Volker Armin Hemmann writes:
On Wednesday 17 September 2008, kashani wrote:
Vaeth wrote:
Could you please use a mail client which insert correctly the
fields In-Reply-To ans Reference ?
Thanks for the hint, I was not aware of this. But unfortunately, it
appears that it is not
Hi Vaeth,
on Wed, Sep 17, 2008 at 09:49:08AM +0200, you wrote:
[...] that in any halfway sane router these NAT problems are not an
issue. And with many routers running Linux today so you can even get a
shell and check iptables... :)
We are obviously talking about a different price
Am Thursday 18 September 2008 12:34:17 schrieb Matthias Bethke:
Hi Vaeth,
on Wed, Sep 17, 2008 at 09:49:08AM +0200, you wrote:
[...] that in any halfway sane router these NAT problems are not an
issue. And with many routers running Linux today so you can even get a
shell and check
Hi Vaeth,
on Wed, Sep 17, 2008 at 10:40:47AM +0200, you wrote:
Alan Cox: chroot is not and never has been a security tool, see e.g.
http://kerneltrap.org/Linux/Abusing_chroot
No disrespect to Mr. Cox but a silly argument stays a silly argument
even if brought forward by Alan. Programs
On Tue, 16 Sep 2008, Matthias Bethke wrote:
[...] that in any halfway sane router these NAT problems are not an
issue. And with many routers running Linux today so you can even get a
shell and check iptables... :)
We are obviously talking about a different price category of routers.
Most
Matthias Bethke wrote:
I'd say the vast majority of chroot jails are there for nothing
else but security.
Alan Cox: chroot is not and never has been a security tool, see e.g.
http://kerneltrap.org/Linux/Abusing_chroot
No disrespect to Mr. Cox but a silly argument stays a silly
snip
Could you please use a mail client which insert correctly the fields
In-Reply-To ans Reference ?
--
Nicolas Sebrecht
Could you please use a mail client which insert correctly the fields
In-Reply-To ans Reference ?
Thanks for the hint, I was not aware of this. But unfortunately, it
appears that it is not just a question of the mail client:
I am subsribed to the list as post-only (for several reasons which I
Vaeth wrote:
Could you please use a mail client which insert correctly the fields
In-Reply-To ans Reference ?
Thanks for the hint, I was not aware of this. But unfortunately, it
appears that it is not just a question of the mail client:
I am subsribed to the list as post-only (for several
On Wednesday 17 September 2008, kashani wrote:
Vaeth wrote:
Could you please use a mail client which insert correctly the fields
In-Reply-To ans Reference ?
Thanks for the hint, I was not aware of this. But unfortunately, it
appears that it is not just a question of the mail client:
I
On Tue, 16 Sep 2008, Neil Bothwick wrote:
On Tue, 16 Sep 2008 13:49:36 +0200 (CEST), Vaeth wrote:
It is always better to have a port not open than to rely on a router
to close it apparently.
If you are using NAT on the router, you have to explicitly forward that
port somewhere for it
On Tue, 16 Sep 2008 17:29:16 +0200 (CEST), Vaeth wrote:
If you are using NAT on the router, you have to explicitly forward
that port somewhere for it to work. [...]
Except that this is not completely true: See some of the many articles
in the net which explain why NAT is not a security
Neil Bothwick wrote:
On Tue, 16 Sep 2008 17:29:16 +0200 (CEST), Vaeth wrote:
If you are using NAT on the router, you have to explicitly forward
that port somewhere for it to work. [...]
Except that this is not completely true [...]
So the router maintains a database of current
Hi Neil,
on Tue, Sep 16, 2008 at 04:59:39PM +0100, you wrote:
Except that this is not completely true: See some of the many articles
in the net which explain why NAT is not a security feature. A quick
google search gave e.g.
http://www.nexusuk.org/articles/2005/03/12/nat_security/
So
Hi Vaeth,
on Tue, Sep 16, 2008 at 07:14:48PM +0200, you wrote:
In addition, the default rsyncd configuration with Gentoo uses a chroot
jail.
Also a chroot jail is not a security feature: There are several ways known
how to break out.
Huh? In the case of NAT it's reasonable to say it's not
Matthias Bethke wrote:
Hi Vaeth, [...]
Also a chroot jail is not a security feature: There are several
ways known how to break out.
[...] But there's only one reason I can see why you'd use a
chroot environment *except* for security and that's to have more than
one set of system
On Tuesday 16 September 2008 19:29:21 Matthias Bethke wrote:
I'd say the vast majority of
chroot jails are there for nothing else but security.
Replace security with warm fuzzy feeling of apparent security that actually
doesn't exist and you're close to the mark. The sole positive of using
Hi Vaeth,
on Tue, Sep 16, 2008 at 07:54:43PM +0200, you wrote:
I don't even see why you'd strictly need connection tracking to avoid
attacks made possible by grossly misconfigured ISP routers. Your router
knows that packets with a destination address of 10/8, 192.168/16 and
the like have
Hi Vaeth,
on Tue, Sep 16, 2008 at 08:36:28PM +0200, you wrote:
Also a chroot jail is not a security feature: There are several
ways known how to break out.
[...] But there's only one reason I can see why you'd use a
chroot environment *except* for security and that's to have more than
19 matches
Mail list logo