BSD or linux?

Printable View

Show 40 post(s) from this thread on one page

June 5th, 2002, 09:36 PM
draziw

Quote:

Originally posted here by iNViCTuS
That is why KD love Checkpoint so much. He has tried all the other firewalls and realizes they all suck. ;)

Kinda hate to say it, but CP is for people that want to point and click at their firewall... something easy enough for even management to bugger up, as some of my friends would say (yes, it's way easy to configure but just as easy to open up holes so big you could drive an entire caravan throught it). Guess that's why "big business" has gone after it so much... miracle of all miracles, they no longer need a security specialist or the like! (*cough*) Well, I'm sure some of hte other senior members here can tell you just how wrong that is...

CP has a lot of really big problems... and many design fallacies. As far as security, it would pretty much be at the bottom of my list as far as considerations. For ease of management and configuration, you might be surprised to learn that my opinion's about the same (though there are a few companies out there that are trying to help them fix that problem).

Me, I'd much rather have a Gauntlet box (pre-NAI though) or Sidewinder... then again, IPF or Raptor are fine, too (as well as a few others).
June 5th, 2002, 09:43 PM
KorpDeath

I'm not touching that one. Not me.

And draziw, Invictus was being facetious. Just to let you know.....hehehe
June 5th, 2002, 11:00 PM
linuxcomando

I love all unix :)
June 6th, 2002, 01:25 AM
str34m3r

Draziw,

I must amdit - I thought you were crazy when you talked about an older version of linux that passed the packets on to the application layer before the three way handshake had completed. But by sheer coincidence, I happened to come across a reference to what I think you were talking about.

Quote:

/var/log/secure
Apr 14 21:25:08 mozart in.rshd[11717]: warning: can't get client address: Connection reset by peer
Apr 14 21:25:08 mozart in.rshd[11717]: connect from unknown
Apr 14 21:25:09 mozart in.timed[11718]: warning: can't get client address: Connection reset by peer
Apr 14 21:25:09 mozart in.timed[11718]: connect from unknown
Apr 14 21:25:09 mozart imapd[11719]: warning: can't get client address: Connection reset by peer
Apr 14 21:25:09 mozart imapd[11719]: connect from unknown

Notice all the errors in the connections. Since the SYN-ACK sequence is torn down before a complete connection can be made, the daemon cannot determine the source system. The logs show that you have been scanned, unfortunately you do not know by whom. This behaviour only happens with older 2.0.x linux kerenls. To qoute Fyodor " ... based on all the 'connection reset by peer' messages. This is a Linux 2.0.XX oddity -- virtually every other system (including the 2.2 and later kernels) will show nothing. That bug (accept() returning before completion of the 3-way handshake) was fixed."

From a honeynet project whitepaper at http://project.honeynet.org/papers/enemy2/
June 6th, 2002, 02:23 PM
hogfly

Draziw: it is now obvious to me that you are talking out of your ass about firewalls...but that belongs in another forum...namely the firewall one.....
this is becoming a stupid thread and people are digressing from the topic......NEXT
June 7th, 2002, 08:56 AM
ThePreacher

Quote:

Originally posted here by linuxcomando
I love all unix :)

As do I, but Ive been seriously considering an alternative to linux lately out of sheer boredom. Perhaps BSD and linux working together on the same system would be a better alternative. Ive heard OpenBSD makes a great router.
June 7th, 2002, 09:30 AM
draziw

Quote:

Originally posted here by hogfly
Draziw: it is now obvious to me that you are talking out of your ass about firewalls...but that belongs in another forum...namely the firewall one.....
this is becoming a stupid thread and people are digressing from the topic......NEXT

Glad you think so... if you have some suggestions or ideas to the contrary - but all means, air them. But simply telling me I'm talking out of my a** with nothing concrete to back it up, well... who's the one talking out their butt? Please... refute me. I'd like to hear what you have to say.

Seriously... if there is something here that I have said in-error, or that perhaps I'm not as well "informed" on as you, please call me on it. I'd really like to be corrected and "set straight," so to speak. Simply telling me that I'm talking "out my a**" about things but not telling me what you think is incorrect or "off" serves no purpose, except to accuse and, in a way, call me names. Feel free to open up a topic in the firewalls section and send me a pointer to it, etc... I'd love to hear what you have to say.

(Note to all: I purposely tend to post on public (securitty-like) forums with "less than useful information" but enough to (hopefully) make a point - so, perhaps that's what you are referring to? dunno)
June 7th, 2002, 02:49 PM
hogfly

CP for people who want point and click firewalls ? I take it you have never modified the scripts for it then.

Why does big business like it so much ? simple...its one of the best around, its fast, effective, and powerful.

don't need a specialist to run it ? I weep for the company that has their secretary running CP.

Design flaws? name one company or product that doesn't.

