-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday 30 September 2003 11:07, Marc Cuypers wrote: > Eric Siegerman wrote: > > On Mon, Sep 29, 2003 at 12:06:48PM +0200, Paul Bijnens wrote: > >>Marc Cuypers wrote: > >>>Found the problem. The firewall blocked communication between taper and > >>>dumper. > >> > >>That's strange, because there is no immediate communication between > >>these two, as far as I know. > >> > >>Driver is connected with a pipe to each dumper and to taper-reader. > > > > I believe there is a dumper->taper connection, for direct-to-tape > > dumps. That's how I read docs/PORT.USAGE, anyway -- see the bits > > on stream_server() and stream_client(). But both of those > > processes run on the same host, so it's still hard to see how a > > firewall could get between them. > > > > Unless Amanda's running on the firewall machine itself -- which > > I'd consider an unsafe idea anyway! > > This is the case. Can you tell me why this is unsafe? (Nobody is > allowed to connect from the outside) >
Penetrations do not all originate from 'outside'. Any services running on the firewall that are not essential to its proper operation increase the potential for compromise. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2-rc1-SuSE (GNU/Linux) iD8DBQE/fHMx+ShVRkQlJBIRApWwAJ97kAaQJpoevwBgdU5TuZJHtKOGigCgwXOo fbKWhL1MG43QQV0dA/R+0Zk= =7Eax -----END PGP SIGNATURE-----
