> -----Original Message-----
> From: mouss [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, 30 November 2000 12:10
> To: Ben Nagy; [EMAIL PROTECTED]
> Subject: RE: NAT and freebsd
>
>
> At 10:15 29/11/00 +1030, Ben Nagy wrote:
> >[snip]
> >
> >Are you JOKING?
>
> I understand your feeling, but I can't let it pass when
> someone says "Do
> not ever thing of
> using FreeBSD". whatever is the level of Open, Free is still
> better than
> many other
> systems. I don't wanna cite any particular OS to avoid
> bringing the debate
> to a no end.
>
> If the guy stoped at "audited code", I wouldn't have said
> anything but his
> "manpages,
> ftp proxy and the like" just got me out of my quiet partition...
Yeah, I agree. I was only taking issue with the security angle.
>
> I admit that the guys at Open do a nice job about reviewing
> the code. But
> that's not all...
>
> >There have been about two dozen FreeBSD advisories in the
> >last month! I can't even remember the last OpenBSD advisory I saw.
>
> so here is a confidence: a look at securityfocus lists:
> OpenBSD:
> 2000-11-10: adduser vulnerability shared with RedHat)
> 2000-10-05: talkd vuln.
> 2000-10-05: arp related DoS
> 2000-10-04: fstat vuln
Yeah, well. Obviously I have a short memory. 8)
[...]
> > >
> > > >Built in ftp proxy.
> >
> >This was an error - OpenBSD does not have a built in FTP
> proxy. IPFilter
> >kind of has one but it's not a real proxy. Which is a shame.
>
> would that be really good? Apart from being able to filter
> commands, what
> would be the pros compared to just ipfiltering it?
All the normal benefits of running an ALG versus a filter - protection from
packet level attacks that don't involve the data channel.
> > > ipfilter is enough for most of us.
> > > the few who need a proxy can consider the FWTK one.
> >
> >Or the SuSE one, which I found easier to get working an
> better for granualar
> >control. *shrug*
>
> last time I tried to compile it, it failed because it
> required a library (I
> don't remember, but
> I think it's some regex thing)[...]
I had a hell of a time compiling it, too. Ended up using the copy in the
ports collection. I was making progress with the compile but it was taking
way too long for a POC and I figured that since it was under actiove dev it
would be fixed soon anyway, and by people that know how to code. ;)
>
> cheers,
> mouss
Cheers,
--
Ben Nagy
Marconi Services
Network Integration Specialist
Mb: +61 414 411 520 PGP Key ID: 0x1A86E304
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
