-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Fri, Jul 25, 2003 at 07:49:13PM +0200, Andreas von Heydwolff wrote: > What I wonder is whether it is potentially dangerous for me to have > iptables starting quite slowly on my 133MHz firewall machine,
Nope, not really. > And I now wonder whether a powerful thing like iptables is manageable by > an amateur with some half knowledge when even professionals have their > troubles. Of course it is. Not all professionals know what they're doing. > Or perhaps I am now in the process of learning the hard way > that the good enough firewall has to be on at *all* times, no matter what. No, however, a firewall is not the end-all, be-all of security. You don't have a really weak root password or something, do you? > I also wonder whether a stock Windows98 box is less of a hassle because > a friend who is not so security conscious is customer of the same cable > provider. Oh, hell no. You think iptables is hard, just *try* securing a Windows box. It can't be done. Windows exists exclusively to live on firewalled networks. Microsoft even says this somewhere in thier support knowledge base, "trustworthy computing" be damned. > Despite frequent hits on my firewall from the provider's > subnet to which he must more or less be subjected too he has never > reported anything problematic. Of course you're going to see traffic on your subnet. I *really, really* hate windows-based "personal firewalls" for instilling the idea that normal traffic somehow constitutes an attack (and that a windows box with a program listening on *every* port is somehow more secure than just shutting off listening services, or the idea that Windows can be secured from within at all). Other people use that subnet, too, and other people need to send broadcasts for DHCP, ARP and what not... > Do Linux boxen attract the more skilled attackers? Yes, but for every skilled attacker, there's thirty of fourty script kiddies waiting to nail Windows hosts. - -- .''`. Paul Johnson <[EMAIL PROTECTED]> : :' : proud Debian admin and user `. `'` `- Debian - when you have better things to do than fix a system -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE/Ign8J5vLSqVpK2kRAgi6AKCW6iTJqeb2C4WS3cwn74MzooZ1+wCgtgT6 X5Yi16KxjQ+fBd54ytyaZUg= =ZLyg -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
