Date: Thu, 22 Apr 1999 23:47:07 -0400 (EDT) From: "James A. Mutter" <jmutter@netwalk.com> To: Adam Ulmer <ulmer@ulmer.iserver.net> Cc: iratus@home.com, freebsd-questions@FreeBSD.ORG Subject: Re: Security Message-ID: <Pine.BSF.4.05.9904222342120.417-100000@insomnia.local.net> In-Reply-To: <Pine.BSI.3.95.990422165349.17653C-100000@ulmer.iserver.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 22 Apr 1999, Adam Ulmer wrote: :instead of telnet/rsh and ftp. If you are paranoid, use tcp-wrappers, :disable remote root logins, etc. A firewall is NOT automatic protection. True, a firewall is not automatic protection. However, a well configured firewall (it's really not that difficult) is always a preferable solution to tcp-wrappers. Assuming I'm Joe-ScriptKiddie, if I attempt to attack your machine and your running tcp-wrappers I can initiate a connection, a socket level connection with your box. Initiate enough of these consecutively and I imagine that some type of DOS is right around the corner. Imagine the same situation with a firewall. I never got a true connection with your machine (bad packets are conveniently redirected to /dev/null), I never get the opportunity to fire off 1000 processes of tcpd, your box is in better shape because of it. Just my $0.02, I've used both, I won't _ever_ go back to tcp-wrappers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9904222342120.417-100000>