-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
tarvid wrote on Thu, Mar 06, 2003 at 03:10:08AM -0500 :
> > >
> > > PLEASE PLEASE! DO NOT MAKE THE FIREWALL SERVE A BUNCH OF SERVICES!
> Try the converse on for size.
You're making it sound as if I said either/or. I didn't spell it out
properly then. Do both.
> Can I really get better security by permitting burning holes with persistent
> http tunnels than by installing a transparenet proxy on the gateway?
Like everything in Linux, it depends on the exploit. If the exploit is
a remote root exploit that opens up a port 31337 such that if you ssh
directly to it, you get root, then both ways work the same. If the
exploit is a remote root exploit that leaves a shell running as root on
port 25, then your screwed no matter what you do.
The other guy has my intent correct: I'm not saying my way is the only
way. I would be Todd Gates if that was the case. Instead, I'm saying I
recommend this way because you should _think_ about putting a system
together, no just throw it all together helter skelter. (insert cliche
about eggs and a basket)
Blue skies... Todd
- --
MandrakeSoft USA http://www.mandrakesoft.com
Mandrake: An amalgam of good ideas from RedHat, Debian, and MandrakeSoft.
All in all, IMHO, an unbeatable combination. --Levi Ramsey on Cooker ML
Mandrake Cooker Devel Version, Kernel 2.4.21-0.12mdk
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQE+Z6MIlp7v05cW2woRAjnkAKDJWhfL6N0eEZdbZA1eKNT5/Dl1oQCgm0k6
TTN18zh2kzNtPIa858UGQYA=
=RDfY
-----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
