In my humble opinion…
It is always best to have a firewall between you and the outside world.
In some circumstances, two firewalls back to back is even better (make
sure the two are from different manufacturers…)
The folks at http://www.metasploit.com/ work on tools which exploit open
ports and even with so few ports available, your system could be used as
a “zombie” tool by malicious people.
So, put a firewall in, or install some kind of syslog filter/analyser
which will at least notify you of weird things going on…
Daniel
On 4/12/08, [email protected] [email protected] wrote:
“zombie” tool by malicious people.
So, put a firewall in, or install some kind of syslog filter/analyser which
will at least notify you of weird things going on…Daniel
pf, for instance, also has the ability to ‘scrub’ packets (normalize
them) before they are handed up to the rest of the stack.
On Sun, 2008-04-13 at 18:22 -0700, eliott wrote:
ports and even with so few ports available, your system could be used as a
“zombie” tool by malicious people.So, put a firewall in, or install some kind of syslog filter/analyser which
will at least notify you of weird things going on…Daniel
pf, for instance, also has the ability to ‘scrub’ packets (normalize
them) before they are handed up to the rest of the stack.
pfsense is really amazing, if you can afford to put in a separate box.
I’m not a huge BSD fan, but there’s nothing like it on Linux (or
anywhere else for that matter)
Regards,
Cliff
On 4/13/08, Cliff W. [email protected] wrote:
them) before they are handed up to the rest of the stack.
pfsense is really amazing, if you can afford to put in a separate box.
I’m not a huge BSD fan, but there’s nothing like it on Linux (or
anywhere else for that matter)
The original thread post mentioned FreeBSD, and pf has been ported
from OpenBSD to FreeBSD for a while now.
For the record, I think pfsense is also very cool, and utilizes pf
‘under the hood’.