The Stunning Failure of OpenBSD
From: Egg Troll (eggtroll@yahoo.com)Date: 07/18/02
- Next message: Dave Uhring: "Re: The Stunning Failure of OpenBSD"
- Previous message: ujay: "Re: multiple scans 27374 (sub seven?)"
- Next in thread: Dave Uhring: "Re: The Stunning Failure of OpenBSD"
- Reply: Dave Uhring: "Re: The Stunning Failure of OpenBSD"
- Reply: Kirk Strauser: "Re: The Stunning Failure of OpenBSD"
- Reply: GreyCloud: "Re: The Stunning Failure of OpenBSD"
- Reply: Anthony Minkoff: "Re: The Stunning Failure of OpenBSD"
- Reply: : "Re: The Stunning Failure of OpenBSD"
- Reply: : "Re: The Stunning Failure of OpenBSD"
- Reply: tom: "Re: Too tempting not to reply too."
- Reply:(deleted message) sleaphing: "Re: The Stunning Failure of OpenBSD"
- Reply: Jeff Cochran: "Re: The Stunning Failure of OpenBSD"
- Reply: Gvz Ubqql: "Re: The Stunning Failure of OpenBSD"
- Reply: DO NOT SPAM Me: "Re: The Stunning Failure of OpenBSD"
- Reply: Daniel Rudy: "Re: The Stunning Failure of OpenBSD"
- Reply: Gilbert Fernandes: "Re: The Stunning Failure of OpenBSD"
- Maybe reply: ZnU: "Re: The Stunning Failure of OpenBSD"
- Maybe reply: #Harold Stevens US.972.952.3293: "Re: The Stunning Failure of OpenBSD"
- Maybe reply: Nico Kadel-Garcia: "Re: The Stunning Failure of OpenBSD"
- Maybe reply: Jon Langseth: "Re: The Stunning Failure of OpenBSD"
- Reply: drumstik: "Re: The Stunning Failure of OpenBSD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: eggtroll@yahoo.com (Egg Troll) Date: 17 Jul 2002 15:49:45 -0700
Hello,
Recently I had an experience to use OpenBSD. I had heard many great
things about it, and was excited to replace a dead Linux firewall with
this OS. Unfortunately as things turned out, OpenBSD proved to be more
nightmare than solution.
When not attending classes at my community college to get my
humanities degree, I work part-time at a printshop. Our Linux box
there finally gave up the ghost. I'd heard that OpenBSD was incredibly
secure so I talked my boss into putting that on as a replacement.
Part of the appeal of OpenBSD was its history. A fork of the Linux
kernel, it was originally intended for Steve Job's failed NeXT cube.
Recently, its found a home amongst the ignorant and easily-fooled as a
firewall OS (later on, we'll see how Job's reached back to use OpenBSD
in OSX. This will be important later!) BSD was also famous for an
incident in the early 80s, where they were sued by Microsoft when the
BSD developers stole the TCP/IP stack from Microsoft's PC-DOS.
Once my boss gave approval, I quickly headed over to openbsd.com and
downloaded the ISOs from the web site. Our box was pretty
state-of-the-art, a two-CPU'ed Pentium III. Installing it went pretty
flawless and I had high hopes for our new firewall.
Almost immediately however I began to have concerns. I noticed no
where did OpenBSD display the terms of the GPL. Since its based on
Linux, this should be a requirement. Apparently the history of theft
amongst the BSD developers still continues!
I was even more shocked to learn that the ipchains rules we'd
carefully setup on our Linux box would not work on OpenBSD! Perhaps
OpenBSD is still using a SHARE-based networking security from the DOS
TCP/IP stack! Or more likely they just haven't caught up to Linux and
are still using iptables.
Whatever the case, almost immediately our box was rooted. OpenBSD
proved to be aptly named as the box was "open" to the entire world.
Later on I would find out that despite its claims of being secure,
OpenBSD's default configuration appears to start up every service
known to man! I find it shocking that an OS commonly used for
firewalls would have BIND running by default.
Then there was the OpenSSH holes. I would later learn that OpenBSD has
a history of remote exploits. Perhaps they should work with the team
at RedHat, as RH knows how to secure their distros.
After spending a week trying to patch a leaky firewall, I gave up. I
found an Mac SE/30 and put OSX on it. I then installed Norton Personal
Firewall. That became our firewall and I'm proud to say that its been
happily running for two weeks without a single incident. I find it
funny that despite OpenBSD users arrogant claims of superiority, a
humble SE/30, running an OS that's loosely based on OpenBSD, performed
much better. Perhaps its another failing of open source versus
commercial software. Whatever the case, its clear that OpenBSD has a
long ways to go before it can be taken seriously.
Thank you for your time,
Egg Troll
- Next message: Dave Uhring: "Re: The Stunning Failure of OpenBSD"
- Previous message: ujay: "Re: multiple scans 27374 (sub seven?)"
- Next in thread: Dave Uhring: "Re: The Stunning Failure of OpenBSD"
- Reply: Dave Uhring: "Re: The Stunning Failure of OpenBSD"
- Reply: Kirk Strauser: "Re: The Stunning Failure of OpenBSD"
- Reply: GreyCloud: "Re: The Stunning Failure of OpenBSD"
- Reply: Anthony Minkoff: "Re: The Stunning Failure of OpenBSD"
- Reply: : "Re: The Stunning Failure of OpenBSD"
- Reply: : "Re: The Stunning Failure of OpenBSD"
- Reply: tom: "Re: Too tempting not to reply too."
- Reply:(deleted message) sleaphing: "Re: The Stunning Failure of OpenBSD"
- Reply: Jeff Cochran: "Re: The Stunning Failure of OpenBSD"
- Reply: Gvz Ubqql: "Re: The Stunning Failure of OpenBSD"
- Reply: DO NOT SPAM Me: "Re: The Stunning Failure of OpenBSD"
- Reply: Daniel Rudy: "Re: The Stunning Failure of OpenBSD"
- Reply: Gilbert Fernandes: "Re: The Stunning Failure of OpenBSD"
- Maybe reply: ZnU: "Re: The Stunning Failure of OpenBSD"
- Maybe reply: #Harold Stevens US.972.952.3293: "Re: The Stunning Failure of OpenBSD"
- Maybe reply: Nico Kadel-Garcia: "Re: The Stunning Failure of OpenBSD"
- Maybe reply: Jon Langseth: "Re: The Stunning Failure of OpenBSD"
- Reply: drumstik: "Re: The Stunning Failure of OpenBSD"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
