Date: Tue, 28 Jul 1998 22:19:47 -0600 From: Wes Peters <wes@softweyr.com> To: Mike Tancsa <mike@sentex.net> Cc: freebsd-chat@FreeBSD.ORG Subject: Re: QPopper exploit Message-ID: <35BEA2E3.9EFB8C9F@softweyr.com> References: <xzplnpf59fc.fsf@hrotti.ifi.uio.no> <35be78f0.278958611@mail.sentex.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Mike Tancsa wrote:
> I could only guess how often more 'popular' targets get attacked. We
> are only a 6000 user ISP. Imagine how much AOL and Microsoft must
> see.
Not very much, inside the firewall.
>From my former office at Intel, I had 13 hops to the "outside world",
through two firewalls that *I knew of.*
Now, between either of my workstations at Xylan (one Sun, one FreeBSD
for doing *REAL* work ;^), there is only one firewall, but all of
the internal traffic flows over switched networks using VLANs, so we
don't need quite so much firewalling.
One quick, fast, reliable way to protect yourself is to put your
router/firewall to the outside world onto a switch port on a
smart switch; the router/firewall won't see *most* of the internal,
unicast traffic, and therefore cannot be used to snoop any of that.
It helps with speed, too. ;^)
--
"Where am I, and what am I doing in this handbasket?"
Wes Peters Softweyr LLC
http://www.softweyr.com/~softweyr wes@softweyr.com
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35BEA2E3.9EFB8C9F>