-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 tarvid wrote on Thu, Mar 06, 2003 at 03:10:08AM -0500 : > > > > > > PLEASE PLEASE! DO NOT MAKE THE FIREWALL SERVE A BUNCH OF SERVICES! > Try the converse on for size.
You're making it sound as if I said either/or. I didn't spell it out properly then. Do both. > Can I really get better security by permitting burning holes with persistent > http tunnels than by installing a transparenet proxy on the gateway? Like everything in Linux, it depends on the exploit. If the exploit is a remote root exploit that opens up a port 31337 such that if you ssh directly to it, you get root, then both ways work the same. If the exploit is a remote root exploit that leaves a shell running as root on port 25, then your screwed no matter what you do. The other guy has my intent correct: I'm not saying my way is the only way. I would be Todd Gates if that was the case. Instead, I'm saying I recommend this way because you should _think_ about putting a system together, no just throw it all together helter skelter. (insert cliche about eggs and a basket) Blue skies... Todd - -- MandrakeSoft USA http://www.mandrakesoft.com Mandrake: An amalgam of good ideas from RedHat, Debian, and MandrakeSoft. All in all, IMHO, an unbeatable combination. --Levi Ramsey on Cooker ML Mandrake Cooker Devel Version, Kernel 2.4.21-0.12mdk -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+Z6MIlp7v05cW2woRAjnkAKDJWhfL6N0eEZdbZA1eKNT5/Dl1oQCgm0k6 TTN18zh2kzNtPIa858UGQYA= =RDfY -----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com