At 10:41 AM -0700 1999/9/6, Mike Smith wrote:
> By the time an attacker has enough access rights on
> your system to make use of the packet filter, they have enough access
> rights to add it if it's not there.
That's certainly true. However, if this feature is disabled by
default, this throws just one more roadblock in front of some script
kiddie that might want to break into your system.
It won't stop a determined cracker (nothing will), and it won't
stop someone with half an ounce of intelligence (they can just
rebuild the kernel), but if you at least turn this off by default
then they're forced to rebuild the kernel in order to enable this
feature, and that would require a reboot. That might just make the
system that much more noticable if someone tries to crack into it and
install a password sniffer, and that much less easy to compromise
security at that site.
--
These are my opinions -- not to be taken as official Skynet policy
____________________________________________________________________
|o| Brad Knowles, <[EMAIL PROTECTED]> Belgacom Skynet NV/SA |o|
|o| Systems Architect, News & FTP Admin Rue Col. Bourg, 124 |o|
|o| Phone/Fax: +32-2-706.11.11/12.49 B-1140 Brussels |o|
|o| http://www.skynet.be Belgium |o|
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Unix is like a wigwam -- no Gates, no Windows, and an Apache inside.
Unix is very user-friendly. It's just picky who its friends are.
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-stable" in the body of the message
