Hosting Provided By

Re: secure installation

From: Izak Burger <isburger(at)gmail.com>
Date: Thu Aug 16 2007 - 08:54:16 EDT

> does it not cover the case of packets arriving at eth0 spoofed as
> from 127.0.0.1 ?

Right you are, that slipped my mind.

I seem to recall that earlier versions of debian had rp_filter default to 1 (I see sarge still has this, you set spoofprotect=yes in /etc/network/options, and afaik it defaults to yes).

I agree with the rest of the sentiment on the list though. I like lean installs. I like to use a product called "firehol" to build my (admittedly very simple) firewalls, but I will never advocate that it be installed by default. I'd absolutely hate it if someone forced me to install shorewall because they think I need to be protected from myself. I think that is what most people are trying to say.

-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Received on Thu Aug 16 08:56:15 2007

This message: [ Message body ]
Next message: paddy(at)panici.net: "Re: secure installation"
Previous message: Dimitar Dobrev: "Re: [SECURITY] [DSA 1356-1] New Linux 2.6.18 packages fix several vulnerabilities"
In reply to: paddy(at)panici.net: "Re: secure installation"
Next in thread: paddy(at)panici.net: "Re: secure installation"
Reply: paddy(at)panici.net: "Re: secure installation"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Sun Oct 07 2007 - 07:52:44 EDT