From owner-freebsd-questions Thu Apr 22 20:47:14 1999 Delivered-To: freebsd-questions@freebsd.org Received: from pokey.local.net (tcs4-21.netwalk.net [206.175.52.213]) by hub.freebsd.org (Postfix) with ESMTP id 2D1F014EF9 for ; Thu, 22 Apr 1999 20:47:08 -0700 (PDT) (envelope-from jmutter@netwalk.com) Received: from insomnia.local.net (insomnia.local.net [192.168.2.3]) by pokey.local.net (8.9.2/8.9.2) with ESMTP id XAA22404; Thu, 22 Apr 1999 23:44:25 -0400 (EDT) (envelope-from jmutter@insomnia.local.net) Date: Thu, 22 Apr 1999 23:47:07 -0400 (EDT) From: "James A. Mutter" Reply-To: jmutter@netwalk.com To: Adam Ulmer Cc: iratus@home.com, freebsd-questions@FreeBSD.ORG Subject: Re: Security In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Thu, 22 Apr 1999, Adam Ulmer wrote: :instead of telnet/rsh and ftp. If you are paranoid, use tcp-wrappers, :disable remote root logins, etc. A firewall is NOT automatic protection. True, a firewall is not automatic protection. However, a well configured firewall (it's really not that difficult) is always a preferable solution to tcp-wrappers. Assuming I'm Joe-ScriptKiddie, if I attempt to attack your machine and your running tcp-wrappers I can initiate a connection, a socket level connection with your box. Initiate enough of these consecutively and I imagine that some type of DOS is right around the corner. Imagine the same situation with a firewall. I never got a true connection with your machine (bad packets are conveniently redirected to /dev/null), I never get the opportunity to fire off 1000 processes of tcpd, your box is in better shape because of it. Just my $0.02, I've used both, I won't _ever_ go back to tcp-wrappers. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message