[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ossig] Security Question

To: ossig@mncc.com.my
Subject: Re: [ossig] Security Question
From: Julian Gomez <julian@fomema.com.my>
Date: Tue, 29 Jul 2003 10:13:04 +0800
In-reply-to: <5E0626C8-C10D-11D7-B069-0003933D8F66@polyscientific.com.my>
References: <20030728060512.GC4937@localhost.localdomain> <5E0626C8-C10D-11D7-B069-0003933D8F66@polyscientific.com.my>
Reply-to: ossig@mncc.com.my
Sender: owner-ossig@mncc.com.my
User-agent: Mutt/1.4.1i

On Mon, Jul 28, 2003 at 11:08:38PM +0800, Seah Hong Yee spoke thusly:
>
>On Monday, July 28, 2003, at 02:05 PM, Christopher DeMarco wrote:

(snip)

>http://lists.insecure.org/lists/firewall-wizards/2001/Oct/0091.html
>
>My guess is running an interface in promisc does causes some problem. 
>Especially for firewall and since linux only allow this to be in root, 
>this can be a risk.

I've run snort and iptables on a mailserver without any problems. At one
point, my iptables rulesets were in excess of 1,500 separate entries. That
was for fun, I wanted to uniquely drop all daft Nimda connections (source
IPs) based on the Apache logs.

I've seen tcpdump do funny things when I have more than 2 instances running
together, but its never disabled my firewall rulesets. Even with the odd
problems with more than 2 instances running - that happened sporadically on
different boxes.

------------------------------------------------------------
To unsubscribe: send mail to ossig-request@mncc.com.my
with "unsubscribe ossig" in the body of the message

References:
- Re: [ossig] Security Question
  - From: Christopher DeMarco <cdemarco@fastmail.fm>
- Re: [ossig] Security Question
  - From: Seah Hong Yee <hongyee@polyscientific.com.my>

Prev by Date: Re: [ossig] University curriculum for OSS?
Next by Date: Re: [ossig] University curriculum for OSS?
Previous by thread: Re: [ossig] Security Question
Next by thread: [ossig] Re: [myoss] University curriculum for OSS?
Index(es):
- Date
- Thread