Florian Weimer <[EMAIL PROTECTED]> writes:
> The daemon might have been installed by a package dependency, more or
> less by accident. Debian should have a policy that all daemons bind to
> the loopback interface by default, but as long as this is not the case,
> I can understand why people put p
Am Wednesday, den 23 January hub Florian Weimer folgendes in die Tasten:
> * Ondrej Zajicek:
> >> You could also have an 'ENABLED' variable like some files in
> >> /etc/default have (so that ports wouldn't be opened by default; the
> >> user would have to manually enable them for the port to be o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I believe Debian's method of handling iptables is perfect. if-up.d and its
counterparts provide a great means for scripting complex firewall sets.
For example, I have written a perl script that parses a custom config file
that defines certain IPs and
* Ondrej Zajicek:
>> You could also have an 'ENABLED' variable like some files in
>> /etc/default have (so that ports wouldn't be opened by default; the
>> user would have to manually enable them for the port to be opened).
>
> Better way is just not start that daemon.
The daemon might have been
William Twomey wrote:
It's my understanding (and experience) that a Debian system by default
is vulnerable to SYN flooding (at least when running services) and
other such mischeif. I was curious as to why tcp_syncookies (and
similar things) are not enabled by default.
Sorry forgot that.
Submi
William Twomey wrote:
If this is needed/wanted to Debian, no problems, but remember obscure
isn't security.
With fwbuilder, lokkit (Gnome), kmyfirewall (kde) etc is very easy
made and maintain firewall/s at Linux and all of these are regular
Debian packages. That is true at there should be mo
On 23/01/08 18:48 +0200, Riku Valli wrote:
Debian haven't any open services by default, except portmapper and behind
portmapper aren't any services. So no need for host firewall.
Ack. I didn't want to argue pro a default
firewall.
regards, Rolf
--
...about the greatest democrazy in the world
If this is needed/wanted to Debian, no problems, but remember obscure
isn't security.
With fwbuilder, lokkit (Gnome), kmyfirewall (kde) etc is very easy
made and maintain firewall/s at Linux and all of these are regular
Debian packages. That is true at there should be more information
about f
William Twomey wrote:
Debian haven't any open services by default, except portmapper and
behind portmapper aren't any services. So no need for host firewall.
But isn't it reasonable to assume that most people will be installing
services? Even a desktop user is likely to enable SSH and maybe ev
Michael Loftis wrote:
[snip]
It's better to leave the service disabled, or even better, completely
uninstalled from a security standpoint, and from a DoS standpoint as
well. The Linux kernel isn't very efficient at processing firewall
rules. Newer kernels might be though (I honestly haven't lo
On Wed, Jan 23, 2008 at 09:19:01AM -0600, William Twomey wrote:
> One solution could be to have a folder called /etc/security/iptables
> that contains files that get passed to iptables at startup (in the same
> way /etc/rc2.d gets read in numeric order). So you could have files like
> 22ssh, 23f
Rolf Kutz wrote:
On 23/01/08 08:29 -0700, Michael Loftis wrote:
It's better to leave the service disabled, or even better, completely
uninstalled from a security standpoint, and from a DoS standpoint as
well. The Linux kernel isn't very efficient at processing firewall
rules. Newer
I tho
On Wed, Jan 23, 2008 at 08:29:25AM -0700, Michael Loftis wrote:
>
> It's better to leave the service disabled, or even better, completely
> uninstalled from a security standpoint, and from a DoS standpoint as well.
> The Linux kernel isn't very efficient at processing firewall rules. Newer
> k
On 23/01/08 08:29 -0700, Michael Loftis wrote:
It's better to leave the service disabled, or even better, completely
uninstalled from a security standpoint, and from a DoS standpoint as well.
The Linux kernel isn't very efficient at processing firewall rules. Newer
I thought it was very ef
--On January 23, 2008 9:19:01 AM -0600 William Twomey
<[EMAIL PROTECTED]> wrote:
It's my understanding (and experience) that a Debian system by default is
vulnerable to SYN flooding (at least when running services) and other
such mischeif. I was curious as to why tcp_syncookies (and similar
On Jan 23, 2008 4:19 PM, William Twomey <[EMAIL PROTECTED]> wrote:
> One solution could be to have a folder called /etc/security/iptables
> that contains files that get passed to iptables at startup (in the same
> way /etc/rc2.d gets read in numeric order). So you could have files like
> 22ssh, 23f
It's my understanding (and experience) that a Debian system by default
is vulnerable to SYN flooding (at least when running services) and other
such mischeif. I was curious as to why tcp_syncookies (and similar
things) are not enabled by default.
Many distros (RPM-based mostly from my experien
17 matches
Mail list logo
