| Brent Saner on 2 Oct 2007 20:30:18 -0000 |
|
exactly my p.o.v. too, gabe (is "Gabe" okay?). what you should be worried about is if you run your entire network DMZ- no routing, no firewall, etc. just open to the chinese crackers (and russian, and irish, and african, and canadian, what have you. everyone). open wireless does not mean insecure access. or even unmitigated access. if you're concerned about people sending stuff from your ip, make a firewall-box rule- unlisted MACs cannot send/receive on mail (and only a fool would try to use webmail for an attack). nor can they ftp (IMPORTANT), or ssh, or bittorrent protocol, or telnet, or even access the local subnet. that right there pretty much leaves them locked down to just web browsing. "but what if they go to illegal, etc. sites?" unlisted MACs are routed through a proxy! (which, come to think, would prolly be a much easier way of doing the above). yeah, just built a proxybox and route all irregular connections through that. again, i hate to be the bringer of tough opposition, but you HAVE just been presenting FUD. i'd like to see documented numbers and sources of how many times X happens, how many times Y happens. oppression isn't the enemy of freedom, fear is. remember that. :) On 10/2/07, gabriel rosenkoetter <gr@eclipsed.net
> wrote: SNIP Those sorts of attacks aren't new, nor do they have anything to do -- Brent Saner 215.264.0112(cell) 215.362.7696(residence) http://www.thenotebookarmy.org ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug
|
|