Re: [fw-wiz] a cutting-edge open-source network security project



You're right, but that's kind of a straightforwardly-solved problem, isn't it? Just park it behind SSH.

The heresies involved in Travis' project are much more violent than the command/control channel. Interested in your real thoughts.

On May 18, 2010, at 7:49 PM, Darren Reed wrote:

On 2/05/10 03:48 PM, travis+ml-firewalls@xxxxxxxxxxxxxxxxx wrote:
Quoting:
http://www.subspacefield.org/security/dfd/

...

How do you authenticate connections to the dfd daemon?

If all I need is netcat (as per the example in your web
page above), then that doesn't speak too highly of the
security of the daemon itself.

Are you effectively giving all users that can connect
to it root level privilege on the firewall?

Darren

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


---
Thomas Ptacek // matasano security // founder, product manager
read us on the web: http://chargen.matasano.com
check out playbook: http://runplaybook.com
reach me direct: 888-677-0666 x7805

"The truth will set you free. But not until it is finished with you."



Attachment: smime.p7s
Description: S/MIME cryptographic signature

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxxxxx
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards