Adam McKenna <adam@debian.org> wrote: > > How is one going to exploit a vulnerability in SSH if the connection is > dropped before they can input any data? By finding a vulnerability in TCP wrappers, should one exist, or even in the TCP stack of whatever operating system you're using. Using a stateful firewall means the attacker doesn't even get that far. > [ ... ] "Secure" > doesn't exist. There's only "as secure as I need it". And that's obviously not as secure as I like it. > Most web servers on the internet supply public information, thus they must be > reachable by all hosts. With this in mind I don't see how the above > paragraph is even applicable to the current discussion. It started as your example, I just carried it along. > [ ... ] This thread is about > the Debian default configuration of tcpd, which is currently broken. I wasn't addressing anything to do with the Debian default configuration of tcpd. I'm happy with how it is now, and don't care enough to fill the list with more crap about it. What I was addressing is your assertion that you can fully protect a machine from any attack using IP-based access lists with TCP wrappers instead of a stateful firewall. That's a little piece of misinformation that everyone can do without. > You don't know me -- don't presume to know what I do and do not understand. You're right, I don't know you. But I've read several posts of yours, and like I said, you seem to demonstrate a fundamental lack of understanding on the topic you're talking about. -- Sam Couter | Internet Engineer | http://www.topic.com.au/ sam@topic.com.au | tSA Consulting | OpenPGP key ID: DE89C75C, available on key servers OpenPGP fingerprint: A46B 9BB5 3148 7BEA 1F05 5BD5 8530 03AE DE89 C75C
Attachment:
pgpky4GWMp8N5.pgp
Description: PGP signature