RE: Router/Firewall Recommendation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



At 12:34 AM 6/24/2004, Otto Haliburton wrote:
Well, I guess the theory behind NAT is really simple and penetration is very
simple then, but I don't think so.  The first level is penetrated
automatically is a way of saying 'defeat the OS and you're in the world' and
that ain't no bullshit cause that is exactly what happens when you are
hacked.  You don't try to penetrate the defense, you penetrate the OS then
shutdown the defense, get it.  With the little blue box as you call it.  If
it fails then the network is lost period because all ip's are lost.

Apples and oranges, hence irrelevant. No relation between hacking a box and the box failing.


1. The LBB has an OS as well (see the Linksys WRT54G router, it runs Linux!), and even the ones in firmware have OS-level capabilities for what they do. So both the LBB and the Linux box *can* be hacked. Whether A or B has or has not *yet* been hacked is another argument, but claiming that one is perfect and the other is awful is just unreasonable no matter which side of the argument you prefer.

2. You said that "if the little blue box [...] fails" and explained that the boxes behind it are now secure since they are now cut off from the world. Well, no shit, Sherlock! OF COURSE if the box fails then everyone behind it is cut off and is thus "secure". If *any* router or firewall fails then the same thing happens. But we're talking about vulnerabilities, not failure. Your point has no value.

Routers are not perfect but they are a cheap nearly perfect
solution.

Weren't you saying just two messages ago that routers have problems, that they're "very vulnerable", etc.? Now it's just *your* favorite routers that are "a cheap nearly perfect solution"? I call bullshit... again, and for about the fifth time I think.


I don't like be called wrong and I am generally not, it takes all
of 15 minutes to get excellent security, vs 20 months of building security.

Oh, gee, now isn't *that* humble. Take your ego out of the equation and look at the nice, extreme things you are saying. Try to prove one or any of them, and argue them consistently and without mixing issues. See how far you get then.


I'm done. Anyone reading this thread (including you) who has enough sense to come in out of the rain should see the arguments on both sides and have made up their mind by now. I need some sleep, and I'm leaving on a trip for three days so I'll be offline.

Enjoy your LBB, as will some of my customers since they are nice little boxes. Others will enjoy their Linux boxes. And enjoy your hubris while it lasts.


-- Rodolfo J. Paiz rpaiz@xxxxxxxxxxxxxx http://www.simpaticus.com


-- redhat-list mailing list unsubscribe mailto:redhat-list-request@xxxxxxxxxx?subject=unsubscribe https://www.redhat.com/mailman/listinfo/redhat-list

[Index of Archives]     [CentOS]     [Kernel Development]     [PAM]     [Fedora Users]     [Red Hat Development]     [Big List of Linux Books]     [Linux Admin]     [Gimp]     [Asterisk PBX]     [Yosemite News]     [Red Hat Crash Utility]


  Powered by Linux