Re: src/etc/rc.firewall simple ${fw_pass} tcp from any to any

看板FB_security作者時間19年前 (2006/11/12 05:19), 編輯推噓0(000)
留言0則, 0人參與, 最新討論串4/4 (看更多)
R. B. Riddick napsal/wrote, On 11/11/06 20:33: >> Statefull rules can stop the sophisticated intruder, but are often more >> vulnerable to DoS attacks. > Hmm... U mean, when someone creates a lot of states? > At least pf can limit that... Yes. "Limit" mean - some packet (connections, states) are denied. The rest is question - is algorithm smart enough to limit attackers packet but no legitimate connections (or, at least, try to block attacker and try not to block legitimate connections). Especially against attacker with full knowledge of algorithm. > But here it looks like just the good guys can create a state (from the > good-network via the public network to the trusted web sites), so that states > can't hurt, I think... Yes, in that case you are true. Dan -- Dan Lukes SISAL MFF UK AKA: dan@obluda.cz, dan@freebsd.cz,dan@kolej.mff.cuni.cz _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
更多 dan. 的文章
文章代碼(AID): #15LZvy00 (FB_security)
更多 dan. 的文章
文章代碼(AID): #15LZvy00 (FB_security)