From owner-freebsd-stable  Wed Dec  5  9:46:56 2001
Delivered-To: freebsd-stable@freebsd.org
Received: from web21009.mail.yahoo.com (web21009.mail.yahoo.com [216.136.227.63])
	by hub.freebsd.org (Postfix) with SMTP id 4A4D237B41A
	for <freebsd-stable@freebsd.org>; Wed,  5 Dec 2001 09:46:54 -0800 (PST)
Message-ID: <20011205174654.93719.qmail@web21009.mail.yahoo.com>
Received: from [66.3.230.240] by web21009.mail.yahoo.com via HTTP; Wed, 05 Dec 2001 17:46:54 GMT
Date: Wed, 5 Dec 2001 17:46:54 +0000 (GMT)
From: =?iso-8859-1?q?Matt=20Sykes?= <mattmsykes@yahoo.co.uk>
Subject: naive security question
To: freebsd-stable@freebsd.org
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-stable@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-stable.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-stable>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-stable>
X-Loop: FreeBSD.ORG


I have a recently cvsupped SMP 4.4-stable running great.

ipfilter is:

- blocking (all?) spoofs and smurfs
- blocking all packets on all ports except:
   - packets part of inside-initiated tcp/udp/icmp connections
   - tcp SYN packets on port 22 (ssh)

The setup is taken directly from the ipf-howto.

So all unwanted packets are dropped except for SYN/22 packets.  This
leaves me open to SYN flooding and username/password guessing.  After
some google research, it appears FreeBSD is pretty good at combating
the flooding problem.  As for username/password guessing, there's not
much I can do about that other than picking a 'good' password and
checking the logs.  Oh and there could be an exploit in OpenSSH.

My naive view is that this setup looks -pretty good-.

My question is: how confident should I be?  Is it really worthwhile
for me to spend time setting up tripwire, kernel levels, etc?  How
many people are that really that paranoid (paranoia being a good
thing)?  I am a software developer (this box is at work), so the more
time I spend developing software the better.

Thanks.


________________________________________________________________
Nokia 5510 looks weird sounds great. 
Go to http://uk.promotions.yahoo.com/nokia/ discover and win it! 
The competition ends 16 th of December 2001.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message