| Jeff Abrahamson on Thu, 30 Jan 2003 12:10:36 -0500 |
|
On Thu, Jan 30, 2003 at 07:43:23AM -0500, gabriel rosenkoetter wrote: > On Thu, Jan 30, 2003 at 06:50:46AM -0500, Jeff Abrahamson wrote: > > That is, suppose I make the naive argument that I only run sshd on > > port 22, so all other ports get denied anyway by dint of having > > nothing listening (not even inetd). Why bother with ip tables beyond > > masquerading? > > > > (I'm pretty sure this is wrong, I just don't know why.) > > Because, historically, the Linux kernel has a bad track record of > errors leading to DoS or even remote accessibitity in the TCP/IP > stack. So I could listen to know ports whatsoever and be compromised? How would that work? -- Jeff Jeff Abrahamson <http://www.purple.com/jeff/> GPG fingerprint: 1A1A BA95 D082 A558 A276 63C6 16BF 8C4C 0D1D AE4B Attachment:
pgpr5vx3C3Kd6.pgp
|
|