[EMAIL PROTECTED] writes: >Dave T. wrote - >> I feel compelled to quickly point out that NAT/masquerading is >> _not_ a >> security feature. What you're describing is a stateful firewall, >> which >> allows only inbound traffic which is related to outgoing requests. >> This >> is not in any way related to network address translation, which is >> what >> NAT/masquerading does. iptables can do both, but please don't >> confuse >> them, nor rely on NAT to protect you. > >Of course you are correct, David. But we have been skirting the central >issue. Glen seems to think that the responsibility for "safe internet >sex" rests in Red Hat's hands. I come down on the other side and
I never said that. What I said is that I'm not a computer geek, I'm a Red Hat Linux end user. The bottom line is, Linux is a computer geek's operating system. And no matter how much I study and learn and work on this system, there is going to be someone out there who knows it better than I do, and if they want to bad enough they'll find a way in. The best I can hope for is to build a wall big enough around my system so that the hackers will decide to pick on an easier target. My understanding is that Red Hat primarily puts together the package, but they don't write most of the programs that they include. As such they can't be held responsible for weaknesses in shipped programs unless they ship a product that they know is flawed. If don't believe for a minute they'd do that. As for Red Hat's role in this. They are culpable on one count - since I now have my own subnet, I always upgrade my systems with the new releases. However, they have decided that most of us are rich, and that no one uses 486s and PIs anymore. Two thirds of my boxes have 16 MB RAM and can't install the current releases. One key reason why I was hacked is because I couldn't upgrade those boxes. So don't tell me that I'm solely responsible here. Thanks to the Rule people and Miniconda I was finally able this weekend to upgrade the hacked box to 7.2. But Rule is an independent project and not affiliated with Red Hat. So if my system is secure now, the Rule people get the credit. I can install the programs, write the iptables, and shut down all ports but those I absolutely have to use. But all that's worthless if I can't upgrade to current releases because the installer won't run on 16 MB RAM. BTW, I've notified the FBI here in Minneapolis, and the respective foreign authorities. Some good may come out of this yet. Glen _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list