Re: The Stunning Failure of OpenBSD

From: DO NOT SPAM Me (Please.NOSPAM@NOSPAM.dynDNS.biz)
Date: 07/18/02 

From: DO NOT SPAM Me <Please.NOSPAM@NOSPAM.dynDNS.biz>
Date: Thu, 18 Jul 2002 14:57:54 GMT

To make the long story short, request your boss to spend about US$100 from
his petty account to get any router + Firewall + NAT + QoS, i.e Linksys
BEFSR81, to replace your Linux router. That way, you not only saving your
time to manage the Linux/OpenBSD router, but your company also saves some
bucks in electricity (even though your boss may not be of a concern about
the electrical bill).

Egg Troll wrote:

> Hello,
>
> Recently I had an experience to use OpenBSD. I had heard many great
> things about it, and was excited to replace a dead Linux firewall with
> this OS. Unfortunately as things turned out, OpenBSD proved to be more
> nightmare than solution.
>
> When not attending classes at my community college to get my
> humanities degree, I work part-time at a printshop. Our Linux box
> there finally gave up the ghost. I'd heard that OpenBSD was incredibly
> secure so I talked my boss into putting that on as a replacement.
>
> Part of the appeal of OpenBSD was its history. A fork of the Linux
> kernel, it was originally intended for Steve Job's failed NeXT cube.
> Recently, its found a home amongst the ignorant and easily-fooled as a
> firewall OS (later on, we'll see how Job's reached back to use OpenBSD
> in OSX. This will be important later!) BSD was also famous for an
> incident in the early 80s, where they were sued by Microsoft when the
> BSD developers stole the TCP/IP stack from Microsoft's PC-DOS.
>
> Once my boss gave approval, I quickly headed over to openbsd.com and
> downloaded the ISOs from the web site. Our box was pretty
> state-of-the-art, a two-CPU'ed Pentium III. Installing it went pretty
> flawless and I had high hopes for our new firewall.
>
> Almost immediately however I began to have concerns. I noticed no
> where did OpenBSD display the terms of the GPL. Since its based on
> Linux, this should be a requirement. Apparently the history of theft
> amongst the BSD developers still continues!
>
> I was even more shocked to learn that the ipchains rules we'd
> carefully setup on our Linux box would not work on OpenBSD! Perhaps
> OpenBSD is still using a SHARE-based networking security from the DOS
> TCP/IP stack! Or more likely they just haven't caught up to Linux and
> are still using iptables.
>
> Whatever the case, almost immediately our box was rooted. OpenBSD
> proved to be aptly named as the box was "open" to the entire world.
> Later on I would find out that despite its claims of being secure,
> OpenBSD's default configuration appears to start up every service
> known to man! I find it shocking that an OS commonly used for
> firewalls would have BIND running by default.
>
> Then there was the OpenSSH holes. I would later learn that OpenBSD has
> a history of remote exploits. Perhaps they should work with the team
> at RedHat, as RH knows how to secure their distros.
>
> After spending a week trying to patch a leaky firewall, I gave up. I
> found an Mac SE/30 and put OSX on it. I then installed Norton Personal
> Firewall. That became our firewall and I'm proud to say that its been
> happily running for two weeks without a single incident. I find it
> funny that despite OpenBSD users arrogant claims of superiority, a
> humble SE/30, running an OS that's loosely based on OpenBSD, performed
> much better. Perhaps its another failing of open source versus
> commercial software. Whatever the case, its clear that OpenBSD has a
> long ways to go before it can be taken seriously.
>
> Thank you for your time,
>
> Egg Troll

Relevant Pages

  • Re: Which Linux OS best for beginner to setup as Web / Mail server / Internet sharer and firewall?
    ... >>I don't want to start a flame war, but in my experience OpenBSD is best ... >>boxes if you must run linux for applications. ... > linux inside the firewall? ... web server? ...
    (comp.os.linux.networking)
  • Re: Internet Sharing - Security
    ... Can you recommend the steps that I would need to take once I have ... OpenBSD 3.0 installed on my system. ... >>>inexpensive Linux 2.4.x firewall with Netfilter and ISC DHCP is fine. ...
    (comp.security.firewalls)
  • Re: Firewalls in a K-12
    ... on using Linux versus using OpenBSD for your firewall. ... I haven't found using OpenBSD much more difficult than using Linux ... The two arguments I would use against using Linux as a firewall are: ... point of making the default installations secure (although they are ...
    (Security-Basics)
  • Re: Home Security.
    ... features necessary for a firewall (packet filtering and/or proxying). ... security, I'd recommend OpenBSD. ... Another option to try is Linux. ...
    (Security-Basics)
  • [Full-Disclosure] iDEFENSE: Security Whitepaper on Trusted Computing Platforms
    ... "Will Linux ever be as secure as OpenBSD?" ... for security but for general correctness. ... Even ignoring the fact that Linux vendors ship ...
    (Full-Disclosure)