Hi-ho, If you're running a stock distro kernel that's true, but If the box is just a firewall, running a custom compiled 2.2.* there hasn't been a good reason to upgrade for well over a year now.
If you're serious about running a firewall the machine will have only the bare necessities to run the NIC's, routing and IPtables/chains setup. Some logging, and nothing else. No daemons. The Syncookie vulnerability around November last year would have been an issue if you're running a busy connection, or you get nervous about someone DOS'ing your box, but there wasn't a risk of security breach. All of the other recent exploits have relied on one daemon or another which should not be running or even present on a firewall anyway IMHO. My 2c worth... Cheers, Chris H. ----- Original Message ----- > From: "V K" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Monday, August 12, 2002 9:33 AM > Subject: Re: Uptime wank, was Re: Lock up! > > > > > lemonsqueeze up 423+16:48, 0 users, load 1.00, 1.00, 1.00 > > > Its a cable firewall, doing NAT, portforwarding, and running dnetc. > > > > Sad, those people who don't keep their firewall kernels updated with > > the latest security fixes... and all in the interest of some dumb > > useless numbers. But at least you changed the subject: appropriately :) > > > > Volker > > > > -- > > Volker Kuhlmann is possibly list0570 with the domain in header > > http://volker.orcon.net.nz/ Please do not CC list postings to me. > > > >
