At 10:38 PM 9/12/2001 -0400, you wrote:
> No flame from me. I don't like firewalls either. They block ONLY
>those ports that you're not running servers on. But if I'm already NOT
>running services on those ports, what's the point?
Bingo.
> Oh! This is it! If I'm a screwup and I accidentally run a service I
>didn't intend to, I guess I've just exposed myself, without a firewall.
There are as many chances of me accidently shutting down the firewall then there are
of me turning on a service unintentionally. No, actually, there are MORE chances of my
accidently shutting down the firewall.
Further more, I have read that firewalls are not impenetrable, considering things like
IP spoofing. Which means that your have to be secure without your firewall via other
measures anyway.
Ever heard of nmap -sX or nmap -sF ?
>But gosh, if I screwup the config on the firewall I expose myself anyway.
>Little difference in my opinion. Think about what you do on EVERY machine
>in your network. Don't hide behind the FALSE SECURITY that a firewall
>might pretend to give you. I've scanned too many friends and customers
>networks that have firewalls only to find they didn't configure the FW
>correctly, exposing themselves, all the while sleeping snug as a bug at
>night :-(
>
> NMAP SCAN your entire network regularly. Watch your logs constantly.
>Read Bugtraq, redhat-security, etc.
>
> --- Jay
>
>P.S. I *LIVE* as root on my systems as well.
Well I don't, and I suggest you don't do it either. People like you will potentially
make it possible for worms and virii to get around on a few UNIX boxes.
> Know what's gonna happen
>BEFORE you hit enter. No better way to condition yourself to PAY
Yep. Thanks.
>ATTENTION to what you're doing :-)
>
>+------------------------------------------------------------------------+
>| Jay Nugent [EMAIL PROTECTED] (734)971-1076 (734)971-4529/Fax |
>| Nugent Telecommunications [www.nuge.com] (734)649-0850/Cell |
>| Internet Consulting/Linux SysAdmin/Engineering & Design/ISP Reseller |
>| ISP Monitoring [www.ispmonitor.net] ISP & Modem Performance Monitoring |
>| Web-Pegasus [www.webpegasus.com] Web Hosting/DNS Hosting/Shell Accts|
>| LinuxNIC, Inc. [www.linuxnic.net] Registrar of the .linux TLD |
>+------------------------------------------------------------------------+
> 10:00pm up 3 days, 6:50, 6 users, load average: 0.02, 0.07, 0.02
>
>_______________________________________________
>http://linux.nf -- [EMAIL PROTECTED]
>Archives, Subscribe, Unsubscribe, Digest, Etc
>->http://linux.nf/mailman/listinfo/linux-users
----------------------------------------------------
Jonathan Wilson
System Administrator
Cedar Creek Software http://www.cedarcreeksoftware.com
Central Texas IT http://www.centraltexasit.com
_______________________________________________
http://linux.nf -- [EMAIL PROTECTED]
Archives, Subscribe, Unsubscribe, Digest, Etc
->http://linux.nf/mailman/listinfo/linux-users