Am 2008-01-31 10:02:41, schrieb Chris Ferguson:
What about Firestarter? (www.fs-security.com). Is it a good solution to a
personal use firewall?
END OF REPLIED MESSAGE
Maybe, but not as default.
What about installing D-I question which ask the
Am 2008-01-23 09:19:01, schrieb William Twomey:
It's my understanding (and experience) that a Debian system by default
is vulnerable to SYN flooding (at least when running services) and other
such mischeif. I was curious as to why tcp_syncookies (and similar
things) are not enabled by
Am 2008-01-23 09:19:01, schrieb William Twomey:
It's my understanding (and experience) that a Debian system by default
is vulnerable to SYN flooding (at least when running services) and other
such mischeif. I was curious as to why tcp_syncookies (and similar
things) are not enabled by
On Mon, Jan 28, 2008 at 06:43:27PM +0100, Florian Weimer wrote:
Debian has a policy to install as few network services as possible in a
default install and bind them to the loopback interface if possible.
Where is this described in Policy?
Maybe 'policy' was a rather strict word. Actually,
Please check out section 3.6 of the Securing Debian Manual. IIRC:
- a default install (i.e. one in which you just press Enter all the
way and
select no tasks) will get you OpenSSH, Exim and portmap, with Exim
bound to
the loopback interface.
portmap is typically not bound to the
On Wed, Jan 23, 2008 at 01:15:18PM -0600, William Twomey wrote:
I guess my point is if the 'iptables' package is installed by default on
Debian, then better integration with Debian would probably be a good
idea.
Iptables provides the tools, the init.d script was removed since it
conflicted
* Henrique de Moraes Holschuh:
On Wed, 23 Jan 2008, Rolf Kutz wrote:
On 23/01/08 08:29 -0700, Michael Loftis wrote:
It's better to leave the service disabled, or even better, completely
uninstalled from a security standpoint, and from a DoS standpoint as
well. The Linux kernel isn't very
Hello,
As Javier says:
See
http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services..en.html#s-firewall-setup
:
Just in case somebody doesn't notice, there is a typo in this URL
(double-dot), so I will post it correctly
Hi
Little something on the side, while its in my mind.
If there was anything i would like to see, that is more of the netfilters patch
o matic's available in the kernel.
Hence, less need to wget patch o matic and to follow the process. Its not a big
task, but still, total time waster.
Henrique de Moraes Holschuh wrote:
On Wed, 23 Jan 2008, Rolf Kutz wrote:
On 23/01/08 08:29 -0700, Michael Loftis wrote:
It's better to leave the service disabled, or even better, completely
uninstalled from a security standpoint, and from a DoS standpoint as
well. The Linux
On Wed, 23 Jan 2008, Rolf Kutz wrote:
On 23/01/08 08:29 -0700, Michael Loftis wrote:
It's better to leave the service disabled, or even better, completely
uninstalled from a security standpoint, and from a DoS standpoint as
well. The Linux kernel isn't very efficient at processing firewall
On Fri, 25 Jan 2008, Török Edwin wrote:
If it is 2.6, I suggest you to contact the netfilter mailing list [1],
and show them your firewall rules,
What makes you think they don't know about this? It is a design detail of
the way netfilter is implemented, and the two methods of acceleration I
It's my understanding (and experience) that a Debian system by default
is vulnerable to SYN flooding (at least when running services) and other
such mischeif. I was curious as to why tcp_syncookies (and similar
things) are not enabled by default.
Many distros (RPM-based mostly from my
On Jan 23, 2008 4:19 PM, William Twomey [EMAIL PROTECTED] wrote:
One solution could be to have a folder called /etc/security/iptables
that contains files that get passed to iptables at startup (in the same
way /etc/rc2.d gets read in numeric order). So you could have files like
22ssh, 23ftp,
--On January 23, 2008 9:19:01 AM -0600 William Twomey
[EMAIL PROTECTED] wrote:
It's my understanding (and experience) that a Debian system by default is
vulnerable to SYN flooding (at least when running services) and other
such mischeif. I was curious as to why tcp_syncookies (and similar
On Wed, Jan 23, 2008 at 08:29:25AM -0700, Michael Loftis wrote:
It's better to leave the service disabled, or even better, completely
uninstalled from a security standpoint, and from a DoS standpoint as well.
The Linux kernel isn't very efficient at processing firewall rules. Newer
Rolf Kutz wrote:
On 23/01/08 08:29 -0700, Michael Loftis wrote:
It's better to leave the service disabled, or even better, completely
uninstalled from a security standpoint, and from a DoS standpoint as
well. The Linux kernel isn't very efficient at processing firewall
rules. Newer
I
On Wed, Jan 23, 2008 at 09:19:01AM -0600, William Twomey wrote:
One solution could be to have a folder called /etc/security/iptables
that contains files that get passed to iptables at startup (in the same
way /etc/rc2.d gets read in numeric order). So you could have files like
22ssh, 23ftp,
Michael Loftis wrote:
[snip]
It's better to leave the service disabled, or even better, completely
uninstalled from a security standpoint, and from a DoS standpoint as
well. The Linux kernel isn't very efficient at processing firewall
rules. Newer kernels might be though (I honestly haven't
William Twomey wrote:
Debian haven't any open services by default, except portmapper and
behind portmapper aren't any services. So no need for host firewall.
But isn't it reasonable to assume that most people will be installing
services? Even a desktop user is likely to enable SSH and maybe
If this is needed/wanted to Debian, no problems, but remember obscure
isn't security.
With fwbuilder, lokkit (Gnome), kmyfirewall (kde) etc is very easy
made and maintain firewall/s at Linux and all of these are regular
Debian packages. That is true at there should be more information
about
On 23/01/08 18:48 +0200, Riku Valli wrote:
Debian haven't any open services by default, except portmapper and behind
portmapper aren't any services. So no need for host firewall.
Ack. I didn't want to argue pro a default
firewall.
regards, Rolf
--
...about the greatest democrazy in the
William Twomey wrote:
If this is needed/wanted to Debian, no problems, but remember obscure
isn't security.
With fwbuilder, lokkit (Gnome), kmyfirewall (kde) etc is very easy
made and maintain firewall/s at Linux and all of these are regular
Debian packages. That is true at there should be
William Twomey wrote:
It's my understanding (and experience) that a Debian system by default
is vulnerable to SYN flooding (at least when running services) and
other such mischeif. I was curious as to why tcp_syncookies (and
similar things) are not enabled by default.
Sorry forgot that.
* Ondrej Zajicek:
You could also have an 'ENABLED' variable like some files in
/etc/default have (so that ports wouldn't be opened by default; the
user would have to manually enable them for the port to be opened).
Better way is just not start that daemon.
The daemon might have been
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I believe Debian's method of handling iptables is perfect. if-up.d and its
counterparts provide a great means for scripting complex firewall sets.
For example, I have written a perl script that parses a custom config file
that defines certain IPs and
Am Wednesday, den 23 January hub Florian Weimer folgendes in die Tasten:
* Ondrej Zajicek:
You could also have an 'ENABLED' variable like some files in
/etc/default have (so that ports wouldn't be opened by default; the
user would have to manually enable them for the port to be opened).
Florian Weimer [EMAIL PROTECTED] writes:
The daemon might have been installed by a package dependency, more or
less by accident. Debian should have a policy that all daemons bind to
the loopback interface by default, but as long as this is not the case,
I can understand why people put paket
28 matches
Mail list logo
