Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 27 Mar 1995 00:10:46 -0700 (MST)
From:      Scott Mace <smace@metal-mail.neosoft.com>
To:        jkh@violet.berkeley.edu (Jordan K. Hubbard)
Cc:        security@FreeBSD.org
Subject:   Re: your mail
Message-ID:  <199503270710.AAA00466@metal.ops.neosoft.com>
In-Reply-To: <199503270551.VAA06922@violet.berkeley.edu> from "Jordan K. Hubbard" at Mar 26, 95 09:51:52 pm

next in thread | previous in thread | raw e-mail | index | archive | help
> 
> Path: agate!spool.mu.edu!uwm.edu!news.alpha.net!solaris.cc.vt.edu!swiss.ans.net!potogold.rmii.com!craig.vaultbbs.com!csteiner
> From: csteiner@vaultbbs.com (Craig Steiner)
> Newsgroups: comp.os.386bsd.questions
> Subject: FreeBSD vs. Satan & Security
> Date: Sun, 26 Mar 1995 23:38:03
> Organization: Vault Information Services
> Lines: 26
> Distribution: world
> Message-ID: <csteiner.46.0017A317@vaultbbs.com>
> NNTP-Posting-Host: craig.vaultbbs.com
> X-Newsreader: Trumpet for Windows [Version 1.0 Rev A]
> 
> I assume I am not the only one who has heard about a program called "Satan" 
> which is going to be released in early April.  Apparently it's a program to 
> help system administrators find holes in their system security--the only 
> catch being that anyone in the world will be able to run it against any system 
> on the net.  So obviously it'll be a great tool for hackers...
> 
> Does anyone know how FreeBSD 2.0 will stack up against this program?  Are we 
> going to have a bunch of holes discovered by teenagers just looking to make 
> life difficult for us?
> 
> Also, in Linux and System-V systems there are files called hosts.deny and 
> hosts.allow that allow you to allow/deny access to specific hosts on the net 
> to particular services (or all services).  Are there any equivalents in BSD?  
> I've read over the TCP/IP Admin. manual as well as scanned the man pages and I 
hosts.allow and deny are simply from the cert tcp wrappers... I KNOW thats all
the Linux ones are....  

> can't find anything.  I have a number of sites that I'd like to block access 
> from before the Satan program is released.

As far as I'm concerned if your system is on the net and not firewalled you
are asking for it.  My system for example alows everything out, but only
alows smtp, ftp and telnet (the latter two from only one secure site).  A
couple of other harmless things are opened up for  me also...  I don't use
the firewall built into freebsd.  I use a firewall developed at NeoSoft Inc.
If works on any bsd derrived system.  There is one reason that I don't use
the one built into freebsd because it can be modified when the system is up.
The NeoSoft firewall is compiled into the kernel, (which in turn can be
set schg) so it becomes very hard for someone to modify your firewall should
they somehow get in...  I think this is a crucial point if your machine is
protecting other machines....

SATAN is going to hurt others alot more than it will ever hurt FreeBSD.
Simply due to the fact that compared to other OS's on the net, FreeBSD
is a minority...

	Scott



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199503270710.AAA00466>