NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Firewalls> 2000-q3

Subject: RE:( NAT and) freebsd
From: Ben Nagy (ben.nagymarconi.com.au)
Date: Wed Nov 29 2000 - 16:52:13 CST

Next message: Larry Paul: "RE: Poly who?"
Previous message: Rick Murphy: "RE: Emily's response to the rumors"
Next in thread: mouss: "RE:( NAT and) freebsd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> -----Original Message-----
> From: mouss [mailto:usebsdfree.fr]
> Sent: Thursday, 30 November 2000 12:10
> To: Ben Nagy; firewallsLists.GNAC.NET
> Subject: RE: NAT and freebsd
>
>
> At 10:15 29/11/00 +1030, Ben Nagy wrote:
> >[snip]
> >
> >Are you JOKING?
>
> I understand your feeling, but I can't let it pass when
> someone says "Do
> not ever thing of
> using FreeBSD". whatever is the level of Open, Free is still
> better than
> many other
> systems. I don't wanna cite any particular OS to avoid
> bringing the debate
> to a no end.
>
> If the guy stoped at "audited code", I wouldn't have said
> anything but his
> "manpages,
> ftp proxy and the like" just got me out of my quiet partition...

Yeah, I agree. I was only taking issue with the security angle.

>
> I admit that the guys at Open do a nice job about reviewing
> the code. But
> that's not all...
>
> >There have been about two dozen FreeBSD advisories in the
> >last month! I can't even remember the last OpenBSD advisory I saw.
>
> so here is a confidence: a look at securityfocus lists:
> OpenBSD:
> 2000-11-10: adduser vulnerability shared with RedHat)
> 2000-10-05: talkd vuln.
> 2000-10-05: arp related DoS
> 2000-10-04: fstat vuln

Yeah, well. Obviously I have a short memory. 8)

[...]
> > >
> > > >Built in ftp proxy.
> >
> >This was an error - OpenBSD does not have a built in FTP
> proxy. IPFilter
> >kind of has one but it's not a real proxy. Which is a shame.
>
> would that be really good? Apart from being able to filter
> commands, what
> would be the pros compared to just ipfiltering it?

All the normal benefits of running an ALG versus a filter - protection from
packet level attacks that don't involve the data channel.

> > > ipfilter is enough for most of us.
> > > the few who need a proxy can consider the FWTK one.
> >
> >Or the SuSE one, which I found easier to get working an
> better for granualar
> >control. *shrug*
>
> last time I tried to compile it, it failed because it
> required a library (I
> don't remember, but
> I think it's some regex thing)[...]

I had a hell of a time compiling it, too. Ended up using the copy in the
ports collection. I was making progress with the compile but it was taking
way too long for a POC and I figured that since it was under actiove dev it
would be fixed soon anyway, and by people that know how to code. ;)

>
> cheers,
> mouss

Cheers,

--
Ben Nagy
Marconi Services
Network Integration Specialist
Mb: +61 414 411 520  PGP Key ID: 0x1A86E304
-
[To unsubscribe, send mail to majordomolists.gnac.net with
"unsubscribe firewalls" in the body of the message.]

Next message: Larry Paul: "RE: Poly who?"
Previous message: Rick Murphy: "RE: Emily's response to the rumors"
Next in thread: mouss: "RE:( NAT and) freebsd"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]