Brian, Your attitude towards security in my mind is reckless and scary. You think that you block a some ports on your comp and that makes it ok to run exploitable software? You are crazy. Secondly, you seem to think that everyone running halflife only allows halflife traffic, which again is ridiculous. It's not realistic or reasonable to believe that. If you want to run your security just blocking ports and leaving exploitable software on your servers, go ahead. That is your business, not mine. I was merely pointing out to others on the list, who are not as security conscious or who as I said, do not block every port besides hl traffic. Why you needed to reply as you did, like its no big concern, I don't know and I don't care. Suffice it to say, blocking ports might keep the script kiddies out, but your not keeping real hackers out that way..especially if running exploitable/bugged software.
I didn't try telling them how to run their boxes, I only made a note about possible issues. You should have left it at that. Your method is a good precaution but you seem to think its all you need...and that is just simply not true. ----- Original Message ----- From: "Ryan Schulze" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, September 15, 2003 11:17 AM Subject: Re: [hlds_linux] HOW TO GET SUPER LOW CPU USE!! THANK DLINKOZ > Brian A. Stumm wrote: > > >On Mon, 15 Sep 2003, Daniel Stroven wrote: > > > > > > > >>Those #'s look awesome, but for security purposes, 2.4.9 is not really a > >>kernel I want running. As pointed out by my friend matt, the difference in > >>2.4.9 from 2.4.10 and higher is the VM used. But exploits like ptrace and > >>others could make it vulnerable to remote exploits. We are going to test > >>the kernel on the box to see results of usage. But, I doubt we will keep it > >>if we can not make it extremely secure. > >> > >> > > > >how does this affect a box that only allows traffic on ports used by half > >life servers? > > > remember that security hole in hlds where you could get a shell on the > box running half-life? > the fw will have to have more relaxed rules on outgoing traffic from the > box (e.g. for VAC checks) > if all else fails one could kill the hlds process and bind the shell to > the hlds port. > > got root? *g* > > > > > _______________________________________________ > To unsubscribe, edit your list preferences, or view the list archives, please visit: > http://list.valvesoftware.com/mailman/listinfo/hlds_linux > _______________________________________________ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
