Re: hurd does NOT need /hurd

To: debian-devel@lists.debian.org
Subject: Re: hurd does NOT need /hurd
From: Michael Stone <mstone@debian.org>
Date: Mon, 20 May 2002 15:48:16 -0400
Message-id: <[🔎] 20020520154816.Z5840@justice.loyola.edu>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20020520132531.B22215@lightbearer.com>; from lucifer@lightbearer.com on Mon, May 20, 2002 at 01:25:31PM -0600
References: <[🔎] Pine.LNX.4.33.0205192031530.9857-100000@yakko.doogie.org> <[🔎] 87it5ja8bt.fsf@becket.becket.net> <[🔎] 20020520051008.GB16576@azure.humbug.org.au> <[🔎] 20020520141603.GB1505@celeron.dekkers> <[🔎] 20020520145256.GF29854@212.23.136.22> <[🔎] 20020520151349.GB25130@azure.humbug.org.au> <[🔎] 20020520173448.GI1505@celeron.dekkers> <[🔎] 20020520180124.GB11058@ucsd.edu> <[🔎] 87u1p21vkq.fsf@becket.becket.net> <[🔎] 20020520132531.B22215@lightbearer.com>

On Mon, May 20, 2002 at 01:25:31PM -0600, Joel Baker wrote:
> Rule #1: attackers cannot attack what they cannot reach. Firewalls are not
> perfect; they can be misconfigured, disabled, and in some cases (which do
> apply to Debian), machine-based firewalls can have bugs in the firewalling
> code which expose parts of the machine despite the firewall, or machines
> behind the firewall. But I'll take a 99% reduction in attack vectors any
> day of the week, thanks.

For a host based firewall, the firewall is certainly less effective than
simply not listening on any ports.  You're right--attackers can't attack
what they cannot reach (in this case, what you're not running.)

-- 
Mike Stone


-- 
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: hurd does NOT need /hurd
  - From: Tore Anderson <tore@linpro.no>
- Firewalling (was: hurd does NOT need /hurd)
  - From: "Joel Baker" <lucifer@lightbearer.com>

References:
- Re: hurd does NOT need /hurd
  - From: Adam Heath <doogie@debian.org>
- Re: hurd does NOT need /hurd
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: hurd does NOT need /hurd
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: hurd does NOT need /hurd
  - From: Jeroen Dekkers <jeroen@dekkers.cx>
- Re: hurd does NOT need /hurd
  - From: Marcus Brinkmann <Marcus.Brinkmann@ruhr-uni-bochum.de>
- Re: hurd does NOT need /hurd
  - From: Anthony Towns <aj@azure.humbug.org.au>
- Re: hurd does NOT need /hurd
  - From: Jeroen Dekkers <jeroen@dekkers.cx>
- Re: hurd does NOT need /hurd
  - From: "John H. Robinson, IV" <jhriv@ucsd.edu>
- Re: hurd does NOT need /hurd
  - From: tb@becket.net (Thomas Bushnell, BSG)
- Re: hurd does NOT need /hurd
  - From: "Joel Baker" <lucifer@lightbearer.com>

Prev by Date: Re: hurd does NOT need /hurd
Next by Date: Re: where do NEW packages go?
Previous by thread: Re: hurd does NOT need /hurd
Next by thread: Re: hurd does NOT need /hurd
Index(es):
- Date
- Thread