Security question (simple).

[Lewis Thompson]

Hi,

  I'm fairly new to network/machine security (but I know enough to write
some firewall rules, just the basics.  I guess I'm getting on for
novice, or something ;)

  I'm running two jails on my box, which has a dialup connection to the
'net.  It's all firewalled off and only certain things are available
from outside.  For incoming WWW I have some port-forwarding going on
(natd), which bounces it to the httpd running in the jail.  Am I right
in thinking if I am running some inherently insecure application there
is ABSOLUTELY NO WAY anybody can exploit it if it's not listening on the
dial-up interface?  I mean, without rooting the host system first.  Or,
if it's not, it's still pretty hard, right?

-lewiz.

-- 
I was so much older then, I'm younger than that now.  --Bob Dylan, 1964.

-| msn:[EMAIL PROTECTED] | jab:[EMAIL PROTECTED] | url:http://lewiz.net |-


pgp0.pgp
Description: PGP signature

Re: Security question (simple).

[lukek]

I wonder if the better policy is to not run inherently insecure applications
(Bto begin with. In theory if no-one can get to that box or make use of that
(Bapplication from the internet then your only threats become internal ones.
(B
(BJust for curiosity sake what does nmap tell you about your box/interface
(Bfrom an outside perspective ? Another great check is sockstat -4 which will
(Blist the services running and the IP/port number there running on.
(B
(BHTH
(B
(BLukeK
(B
(B- Original Message -
(BFrom: "Lewis Thompson" [EMAIL PROTECTED]
(BTo: "FreeBSD-questions" [EMAIL PROTECTED]
(BSent: 2003$BG/(B8$B7n(B23$BF|(B 9:08
(BSubject: Security question (simple).
(B
(B
(B___
(B[EMAIL PROTECTED] mailing list
(Bhttp://lists.freebsd.org/mailman/listinfo/freebsd-questions
(BTo unsubscribe, send any mail to "[EMAIL PROTECTED]"