Re: The way forward.......

From: Steve Shorter (steve@nomad.lets.net)
Date: 01/30/03

• Next message: dawnshade: "strange packets"
• Previous message: Ng Pheng Siong: "Re: The way forward......."
• In reply to: Ng Pheng Siong: "Re: The way forward......."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 30 Jan 2003 12:41:12 -0500
From: Steve Shorter <steve@nomad.lets.net>
To: Ng Pheng Siong <ngps@netmemetic.com>

On Fri, Jan 31, 2003 at 12:21:52AM +0800, Ng Pheng Siong wrote:
> On Tue, Jan 28, 2003 at 04:03:32PM -0500, Steve Shorter wrote:
> > On the internal machines I am running just ipfw in
> > stateless mode only.
>
> Any specific reason why?
>
> I find myself writing stateful rules as a matter of habit, whether the
> machine is a gateway or not.
>

        These are high volume web servers. To keep rudundant state
information on all of these machines is a waste of resources and defeats
much of the purpose of breaking out a dedicated machine for firewalling.

A good webserver does not neccessarily make a good statefull firewall.

A good firewall can suck as a webserver.

        Because of ipfilter up front the rules on these machines are
very economical and highly efficient.

        Best not to have to many habits uncritically applied. Statefull
firewalls are easily ruined by SYN flood attacks.

        There are situation where statefull firewalling is inappropriate
and uneccessary.

        -steve

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Next message: dawnshade: "strange packets"
• Previous message: Ng Pheng Siong: "Re: The way forward......."
• In reply to: Ng Pheng Siong: "Re: The way forward......."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Norton 2005 Int Security, Trend PCcillin or Zone Alarm ??????? ... > I want security I can run on both machines. ... System overhead is higher than standard firewall applications. ... Symantec products do not remove (uninstall) well. ... Micro Trends PC-Cillan is very good (possibly the best in home network ... (alt.computer.security) Re: Setting Up A WorkGroup for file and Share Printing ... Tried that amd could access only one of the two drives, the D drive, however ... I Turned off NIS 2008 firewall ... I made sure the Registry setting "IRPStackSize" on both machines ... Here are general network troubleshooting steps. ... (microsoft.public.windowsxp.network_web) Re: Is there a simple published solution? ... You need to set up file/printer sharing on both the computers in order to ... Here are general network ... start by running the Network Setup Wizard on all machines (see ... by 1) a misconfigured firewall or overlooked firewall (including a stateful ... (microsoft.public.windows.vista.networking_sharing) Re: Shared Printer Problem ... "Printer status cannot be displayed with port that is currently running." ... file/printer sharing and then install the correct drivers for your printer ... start by running the Network Setup Wizard on all machines (see ... by 1) a misconfigured firewall or overlooked firewall (including a stateful ... (microsoft.public.windows.vista.print_fax_scan) Re: Can find Vista box, cant share folders or printers. ... When I click 'Network' on the laptop the ... I've disabled Norton and Windows firewall entirely to make sure that's not ... public folder sharing - on ... start by running the Network Setup Wizard on all machines (see ... (microsoft.public.windows.vista.networking_sharing)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint