Re: [PLUG] firewall risk

gabriel rosenkoetter on Thu, 30 Jan 2003 07:50:29 -0500

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] firewall risk

From: gabriel rosenkoetter <gr@eclipsed.net>

To: plug@lists.phillylinux.org

Subject: Re: [PLUG] firewall risk

Date: Thu, 30 Jan 2003 07:43:23 -0500

Delivery-date: Thu, 30 Jan 2003 07:50:29 -0500

Envelope-to: jeff@localhost

Mail-followup-to: plug@lists.phillylinux.org

Reply-to: plug@lists.phillylinux.org

Sender: plug-admin@lists.phillylinux.org

User-agent: Mutt/1.4i

On Thu, Jan 30, 2003 at 06:50:46AM -0500, Jeff Abrahamson wrote: > That is, suppose I make the naive argument that I only run sshd on > port 22, so all other ports get denied anyway by dint of having > nothing listening (not even inetd). Why bother with ip tables beyond > masquerading? > > (I'm pretty sure this is wrong, I just don't know why.) Because, historically, the Linux kernel has a bad track record of errors leading to DoS or even remote accessibitity in the TCP/IP stack. (So, btw, does the 4.2 BSD kernel's IP code, which is one reason that WinNT had long-term problems, having used 4.2 BSD's IP source and not merged in later fixes by more recent operating systems.) -- gabriel rosenkoetter gr@eclipsed.net
Attachment: pgpbOFFERO5sx.pgp
Description: PGP signature

Follow-Ups:

Re: [PLUG] firewall risk
From: Jeff Abrahamson <jeff@purple.com>

References:

RE: [PLUG] dsl questions
From: "Eugene Smiley" <eugene@esmiley.net>

Re: [PLUG] dsl questions
From: LeRoy Cressy <leroy@lrcressy.com>

[PLUG] firewall risk
From: Jeff Abrahamson <jeff@purple.com>

Prev by Date: [PLUG] firewall risk

Next by Date: Re: [PLUG] firewall risk

Previous by thread: [PLUG] firewall risk

Next by thread: Re: [PLUG] firewall risk

Index(es):

Date

Thread