: "'freebsd-security@freebsd.org'" <freebsd-security@freebsd.org> Subject: Re: apache security question Message-ID: <20010614214542.K17514@speedy.gsinet> In-Reply-To: <20010614212241.G49807@mail.webmonster.de>; from karsten@rohrbach.de on Thu, Jun 14, 2001 at 09:22:41PM %2B0200 References: <EB513E68D3F5D41191CA00025558810150D448@mailserv.xpert.com> <20010614212241.G49807@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Jun 14, 2001 at 21:22 +0200, Karsten W. Rohrbach wrote:
>
> Yonatan Bokovza(Yonatan@xpert.com)@2001.06.14 21:34:09 +0000:
> >
> > You do have a firewall, right?
>
> why? for a web-only server? *grin*
> the only service that listens is httpd on tcp port 80, for
> severe network scanning and synflood handling consult the
> blackhole(4) man page.
Consulting the "man 4 blackhole" output was exactly what I did
lately when the TCP_RESTRICT_RST setting became obsolete. Your
statement made me curious, because I remembered the WARNING
section:
----- man 4 blackhole --------------------------------------------
[ ... ]
WARNING
The TCP and UDP blackhole features should not be regarded as a replace-
ment for ipfw(8) as a tool for firewalling your system. In order to cre-
ate a highly secure system, you should use ipfw(8) to protect your sys-
tem, and not the blackhole feature.
This mechanism is not a substitute for securing your system, but should
be used together with other security mechanisms.
[ ... ]
----- man 4 blackhole --------------------------------------------
virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76
Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net
--
If you don't understand or are scared by any of the above
ask your parents or an adult to help you.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010614214542.K17514>