Port blocking last resort in fight against virus
Jason Houx
coldiso at houx.org
Wed Aug 13 15:38:32 UTC 2003
Spoken like a true advocate! And I have had the same experience since
joining OpenBSD back in 2.6 ;-) its only getting better. spamd, pf,
altq, and snort all very nice. I have one desktop at home running 3.3
--current too and no complaints even with following bleeding edge. I hope
OpenBSD does get more support!
my 2¢
------------------------------------------------------------
(_ ) Jason Houx, CCNA <coldiso at houx.org>
\\\'',) ^ Com.net Inc.
\/ \( Bright.net Network Operations
.\._/_)
OpenBSD Unix - live free or DIE!
------------------------------------------------------------
On Wed, 13 Aug 2003, neal rauhauser 402-301-9555 wrote:
>
> Måns Nilsson wrote:
> > > Firewalls are a patch to broken network application architechture. If
> > > your applications would have been properly designed, you would not have
> > > the need for firewalls. They are for perimeter defence only anyway.
>
>
> Right on - if you can't plug a machine directly in to the internet
> and rely on its own defenses & well written code to keep it safe, why
> are you plugging it in at all?
>
> > The important wording here is "every computer should have one"; indicating
> > that it is the host that protects itself. This said, I do agree that
> > properly written operating systems not even need this. One free Unix-clone
> > I happen to run manages to reach this level of properness; so it is
> > definitely possible.
>
>
> I agree completely with this - several years ago I expunged
> Microsoft products from my life with the sole exception of one internet
> free box for playing Civilization II and my blood pressure dropped
> dramatically. A little while later I expunged Red Hat in favor of
> FreeBSD and I experienced a decrease in trouble that was nearly as
> satisfying as the Windows => Red Hat transition.
>
>
> Now there is a brand new OpenBSD box here. The major release
> upgrade process is not nearly as nice as FreeBSD, but you have to just
> love that non executeable stack, ssh privilege separation, and all the
> other details that are just taken care of by the OBSD crew. Perhaps
> it'll start making inroads on my FreeBSD installed base.
>
More information about the NANOG
mailing list