The first mistake is running Windows. The second mistake is not putting Windows machines all on their own subnet with a firewall between it and the `good' machines on the Linux subnet.
Aynone who can secure Windows itself with a firewall product has a ready and steady market! -- Sincerely, David Smead http://www.amplepower.com. On Fri, 19 Apr 2002, dman wrote: > On Thu, Apr 18, 2002 at 10:16:50PM -0700, David Smead wrote: > | Noah, > | > | The more programs running on a computer, the less secure it is. A > | firewall can run a mimimal system - see the LEAF project with deep Debian > | roots. If you run a firewall running out of RAM then not only will it be > | minimal, but no trojans can live beyond a reboot. > > Ok, that's cool. Now run IE on Windows on a client behind your > firewall. Surf to a site running IIS and Nimbda. You've got Nimda. > Lotta goog the firewall did there. > > | I'll let you tell me how a browser session of an internal user is hijacked > | and then we'll discuss the missing rule in the firewall. > > The missing rule is that you let out requests destined for TCP port > 80. (or 8080 or wherever that IIS server happens to be listening) > Or, maybe the problem is the (insecure) IE client. > > -D > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
