Rohde.Henning at gmx.net
Sun Sep 29 05:18:17 PDT 2002
hi everybody else,
dagmar at speakeasy.net wrote:
> On Thu, 26 Sep 2002, Henning Rohde wrote:
>> But in privcate discussion I was convinced that it would be helpful to
>> provide a suggestion about the _number_ of the symlinks: immedately after
>> the creation / before the deletion of the [last/first] network interface.
> Firewall rules need to be able to put into place _before_ any network
> initialization happens per RFC ...
yes, you're right, they should be to be that.
But I've seen a number of boxes where the $admin wanted them to do some
(automatic) communication _before_ the firewalling-rules denied especially
that kind of communication. Please do not argue about any sillyness of this
kind of setup, I'd just like to be open for it.
BTW: as long as we consider a "virgin" box, with no services running that
could be reached via network, to be _un_vulnerable there should be no
window for an attack as long as firewalling is started before any service.
We might argue on syslogd still running when firewalling is turned off:
setups might exist where only the DMZ-server are, via firewalling rules,
allowed to log to a log-server [e.g., printing them immedately to paper].
There could be a tiny window, after firewalling was turned off while syslog
is still running, for sending malicious packets the log-server.
Just my 2 cents of EUR,
"KDE 3.0.3 contains an important fix for handling SSL certificates ...
Users of Internet Explorer, which suffers from the same problem but which
does not yet have a fix available, are also encouraged to switch to KDE
Waldo Bastian in http://www.kde.org/announcements/announce-3.0.3.html
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-dev' in the subject header of the message
More information about the blfs-dev