This link might look dated a bit, but it is a good starting point. http://www.insecure.org/sploits_linux.html
While linux is not perfect, it's remote-access exploitable (bugs) are few and far in between. In your case, i would look at the general fortification mesures, like http://www.trl.ibm.com/projects/security/ssp/ The point here is even with an exploitable buffer overflow (should not be too frequent nowadays), the attacker would not be able to execute the code in the stack. Add to this the fact, that the firewall would run no daemons atall, except those needed for the function. You should also consider remote logging and intrusion detection in your quest for the ultimate firewall. Snort would be a good starting point here. But remember, the more applications you run, the more vulnarable you get. The capacity is more directly related to hardware capability, then to linux os version or type. The simpler your setup, the cleaner the picture, that would be a good starting point. And yes, once you start running those (big) usermode daemons, your exploitability increases exponentially, add to that some bugs here and there on the applications that run on them (php, java, perl, python to name a few), then you are set for some rough rides. But this stuff almost never takes place on the firewall, atleast it should not. Cheers Szemir On June 11, 2004 16:10, Dave Wilson wrote: > I have a situtation where a consumer level hardware firewall/router has > reached it's capability limits, and we are not experiencing unacceptable > performance. This firewall/router is used primarily for filtering and > DNAT for a group of servers. We are looking at alternatives. > > Since the machines behind the firewall/router are linux boxes, I have > suggested using iptables. Based on previous experience with machines > being exploited, there is some concern that using Linux will leave us > vulnerable to OS exploits. > > I don't follow the security domain that closely, but I don't think linux > has had many recent remote OS access exploits, if any. I know that user > space daemons are another matter, and are frequently exploited, and I also > know the linux kernel has had other types of exploits, like DoS. So, has > linux had any remote OS access exploits? Is there a website with such > records? > > Thanks, > Dave > > > _______________________________________________ > clug-talk mailing list > [EMAIL PROTECTED] > http://clug.ca/mailman/listinfo/clug-talk_clug.ca _______________________________________________ clug-talk mailing list [EMAIL PROTECTED] http://clug.ca/mailman/listinfo/clug-talk_clug.ca
