Re: my isp is being told *i* am broadcasting spam?
The first mistake is running Windows.
The second mistake is not putting Windows machines all on their own
subnet with a firewall between it and the `good' machines on the Linux
subnet.
Aynone who can secure Windows itself with a firewall product has a ready
and steady market!
--
Sincerely,
David Smead
http://www.amplepower.com.
On Fri, 19 Apr 2002, dman wrote:
> On Thu, Apr 18, 2002 at 10:16:50PM -0700, David Smead wrote:
> | Noah,
> |
> | The more programs running on a computer, the less secure it is. A
> | firewall can run a mimimal system - see the LEAF project with deep Debian
> | roots. If you run a firewall running out of RAM then not only will it be
> | minimal, but no trojans can live beyond a reboot.
>
> Ok, that's cool. Now run IE on Windows on a client behind your
> firewall. Surf to a site running IIS and Nimbda. You've got Nimda.
> Lotta goog the firewall did there.
>
> | I'll let you tell me how a browser session of an internal user is hijacked
> | and then we'll discuss the missing rule in the firewall.
>
> The missing rule is that you let out requests destined for TCP port
> 80. (or 8080 or wherever that IIS server happens to be listening)
> Or, maybe the problem is the (insecure) IE client.
>
> -D
>
>
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: