Worms versus Bots

• Previous message (by thread): Worms versus Bots
• Next message (by thread): FW: Worms versus Bots
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, 06 May 2004 11:45:23 +0200, Iljitsch van Beijnum said:
> I object to the idea that requiring a software firewall inside a host 
> is a reasonable thing to do. Why on earth would I want to run an 
> insecure service and then have a filter to keep it from being used?

You object to it, I object to it... but the fact remains that 95% of the
user-accessible CPUs (not counting the embedded market) are running software
that you have to do unreasonable things in order to make it anywhere near safe
to use....

> Either I really want to run the service, and then the firewall gets in 
> the way, or I don't need the service to be reachable, so I shouldn't 
> run it. System services should only be available over the loopback 
> address. Now obviously this is way too simple for some OS builders, but 
> we shouldn't accept their ugly hacks as best current practice.

"Best Current Practice" is *so* divergent from "Currently Deployed Practice"
that there's little or no common ground.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20040506/1d2e77f0/attachment.sig>

• Previous message (by thread): Worms versus Bots
• Next message (by thread): FW: Worms versus Bots
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]