> Dmitry Mityugov wrote: >>>>Apart from that, I must agree with Dave Horsfall - please provide an >>>> IP. >>> >>>Is there a critical patch that you believe those machines would need? >>>Anything more serious than a potential denial of service attack? > Yes, I recommend all patches. > DOS is enough for me. > >> Indeed. If the machine is properly firewalled, what kind of attack >> other than DoS can break it? > All those on vulnerabilites that were fixed in patches after the last one > applied. > > A firewall may or may not help you. > > If the attack is on a jail to which you allow access through your > firewall, > you've had it, e.g.. > > Or someone sends you a specially crafted file that exploits a > vulnerability > described in FreeBSD-SA-05:11.gzip and/or FreeBSD-SA-05:14.bzip2.asc. > That's DOS, that kind of attack is serious enough for me to try to avoid. > > Or someone gains root privileges via the vulnerability described in > FreeBSD-SA-05:16.zlib, FreeBSD-SA-05:17.devfs or FreeBSD-SA-05:18.zlib. > > I mean it's great FreeBSD can sustain such a long uptime. > But, IMHO, it's nothing to brag about, since it simultaneously indicates > missing patches, which I find worse. Missing patches?, Most people I know can apply patches with out rebooting a FreeBSD. > Planned downtime for maintenance is ok. It is , but this is bragging rights were talking here. > > Kind regards, > lars. > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to > "[EMAIL PROTECTED]" >
_______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
