nanog mailing list archives
Re: Port blocking last resort in fight against virus
From: Jason Houx <coldiso () houx org>
Date: Wed, 13 Aug 2003 11:38:32 -0400 (EDT)
Spoken like a true advocate! And I have had the same experience since
joining OpenBSD back in 2.6 ;-) its only getting better. spamd, pf,
altq, and snort all very nice. I have one desktop at home running 3.3
--current too and no complaints even with following bleeding edge. I hope
OpenBSD does get more support!
my 2¢
------------------------------------------------------------
(_ ) Jason Houx, CCNA <coldiso () houx org>
\\\'',) ^ Com.net Inc.
\/ \( Bright.net Network Operations
.\._/_)
OpenBSD Unix - live free or DIE!
------------------------------------------------------------
On Wed, 13 Aug 2003, neal rauhauser 402-301-9555 wrote:
Måns Nilsson wrote:Firewalls are a patch to broken network application architechture. If your applications would have been properly designed, you would not have the need for firewalls. They are for perimeter defence only anyway.Right on - if you can't plug a machine directly in to the internet and rely on its own defenses & well written code to keep it safe, why are you plugging it in at all?The important wording here is "every computer should have one"; indicating that it is the host that protects itself. This said, I do agree that properly written operating systems not even need this. One free Unix-clone I happen to run manages to reach this level of properness; so it is definitely possible.I agree completely with this - several years ago I expunged Microsoft products from my life with the sole exception of one internet free box for playing Civilization II and my blood pressure dropped dramatically. A little while later I expunged Red Hat in favor of FreeBSD and I experienced a decrease in trouble that was nearly as satisfying as the Windows => Red Hat transition. Now there is a brand new OpenBSD box here. The major release upgrade process is not nearly as nice as FreeBSD, but you have to just love that non executeable stack, ssh privilege separation, and all the other details that are just taken care of by the OBSD crew. Perhaps it'll start making inroads on my FreeBSD installed base.
Current thread:
- Re: Port blocking last resort in fight against virus, (continued)
- Re: Port blocking last resort in fight against virus Christopher L. Morrow (Aug 12)
- Re: Port blocking last resort in fight against virus Randy Bush (Aug 12)
- Re: Port blocking last resort in fight against virus Robert Raszuk (Aug 13)
- Re: Port blocking last resort in fight against virus Randy Bush (Aug 13)
- Re: Port blocking last resort in fight against virus Robert Raszuk (Aug 13)
- Re: Port blocking last resort in fight against virus John Kristoff (Aug 13)
- Re: Port blocking last resort in fight against virus Mans Nilsson (Aug 13)
- Re: Port blocking last resort in fight against virus Petri Helenius (Aug 13)
- Re: Port blocking last resort in fight against virus Måns Nilsson (Aug 13)
- Re: Port blocking last resort in fight against virus neal rauhauser 402-301-9555 (Aug 13)
- Re: Port blocking last resort in fight against virus Jason Houx (Aug 13)
- Message not available
- firewall == network diaper, ranting in HTML neal rauhauser 402-301-9555 (Aug 14)
- Re: Port blocking last resort in fight against virus Stephen J. Wilcox (Aug 13)
- Re: Port blocking last resort in fight against virus Mans Nilsson (Aug 13)
- Re: Port blocking last resort in fight against virus Stephen J. Wilcox (Aug 13)
- Re: Port blocking last resort in fight against virus Mans Nilsson (Aug 13)
- Re: Port blocking last resort in fight against virus Christopher L. Morrow (Aug 13)
- Re: Port blocking last resort in fight against virus Jack Bates (Aug 13)
- Re: Port blocking last resort in fight against virus Christopher L. Morrow (Aug 13)
- Re: Port blocking last resort in fight against virus Petri Helenius (Aug 13)
- Re: Port blocking last resort in fight against virus Niels Bakker (Aug 13)