As far as being at the bottom of your security list... are you reading upside-down ? CP has been at the forefront of the security push, they know what they are doing. If the product sucked as bad as you say then no-one would buy it.
CP has laid down the foundation for just about every up-and-coming firewall out there.

draziw: as for the flame war you would like to get into with me..it won't happen, why don't we argue about KDE vs. gnome or windows vs linux or some other senseless arguement ? catch my point ? If you like something..then by all means continue using it....You are entitled to your opinion just as I am mine. So I apologize for judging you based on your opinion. Once again, this thread is off topic.
and as for the red points...atleast have the courtesy to put your name on them.
June 7th, 2002, 08:26 PM
draziw

Wow... a pseudo-serious post from HogFly... good t'see... :)

Quote:

Originally posted here by hogfly
CP for people who want point and click firewalls ? I take it you have never modified the scripts for it then.

Actually, believe it or not, I've done a decent amount "sans gui" to it - and no, I don't mean the startup scripts. But it's not like this is anything that CP really makes known that you can do or that they "support," nor would I think it would occur to the majority of CP owners out there until they call their helpdesk with some odd problem that the GUI just can't easily touch, etc. Or unless you read phoneboy's site (is that even still around anymore?).

Quote:

Why does big business like it so much ? simple...its one of the best around, its fast, effective, and powerful.

don't need a specialist to run it ? I weep for the company that has their secretary running CP.

IMO (and I think in the opinion of the old CCSA/CCSE exams - I forget which was the bigger marketing one), it's "so simple even a secretary could run it." (ok, that's not a direct quote, but it's certainly part of their marketing BS somewhere)

Quote:

Design flaws? name one company or product that doesn't.

Fair enough. Have you tried turning off SNMP on your CP firewall though? No, no... you have to look at that one a little bit harder... Just stupid things like that tend to bug me...

(I, however, also must disclaim I haven't touched NG)

Quote:

As far as being at the bottom of your security list... are you reading upside-down ? CP has been at the forefront of the security push, they know what they are doing. If the product sucked as bad as you say then no-one would buy it.
CP has laid down the foundation for just about every up-and-coming firewall out there.

What big business does and what I do or any other security-minded professional does is often quite different. You and I know that it's simple to sell management weanies anything that appears "so wonderfully advanced and easy to understand that a secretary could run it." Look at ISS... it's the market leader but you can't tell me for one second that it's the best N-IDS implementation out there. I mean, it's not even close to the most flexible - but I can't think of many others that are as "simple" to understand and as easy to use. Simplicity has its place... in big businesses full of beaureacracy that don't have the sense to have a real security team or are so huge that the task is divided up in to many, many separate groups - none of which talk to each other if they even know each other exists. But I guess that's really who sales people want to sell to if they want to be "number 1."

The product is simple and looks snazzy... ever play with TIS' Gauntlet in the early days? Yeah, they had a GUI, but did anyone actually use it? Try selling that to some non-techie management smuck. Not gonna happen... but that product pretty much rocked (ok, ok... fine... it's a different type of firewall altogether)

Quote:

draziw: as for the flame war you would like to get into with me..it won't happen, why don't we argue about KDE vs. gnome or windows vs linux or some other senseless arguement ? catch my point ? If you like something..then by all means continue using it....You are entitled to your opinion just as I am mine. So I apologize for judging you based on your opinion. Once again, this thread is off topic.
and as for the red points...atleast have the courtesy to put your name on them.

Eh... flame war? Hardly - I'm actually not trying to flame (or be flamed) at all. You're the one that started with the "it's obvious to me you're talking out of your a**." Personally, I would love to hear what you have to say... feel free to set me straight. But, as you yourself say, we both have our own opinions and are entitled to them - perhaps my information is different than your's... perhaps I know more than I'm saying... perhaps I don't... you might never know unless you ask.

As far as red points? For what? As I said - I enjoy a good debate and you are entitled to your opinion weather I agree to it or not... that's not anything to give points over either way. Personally, if you disagree with me and give me a good argument, I'd much rather throw a few greenies your way, etc.

Anyway, I hope that helps shape some of my perspective, better... if you feel like talking further/openly, feel free to move the discussion to the firewall area.
June 9th, 2002, 01:46 PM
ExEleven

What i have to say on the matter......
Not being a guru of any kind... and my linux experience is 1.2 years now. I have tried FreeBSD and it is nice but didnt have the Linux Charm to it. And i also made my own Linux From Scratch once from reading a howto and found what i had made very limited..... but very secure. Think of Windows....
Some people say that Windows is more secure than Linux just from the number of exploits found
in linux compared to windows. They are wrong... Most Windows Expoits dont require all of the services open. Linux users like me are geeks and like an Open SSH port and a http port.... A windows box with a simple ping port open (9) can be D0Ses easily... Ever since i have used Linux i have hated Microsoft more. FreeBSD however is not the way i like an OS.... I like an OS more..... human.... freebsd and other bsd's have a classic unix look and feel.... I like linux because it is fast... My machine in Linux completes seti@home workunits in 9 hours.... and thats being done well i do all sorts of things... (In one of them i compiled Linux 2.4.18) yet Windows which i only run it a night where the machine is just generating noise out of my fan. It seems to do 43 hours per work unit....

And hello to "ThePreacher" as i know him from the Microsoft eradication socity forums which is www.windows-sucks.com and a nice week to all.

Show 40 post(s) from this thread on one page