Re: Compromising a host with pf enabled? | KernelTrap

Re: Compromising a host with pf enabled?

view
thread

Score:

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

[view in full thread]

From: Luca Corti <luca@...>

To: Misc OpenBSD <misc@...>

Subject: Re: Compromising a host with pf enabled?

Date: Tuesday, November 20, 2007 - 7:29 pm

On Mon, 2007-11-19 at 22:53 -0700, Clint Pachl wrote:
quoted text> In my DMZ research, some sources state that all services need to be 
> replicated in each DMZ. Following that advice, I would have to setup 
> Kerberos, ntp, backup, and DNS in each DMZ and the LAN; that sounds like 
> a lot of work. What do you guys think?

That you are basically bypassing your own firewall. Just create a third
subnet for your management services and allow only the lan and dmzs to
access it through the firewall. Not perfect but IMHO better than
establishing a direct path between a dmz and a lan and adding complexity
to monitor traffic on that path.

ciao

Luca

Previous message: [thread] [date] [author]
Next message: [thread] [date] [author]

Messages in current thread:

Compromising a host with pf enabled?, Clint Pachl, (Mon Nov 19, 10:01 pm)

Re: Compromising a host with pf enabled?, Chris Zakelj, (Mon Nov 19, 10:37 pm)

Re: Compromising a host with pf enabled?, Clint Pachl, (Tue Nov 20, 1:53 am)

Re: Compromising a host with pf enabled?, Darren Spruell, (Wed Nov 21, 11:09 am)

Re: Compromising a host with pf enabled?, Clint Pachl, (Wed Nov 21, 4:54 pm)

Re: Compromising a host with pf enabled?, Daniel Ouellet, (Wed Nov 21, 9:30 pm)

Re: Compromising a host with pf enabled?, Luca Corti, (Tue Nov 20, 7:29 pm)

Re: Compromising a host with pf enabled?, Greg Thomas, (Tue Nov 20, 12:13 am)

Re: Compromising a host with pf enabled?, Chris Zakelj, (Tue Nov 20, 12:29 am)

Re: Compromising a host with pf enabled?, Clint Pachl, (Tue Nov 20, 1:57 am)

Navigation

Mail archive search

Popular discussions


linux-kernel:
Linus Torvalds	Linux 2.6.27
Bart Van Assche	Integration of SCST in the mainstream Linux kernel
Greg KH	[GIT PATCH] driver core patches against 2.6.24
Alan Cox	[PATCH 00/80] TTY updates for 2.6.28
git:
Linus Torvalds	People unaware of the importance of "git gc"?
Linus Torvalds	[PATCH 1/6] diff-lib: use ce_mode_from_stat() rather than messing with modes manua...
Joakim Tjernlund	git-svn set-tree bug
Robert Collins	Re: VCS comparison table
openbsd-misc:
Marcos Laufer	dmesg IBM x3650 OpenBSD 4.3
Richard Stallman	Real men don't attack straw men
GVG GVG	ssh_exchange_identification: Connection closed by remote host
Samuel Moñux	Cyrus IMAP performance problems [Long]
linux-netdev:
Pekka Enberg	Re: [rfc][patch 3/3] use SLAB_ALIGN_SMP
Frithjof Hammer	Re: [LARTC] ifb and ppp
Evgeniy Polyakov	[2/3] POHMELFS: Documentation.
Maxim Levitsky	How I can reset TCP sockets after long suspend/resume cyscle

Latest forum posts


How to make my PCIE ATA storage device running in Linux	6 hours ago	Linux general
sata/ide timeout errors on asus server-mb	9 hours ago	Linux kernel
Shared swap partition	10 hours ago	Linux general
usb mic not detected	14 hours ago	Applications and Utilities
Problem in Inserting a module	15 hours ago	Linux kernel
Treason Uncloaked	20 hours ago	Linux kernel
high memory	3 days ago	Linux kernel
semaphore access speed	3 days ago	Applications and Utilities
the kernel how to power off the machine	3 days ago	Linux kernel
Easter Eggs in windows XP	3 days ago	Windows

Show all forums...

Recent Tags

2.6.27-rc8 quote bugs -rc -rc8 Linus Torvalds 2.6.27 Linux Intel

Colocation donated by:

Who's online

There are currently 3 users and 1363 guests online.

Online users

Syndicate