[SunRescue] dsl advice
Martin Frost
martin at dsres.com
Wed Aug 9 11:24:05 CDT 2000
BSD Bob the old greybead BSD freak wrote:
> Are there any security issues in using Redhat vs Openbsd for this
> particular kind of gateway application?
Certain Linux kernels had a major bug in the NAT code: they didn't
check the source port (maybe the whole address?) in incoming packets.
This means that under certain circumstances it's possible to sneak
packets through the supposed firewall.
As to breaking into the firewall itself, an out-of-the-box RedHat
is wide open with all the services that are enabled by default.
If you turn everything off and disable inetd, things should improve
a lot.
OTOH, I'm not sure if OpenBSD supports SYN cookies, so Linux may
be more resistant to SYN flooding.
--m
More information about the rescue
mailing list