Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Firewall

1 view
Skip to first unread message

Theo de Raadt

unread,
Feb 25, 2000, 3:00:00 AM2/25/00
to
> I think ipf should have a password authentication when you run it or =
> disable it along with ipnat, lets say someone hacks your system by =
> sniffing your network and starts redirecting packets or gets a password =
> of this development system on lan, and disables the firewall to telnet =
> to it ?

That doesn't make sense.

He's got to break root. If he does, all bets are off.

I suggest you stop them from breaking root.

Patrick Ethier

unread,
Feb 25, 2000, 3:00:00 AM2/25/00
to
Hi,

IPF has an "auth" option. I've never bothered to test it and ignore how it
works but it is mentioned in the man pages.


Regards,

Patrick Ethier
pat...@secureops.com
-----Original Message-----
From: Jonathan Fortin [mailto:jfo...@revelex.com]
Sent: Friday, February 25, 2000 12:49 PM
To: mi...@openbsd.org
Subject: Firewall

I think ipf should have a password authentication when you run it or disable
it along with ipnat, lets say someone hacks your system by sniffing your
network and starts redirecting packets or gets a password of this
development system on lan, and disables the firewall to telnet to it ?

Regards,

Jonathan Fortin
Network Administrator

Revelex Canada
6830 Park Avenue
Suite 209
Montreal, Qc
H3N-1W7

business: (514) 274-5120 ext 228
cellular: (514) 975-3229
email: jfo...@revelex.com

Jonathan Fortin

unread,
Feb 25, 2000, 3:00:00 AM2/25/00
to
This is a multi-part message in MIME format.

------=_NextPart_000_0008_01BF7F86.44B1EE40
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable


I think ipf should have a password authentication when you run it or =
disable it along with ipnat, lets say someone hacks your system by =
sniffing your network and starts redirecting packets or gets a password =
of this development system on lan, and disables the firewall to telnet =
to it ?

Regards,


Jonathan Fortin
Network Administrator

Revelex Canada
6830 Park Avenue
Suite 209
Montreal, Qc
H3N-1W7

business: (514) 274-5120 ext 228
cellular: (514) 975-3229
email: jfo...@revelex.com


------=_NextPart_000_0008_01BF7F86.44B1EE40
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD W3 HTML//EN">
<HTML>
<HEAD>

<META content=3Dtext/html;charset=3Diso-8859-1 =
http-equiv=3DContent-Type>
<META content=3D'"MSHTML 4.72.3612.1706"' name=3DGENERATOR>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV>&nbsp;</DIV>
<DIV><FONT size=3D2>I think ipf should have a password authentication =
when you run=20
it or disable it along with ipnat, lets say someone hacks your system by =

sniffing your network and starts redirecting packets or gets a password =
of this=20
development system on lan, and disables the firewall to telnet to it=20
?</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT size=3D2>Regards,</FONT></DIV>
<DIV><FONT size=3D2></FONT>&nbsp;</DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT color=3D#000000 size=3D2>Jonathan Fortin<BR>Network=20
Administrator</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 size=3D2>Revelex Canada<BR>6830 Park =
Avenue<BR>Suite=20
209<BR>Montreal, Qc<BR>H3N-1W7</FONT></DIV>
<DIV><FONT color=3D#000000 size=3D2></FONT>&nbsp;</DIV>
<DIV><FONT color=3D#000000 size=3D2>business: (514) 274-5120 ext =
228<BR>cellular:=20
(514) 975-3229<BR>email: <A=20
href=3D"mailto:jfo...@revelex.co">jfo...@revelex.co</A>m<BR></FONT></DI=
V></BODY></HTML>

------=_NextPart_000_0008_01BF7F86.44B1EE40--


0 new messages