security

Daniel Roethlisberger daniel at roe.ch
Sun Oct 7 10:31:16 PDT 2001


J.A. Neitzel <jan.listbox at belvento.org> wrote:
> Mmmm, let's see... I think those 99.9% might be by accident
> listening ports because a person doesn't quite know all this
> stuff yet. You are right, but 99.9% or not..? If they *are* only
> open by accident, they are still open. I just think in a case
> like this, a firewall might give a false sense of security where
> there already is none. See what I say?

Well, if you just close down everything (accept established and
related connections, drop rest in input), then there's no
accidentally open ports: then there's no open ports whatsoever ;)
But generally you are right; a badly configured firewall can be
worse than no firewall.

> Theoretical? Probably yes, but LFS by the book in its raw form I
> think has no listening ports.

Absolutely. But hardly anybody installs a base LFS and leaves it
there. That was my point. But I can only speak for myself, and I
run at least sshd on every single box I own or administer. But
then again, I have at least one NIC on every box as well... :)

Cheers,
Dan

-- 
   Daniel Roethlisberger <daniel at roe.ch>
   PGP Key ID 0x8DE543ED with fingerprint
   6C10 83D7 2BB8 D908 10AE  7FA3 0779 0355 8DE5 43ED

-- 
Unsubscribe: send email to listar at linuxfromscratch.org
and put 'unsubscribe blfs-support' in the subject header of the message



More information about the blfs-support mailing list