Port blocking last resort in fight against virus

Jason Houx coldiso at houx.org
Wed Aug 13 15:38:32 UTC 2003


Spoken like a true advocate!  And I have had the same experience since
joining OpenBSD back in 2.6 ;-)  its only getting better.  spamd, pf,
altq, and snort all very nice.  I have one desktop at home running 3.3
--current too and no complaints even with following bleeding edge.  I hope 
OpenBSD does get more support!

my 2¢


------------------------------------------------------------
    (_ )     Jason Houx, CCNA <coldiso at houx.org>
 \\\'',) ^   Com.net Inc.
   \/  \(    Bright.net Network Operations
   .\._/_)
   OpenBSD   Unix - live free or DIE!
------------------------------------------------------------




On Wed, 13 Aug 2003, neal rauhauser 402-301-9555 wrote:

> 
> Måns Nilsson wrote:
> > > Firewalls are a patch to broken network application architechture. If
> > > your applications would have been properly designed, you would not have
> > > the need for firewalls. They are for perimeter defence only anyway.
> 
> 
>     Right on - if you can't plug a machine directly in to the internet
> and rely on its own defenses & well written code to keep it safe, why
> are you plugging it in at all?
> 
> > The important wording here is "every computer should have one"; indicating
> > that it is the host that protects itself. This said, I do agree that
> > properly written operating systems not even need this. One free Unix-clone
> > I happen to run manages to reach this level of properness; so it is
> > definitely possible.
> 
> 
>      I agree completely with this - several years ago I expunged
> Microsoft products from my life with the sole exception of one internet
> free box for playing Civilization II and my blood pressure dropped
> dramatically. A little while later I expunged Red Hat in favor of
> FreeBSD and I experienced a decrease in trouble that was nearly as
> satisfying as the Windows => Red Hat transition.
> 
> 
>      Now there is a brand new OpenBSD box here. The major release
> upgrade process is not nearly as nice as FreeBSD, but you have to just
> love that non executeable stack, ssh privilege separation, and all the
> other details that are just taken care of by the OBSD crew. Perhaps
> it'll start making inroads on my FreeBSD installed base.
> 




More information about the NANOG mailing list