lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 12 May 2011 08:57:40 +1200
From: Craig Miskell <craig@...alyst.net.nz>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Sony: No firewall and no patches

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/05/11 23:05, phocean wrote:
>  Also, if you filter (and you should) both inbound and outbound traffic, 
>  how do you allow legitimate responses to the server?
I think Roland said earlier that outbound connections from these boxes
should be going out another interface, presumably (my presumption)
through a stateful firewall of some kind, because ACLs wouldn't be
sufficient.

This is perhaps the aspect that has been missed in this discussion
(mentioned once, not particularly picked up on, and not really noted
again).  It eliminates many of the concerns of using ACLs over stateful.

- -- 
Craig Miskell
Systems Administrator, Catalyst IT
DDI: +64 4 8020427
==
Everything about the *nix culture points to not
walking anywhere except possibly to a pub :-P
	- Jim Perrin on CentOS mailing list
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJNyvhEAAoJENezkH+p+mMXTRcQALarm9rALmeYrV9HMD0ydazH
bnqATleLZUlnnzeIh4Qk5T8bVClq0jrpX2Yl0PzGdvly3lM3Vk0GdM7HV7sHP0Ns
1x5Nw2cgk9id0NzltRrKkUPZ9TU3YJTIIyx+vULSIwqEKiQmXE3m3qDTvifsiHBF
ZCh3oa6kKI4rQoGTVtiEUUeJF6AXIF6O4xUaOiGiF1ZxjBvPpCBSNlcDf1SDmu2o
TPNbPS+mp06GKMXaymsSscYogtU35ce3nLQMojEBr0q13RdnIe+y7PK1/bdVeDkt
YU/4FyYIkh6A8VWpGIaWNR75HGNUJY7wl8Qf3fFPcZ8oo681NhnX5vXp/VCbyizv
V6OHbn+LL8bKurRKCPI1YI9G47C384uIClA1PWYEg9W7HETFg86NUFKgHGyISCai
QKn2MHH9KPW4x3OQJkQEfnCaSWHaXjW0DYbRt9Ui+rGrf5bsVntXS2J9Bz8XtB0r
ZGxSeq54u6wr2kXUiFr6Rph9X8MsmJl5P57ROdUbe9WbVEx6fWJ7HoWprePDxVWY
VN8wtWxBuuv0da2Ggf7MS8suHTMWpGQ21PISqjVc1Fe7EzIEOQb8FxWgk7hXR/R2
wFxn5qMICFMWZGpQ2rSoXK/3LgkwXey9Y1RpvMITIVNzVWBiC1RrHiFFm168Gyeg
1Gxybh4HjkVqWbT7dmdU
=6N5Y
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