| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon Aug 29 15:48:27 2005 From: hdw at kallisti.se (Anders B Jansson) Subject: RE: Example firewall script (iptables) Maybe you'd get more informative and less 'get a clue!' answers if you rephrased and explained your question a little. For one, what in the world is a firewall script? I'd guess it's firewall rules you're talking about. Second, in what scenario? Corporate firewall, SME, personal, school? Without knowing that the only answers you can get is that 'pass all' is bad, so is 'block all'. // hdw Bernardo Mart?n wrote: > Anybody have more information about bad example firewall script?? > > > > > -----Mensaje original----- > De: Bernardo Mart?n [mailto:bmartin@...ic-sl.com] > Enviado el: lunes, 29 de agosto de 2005 14:01 > Para: Full Disclosure > Asunto: RE: [Full-disclosure] RE: Example firewall script > > > I look for bad rules set to learn a little more. I thought that my question > was interesting because here there are many people who knows about this. Can > you recommend me any web or any book? > > > Thanks > > > > > -----Mensaje original----- > De: James Tucker [mailto:jftucker@...il.com] Enviado el: s?bado, 27 de > agosto de 2005 18:17 > Para: Full Disclosure > Asunto: Re: [Full-disclosure] RE: Example firewall script > > Screw these arguments. > > What you should really do is get a security consultant to teach you the > basics, and provide you with some exposure to the various different options > you may have available, and in the case of your request, offer you some of > the old horror stories. > > If your only aim is to learn, the I would suggest starting with your > firewalls documentation. Most firewall developers do have at least a > reasonable knowledge of firewall security and rule building. Moreover good > documentation will leave references to good physical sources (books, > courses, etc.). Getting back to the original question of BAD configurations > :) (yep, my ATD is higher today) you may find some reasonable examples in > high quality documentation too. > > You might try looking into any detailed hacking stories and statistics you > can find, as these may lead to some other interesting conclusions about > firewalls and their impacts on security too. > > Also, forums might be a good place to pick up bad firewall rules, you know > those places are filled with crap because people just can't resist trying to > show up the next guy and pretend to be the best. > > Just out of interest, why are you looking for Bad rule sets? > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
Powered by blists - more mailing lists