Page 1 of 5 123 ... LastLast
Results 1 to 10 of 42

Thread: BSD or linux?

  1. #1
    Senior Member
    Join Date
    Oct 2001
    Posts
    689

    Post BSD or linux?

    Ive recently read that the BSD's are able to handle certain denial of service attacks much better than linux. I looked around for the article, but couldnt find it. Is this another reason why a lot of people choose BSD over linux? I ask because although Im not concerned about out of the box security for linux, I am concerned with its ability to handle kiddie attacks.
    Wine maketh merry: but money answereth all things.
    --Ecclesiastes 10:19

  2. #2
    I read that somewhere on Daemon News, but I think it was a reader's opinion... If I remember correctly, the person was trying to say that Linux code wasn't written as "tight" as BSD, but in the light of DoS attacks, it was just a matter of fixing the code, and compiling it into the OS (whereas BSD didn't have to have as many patches because there was more control in the coding to begin with).

    I hope that helps (although I couldn't find the page it was on).

    (BTW... Just for the record... I don't have a Linux box, but I've set up several for people and small businesses. I like both of them, but I use BSD because that's what I'm most comfortable with. I have nothing whatsoever against Linux. )

    Rev
    Many will ask, \"Where do you want to go today?\" because they\'re still scratching for ideas.

    With *NIX, there\'s already a way. The sum of us just need roadmaps to get there.

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    638
    Ive recently read that the BSD's are able to handle certain denial of service attacks much better than linux. I looked around for the article, but couldnt find it. Is this another reason why a lot of people choose BSD over linux? I ask because although Im not concerned about out of the box security for linux, I am concerned with its ability to handle kiddie attacks.
    People tend to choose BSD over Linux because BSD has the edge when it comes to performance. In general, BSD's are faster and a BSD firewall can handle more traffic. BSD's also have a reputation for being more secure than Linux. This argument is subjective since it all depends on how you choose to configure the box. But a major point in BSD's favour is that it doesn't enable services by default the way that Linux does. You have to explicitly enable services that you want running with BSD. Other than that, the two OS's are pretty similar in functionality.
    OpenBSD - The proactively secure operating system.

  4. #4
    Senior Member
    Join Date
    May 2002
    Posts
    236
    BSD can be setup as a firewall, with the pf option it is able to filter out incoming packets and drop useless ones.

  5. #5
    Senior Member
    Join Date
    Apr 2002
    Posts
    711
    All in all, the Linux kernel, while based on BSD, could be said to not be "as tight" or even as "aged" as some of the "original" BSD4.3 kernels (from which most of the OpenSource BSDs are based - Free, Net and Open... as well as BSDi, the commercial offering); please forgive my heavy paraphrasing / toned-down-ness or whatever... Linux is still, admitedly, pretty young. If you want network performance out of it, forget it... yes, I know "it's fast" (or at least seems so), but it lacks where it really counts and performance suffers because of it (ie. don't use it as a busy firewall or IDS box). For example, the packet capturing algorithms used to be pretty indequate - while the BSDs use zero-copy packet captures, Linux... well... "doesn't" (unless that's recently changed, which I don't think it has or would have, etc). So, the long and the short of if in this question... if you want it to be able to absord and process the traffic, you're generally going to have better luck with a real BSD than with Linux.
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  6. #6
    Senior Member
    Join Date
    Apr 2002
    Posts
    711
    Originally posted here by smirc

    BSD's also have a reputation for being more secure than Linux. This argument is subjective since it all depends on how you choose to configure the box. But a major point in BSD's favour is that it doesn't enable services by default the way that Linux does. You have to explicitly enable services that you want running with BSD. Other than that, the two OS's are pretty similar in functionality.
    [Note - this isn't meant to be flaming or inflammatory, etc - good points by smirc, but I hoped to try to make a couple of small corrections to the generalities]

    I think I specically remember some (past) Linux vulnerabilities that would allow you to totally skip portions of the three-part handshake, getting you directly to the application layer. So, in this example, with identically configured BSD and Linux boxes the BSD machine would probably be much more secure.

    Also, some flavours of Linux now prompt you for services to bring up by default before it finishes the install... Mandrake does a pretty decent job of smacking the user and saying "hey bonehead - these types of servers are being enabled and will be network accessible - are you sure?"

