Dmitry Mityugov wrote: >>>Apart from that, I must agree with Dave Horsfall - please provide an IP. >> >>Is there a critical patch that you believe those machines would need? >>Anything more serious than a potential denial of service attack? Yes, I recommend all patches. DOS is enough for me.
> Indeed. If the machine is properly firewalled, what kind of attack > other than DoS can break it? All those on vulnerabilites that were fixed in patches after the last one applied. A firewall may or may not help you. If the attack is on a jail to which you allow access through your firewall, you've had it, e.g.. Or someone sends you a specially crafted file that exploits a vulnerability described in FreeBSD-SA-05:11.gzip and/or FreeBSD-SA-05:14.bzip2.asc. That's DOS, that kind of attack is serious enough for me to try to avoid. Or someone gains root privileges via the vulnerability described in FreeBSD-SA-05:16.zlib, FreeBSD-SA-05:17.devfs or FreeBSD-SA-05:18.zlib. I mean it's great FreeBSD can sustain such a long uptime. But, IMHO, it's nothing to brag about, since it simultaneously indicates missing patches, which I find worse. Planned downtime for maintenance is ok. Kind regards, lars. _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
