"Charles Howse" <[EMAIL PROTECTED]> writes: > Let me throw this in: > This is a home network, behind a Cable Modem and 4-port Cable/DSL router > w/ firewall. > Port 110 is closed on the firewall. Ports 80,20 and 21 are open on > another machine in the DMZ. > That said ( and I'm no expert ) wouldn't it be acceptable for *my* > situation to bind to an address? > That way, anyone wanting to crack into the pop server on this machine > would have to get past the firewall, and then discover the address the > pop server on this machine is listening on...? Nmap woud certainly do > that, *if* they got in. > I run a pop server on the Redhat machine next to the FreeBSD machine, no > problems ever there. > I could be way off on my logic, and my understanding of tcp/ip, so > correct me if I'm wrong.
Not at all; you're dead on. The only thing I'm trying to warn you about is that binding to a specific address is having a fairly small effect on your security in this case. For belt-and-suspenders protection, you'd be somewhat better off with a more sophisticated POP server which can bind to the inside interface directly instead of just the address. _______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