    Finally, a system isn't "configured" and up for prime time until you plug that ethernet jack in... until then, you can edit and hack and harden all you need to or want on either/any platform (in fact, I recommend that you make sure to go through all these steps before you plug it in to ethernet... even Solaris or anytihng).

    In general, this is an abbreviated list of what I do when setting up a new box:

    [list=1][*]Disconnect any and all network connections from the machine[*]Install the machine from verified, read-only media[*]Find a separate machine to download the latest and greatest system patches[*]Disconnect my download machine from the network[*]Verify the patch authenticity[*]Burn the patches to CDROM or place the two machines on a physically private network segment[*]Install the most current system patches on the new machine[*]Harden the system (incl. turning off or removing all unneeded services, installing new security measures, etc)[*]Install a consistency checker of some sort (eg. tripwire)[*]Build the consistency database for the filesystem[*]Backup the system to tape[*]Verify the tape as readable/restoreable (restore a random file and verify the checksum).[*]Connect the machine back to the network and put it in production[/list=1]
    \"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    1,255
    Hey hey hey, Keep in mind it's not Linux itself that's 'enabling things by default', it's the distribution. RedHat 7.1 didn't enable FTPd for me, nor HTTPd, etc., etc.. I selected the typical install.

    I don't think Slackware has ever come with services enabled by default. You have to choose what you're going to enable after install time. Slack is an excellent secure distro, with a great track record.

    I'm not going to comment at all on the BSDs because I don't have any working knowlegde of the OS.
    Chris Shepherd
    The Nelson-Shepherd cutoff: The point at which you realise someone is an idiot while trying to help them.
    \"Well as far as the spelling, I speak fluently both your native languages. Do you even can try spell mine ?\" -- Failed Insult
    Is your whole family retarded, or did they just catch it from you?

  8. #8
    Computer Forensics
    Join Date
    Jul 2001
    Posts
    672
    ok guys, I couldn't resist this one.

    first off, the quote ".....linux.......enabling services by default" is only partially true. It will enable the services ONLY if you INSTALL the service to begin with...so what is the lesson learned here ?
    Don't install **** that you don't intend to run. (common sense right?)

    BSD is a broad topic to compare linux to. First off you are talking UNIX versus LINUX..
    UNIX is like LINUX's father as it were. They are two different entities all together.

    secondly, why is BSD so good ? 3 reasons, the kernel, its VM (virtual memory), and tcp/ip stack

    There are numerous papers and other writeups on these topics, all you gotta do is google it.

    (based on OpenBSD)
    What makes a BSD so hard to crack ? to put it in an easily understood manner...it's simple. That is it, its a simple OS. It has a core that it will install with services that are commonly used on said OS, but that is about it. you don't need anything else to run the system. Now of course there are other packages to install, roughly 1600 of them, but who needs them anyways. download your patches, install them, download kernel source, recompile your kernel for speed and other things( I dedicate 16 MB of ram to network traffic and other things as well) disable sendmail and other unused services, lock down some folders and delete some users, and wham, you have a system that OPENBSD touts "has not been cracked remotely in 4 years"........nothing else can say that.





    I took the liberty of doing a few google searches for you all.

    http://www.google.com/search?q=bsd+V...e=UTF8&oe=UTF8

    http://www.google.com/search?q=bsd+t...e=UTF8&oe=UTF8

    http://www.google.com/search?q=bsd+v...e=UTF8&oe=UTF8
    Antionline in a nutshell
    \"You\'re putting the fate of the world in the hands of a bunch of idiots I wouldn\'t trust with a potato gun\"

    Trust your Technolust

  9. #9
    Junior Member
    Join Date
    Dec 2001
    Posts
    23
    It's Five years now.

  10. #10
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    OpenBSD also has a team dedicated to auditing all the code that goes in the base install...
    So even sendmail that ususally has a bad rep is safe out of the box with obsd. It's also pretty routine to hear that openbsd found and fixed bugs/vulnerabilities first or that it isn't vulnerable to new found hacks because some ugly code was cleaned up before it was known to be exploitable...

    The bsd community (particularly OpenBSD) also has a different mindset: the development team doesn't have to anwser to anyone, so the can do things if/when the want. Good example of that would be OpenBSD's release cycle: every six months you get a stable release that you know things haven't been rushed in at the last minute. Control of the os is much more restricted.

    It's alot a mentality thing...


    Ammo
    Credit travels up, blame travels down -- The Boss

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •