Slashdot Mirror

linuxinsider

linuxtoday

firstlinux

linuxsecurity

and somewhat linux related but definitely awesome...

oreilly's meerkat

oreillynet and not so much news but definitely up to date...

ONLAMP

[If something does't seem completely logical or contradictory somewhere, like MS being on the same level with RedHat in one place and with Sun in another, that's probably because I'm merging things I found in two different articles that were written almost half a year apart]

You could look at it this way: for the past couple of years, the number of vulnerabilities discovered in WinNT and 2000 combined has been at approximately the same level as that for RedHat linux alone, and at about 50% of all linux distros combined. The absolute leader in the vulnerability top 100 is Mandrake, with M$ sharing the 4th position with Sun.
It's not because headlines don't cry out that the world is about to end everytime a hole is found in linux/solaris/unix, that none are found.

Only this year, and that's because MS expressly started searching for them, the number of vulnerabilities found in Win2000 is rising - above RedHat, but (at the time of the article I can't find anymore - see below) it still looked like it wouldn't surpass all of linux combined.

So where do you think attacks would me more successful?

Source: "here or here, "Windows more secure than Linux?"

I thought I saw another article last Friday with more recent figures (including the first months of 2002) and saying that this ratio, except for the peak in 2002, has been constant for a couple of years, but I can't find the blasted thing anymore.

Also interesting is this page where a number of people explain their ideas about win/lin security. I suppose most /. nerds are going to call it biased because linux doesn't exactly come out good.

Some people reacted to the first article that comparing a single OS to all flavors of linux combined isn't honest, but (1) NT and 2000 aren't a single OS any more than linux is and they represent a larger installed system base, (2) even in the case of a few individual linux distro's MS still wins, and (3) neither is combining all the good sides of different linux flavors, or comparing the holes in an OS plus those in all its apps to just an OS alone, and all of these are daily habits in linux advocacy if it fits the linux side.

• "TCP/IP Illustrated Vol.1" by Richard Stevens published by Addison-Wesley
• "Intrustion Detection: An Analysts Handbook" by Stephen Northcutt published by New Riders
• "Unix System Administration" aka The Red Book by Nemeth, et. al. I believe the Purple Book is the 3rd edition (I am open to corrections)
• 2600 The Hacker Quartlery. A quarerly zine that most slashdotters have read, subscribe to, (or in this new-age, have either never heard of it and/or will flame or mod this into oblivion)
• the "Hacking Exposed" series by Stuart McClure, et. al.

Duh.
Telnet AYT options overflow:
http://www.cert.org/advisories/CA-2001-21.html
Telnet TERMCAP vulnerability:http://www.linuxsecurity.com/advisor ies/freebsd_advisory-898.html

* Start with full root privileges as it normally does
* Bind to the privileged ntp port
* Drop all capabilities other than CAP_SYS_TIME
* Drop root privileges (preventing it from even writing to root-owned files)
* Continue normal operation as a regular administrative account

Currently, programs need to be modified to take advantage of capabilities. With filesystem capabilities, this sometimes won't be necessary. It might go something like this:

[root@magneto /root]# chattr +CAP_BIND xntpd

This would enable the xntpd process to bind to a socket without requiring root privileges prior to being run. Quite powerful. At the same time, it's also contains a certain potential danger due to making an unprivileged binary slightly privileged.

Look at Linux Security in the left upper coner thers a interesting Sponsor of LS.

A story about the insecurity of chroot - with sample code.

• When lynx calls external programs for protocols (e.g. telnet), the location is passed unchecked
• CERT Advisories: Lynx security issue! (Google cache)
• Vulnerability in Lynx Downloading, Vulnerability in Lynx Temporary Files
• ...

gack, do a google search and read up about how "SecurID" has been cracked and is not nearly as secure as vendors might lead you to believe... (As far back as 1996 they started finding problems) Here's an example discussion: http://www.linuxsecurity.com/articles/cryptography _article-2336.html

There's beta versions of 2.0.x out now but read the security notice here

It's not accurate to say the vulnerability was discovered "just a few hours" ago. I got an e-mail from a Mozilla security list on Feb. 19 with the subject "serious zlib vulnerability". The first line of the message was "It's very important that this doesn't leak out until after March 11th, when vendors should have fixes available." If you look at the references from Red Hat's page about the vulnerability, you'll see documents with dates like 2/5 and 2/7.

Asa informs me that the zlib bug and its announcement on Slashdot today didn't influence the decision to release Mozilla 0.9.9 today. He was already planning to release today, and since the zlib vulnerability was made public this morning, it made sense for the release notes to mention that it is fixed in this build.

According to one of the provided links, the problem was originally discovered when an invalid PNG file caused libPNG to crash. I'd like to get this PNG file and throw it at a development server here at work before a script kiddie posing as a customer does. Any idea where I can get the PNG of death?

Seems to indicate packages that should be immediately upgraded.

Security Bulletin here.

Here.

Some More Links.

Some More Links.

This article gives more information, and links to vendor advisories: http://www.linuxsecurity.com/articles/security_sou rces_article-4582.html.

Further, no one ever asks your major once you've worked one job in the field...

Further, no one ever asks your major once you've worked one job in the field...

Apparently, if you'd believe the Linux community, you'd be hard-pressed upon where to place the blame. You see, the Linuxist Manifesto's number one rule is to lie to protect the best interests of Linux. No self-respectable Linux zealot would insult or place blame upon AMD, because AMD's philosophy centers around tackling American Corporations with their Asian sweatshops, selling their chips at bargain-basement prices like the Red Menace Commies do with their Wal-Mart shit.

So, right about now, you're probably thinking that the zealots are clearly in a dilemma. Who are they going to blame? If you have a prediction before I tell you, the poll is on the right. Or maybe the left. Either way, take your pick.

You'd think that the parasitic community would place blame upon Microsoft, right? Alas, Microsoft has had the bug patched since September 2000. Not only that, Windows XP , the latest in the suite of high-powered, stable operating systems from Microsoft Corp., has this patch built in. That's right, built in. Keep in mind that Windows XP was released in October 2001, over three months ago. Meanwhile, no one knows what the hell Alan Cocks has been doing since then, since he hides under the cloak of secrecy. nVidia has been informing users via tech support, even to the Linux community, how to fix the problem for months now. Clearly the blame is upon Alan Cocks's shoulder, but to place the blame where it is rightfully justified is inexcusable in the Linux community. The drones are in disarray.

The actual bug occurs when Linux users contract the Tux Racer virus via KEmail. When first run, Tux Racer enables a feature in your third-world sweatshop AMD processor called "extended paging." Now, I know you're probably thinking that this sounds like some sort of Nokia feature. Well, you're wrong. It's yet another feature that AMD illegally hacked from Intel. It allows your browser to seamlessly view pages up to 4Mb in size. Before its introduction in the early days of the Intel Pentium processor, web pages were broken up into 4K segments, because any pages larger would freeze the computer. That's why Microsoft didn't invent Javascript until after the Pentium, every time they went to use it, their pages exceeded 4K, and henceforth froze the computer. Intel came to the rescue with the Pentium line of chips, and, as usual, AMD got out their super high tech Asian hacking tools and "reverse-engineered" (code-name for 'illegally hacked') Intel's technology. Thus, users of the inferior AMD Cyrix Kx86-2 Now! processor could also view large web pages without crashing. So why did no one notice that pages larger than 4K would crash AMD processors? Well, Microsoft has had a fix for 16 months, like we mentioned earlier. But why did no one from the Linux community notice? Well, apparently, there does not exist a page devoted to Linux that is more than 4K in size. Since most of the Linux installations out there denounce color as 'feature bloat,' all Linux pages follow an unwritten oath to suck. Believe me, they all do.

So, for the good of Linux, you may now disperse. Head off to various tech sites and continue blaming Microsoft for not telling you sooner. Your community will thank you.

Apparently, if you'd believe the Linux community, you'd be hard-pressed upon where to place the blame. You see, the Linuxist Manifesto's number one rule is to lie to protect the best interests of Linux. No self-respectable Linux zealot would insult or place blame upon AMD, because AMD's philosophy centers around tackling American Corporations with their Asian sweatshops, selling their chips at bargain-basement prices like the Red Menace Commies do with their Wal-Mart shit.

So, right about now, you're probably thinking that the zealots are clearly in a dilemma. Who are they going to blame? If you have a prediction before I tell you, the poll is on the right. Or maybe the left. Either way, take your pick.

You'd think that the parasitic community would place blame upon Microsoft, right? Alas, Microsoft has had the bug patched since September 2000. Not only that, Windows XP , the latest in the suite of high-powered, stable operating systems from Microsoft Corp., has this patch built in. That's right, built in. Keep in mind that Windows XP was released in October 2001, over three months ago. Meanwhile, no one knows what the hell Alan Cocks has been doing since then, since he hides under the cloak of secrecy. nVidia has been informing users via tech support, even to the Linux community, how to fix the problem for months now. Clearly the blame is upon Alan Cocks's shoulder, but to place the blame where it is rightfully justified is inexcusable in the Linux community. The drones are in disarray.

The actual bug occurs when Linux users contract the Tux Racer virus via KEmail. When first run, Tux Racer enables a feature in your third-world sweatshop AMD processor called "extended paging." Now, I know you're probably thinking that this sounds like some sort of Nokia feature. Well, you're wrong. It's yet another feature that AMD illegally hacked from Intel. It allows your browser to seamlessly view pages up to 4Mb in size. Before its introduction in the early days of the Intel Pentium processor, web pages were broken up into 4K segments, because any pages larger would freeze the computer. That's why Microsoft didn't invent Javascript until after the Pentium, every time they went to use it, their pages exceeded 4K, and henceforth froze the computer. Intel came to the rescue with the Pentium line of chips, and, as usual, AMD got out their super high tech Asian hacking tools and "reverse-engineered" (code-name for 'illegally hacked') Intel's technology. Thus, users of the inferior AMD Cyrix Kx86-2 Now! processor could also view large web pages without crashing. So why did no one notice that pages larger than 4K would crash AMD processors? Well, Microsoft has had a fix for 16 months, like we mentioned earlier. But why did no one from the Linux community notice? Well, apparently, there does not exist a page devoted to Linux that is more than 4K in size. Since most of the Linux installations out there denounce color as 'feature bloat,' all Linux pages follow an unwritten oath to suck. Believe me, they all do.

So, for the good of Linux, you may now disperse. Head off to various tech sites and continue blaming Microsoft for not telling you sooner. Your community will thank you.

Apparently, if you'd believe the Linux community, you'd be hard-pressed upon where to place the blame. You see, the Linuxist Manifesto's number one rule is to lie to protect the best interests of Linux. No self-respectable Linux zealot would insult or place blame upon AMD, because AMD's philosophy centers around tackling American Corporations with their Asian sweatshops, selling their chips at bargain-basement prices like the Red Menace Commies do with their Wal-Mart shit.

So, right about now, you're probably thinking that the zealots are clearly in a dilemma. Who are they going to blame? If you have a prediction before I tell you, the poll is on the right. Or maybe the left. Either way, take your pick.

You'd think that the parasitic community would place blame upon Microsoft, right? Alas, Microsoft has had the bug patched since September 2000. Not only that, Windows XP , the latest in the suite of high-powered, stable operating systems from Microsoft Corp., has this patch built in. That's right, built in. Keep in mind that Windows XP was released in October 2001, over three months ago. Meanwhile, no one knows what the hell Alan Cocks has been doing since then, since he hides under the cloak of secrecy. nVidia has been informing users via tech support, even to the Linux community, how to fix the problem for months now. Clearly the blame is upon Alan Cocks's shoulder, but to place the blame where it is rightfully justified is inexcusable in the Linux community. The drones are in disarray.

The actual bug occurs when Linux users contract the Tux Racer virus via KEmail. When first run, Tux Racer enables a feature in your third-world sweatshop AMD processor called "extended paging." Now, I know you're probably thinking that this sounds like some sort of Nokia feature. Well, you're wrong. It's yet another feature that AMD illegally hacked from Intel. It allows your browser to seamlessly view pages up to 4Mb in size. Before its introduction in the early days of the Intel Pentium processor, web pages were broken up into 4K segments, because any pages larger would freeze the computer. That's why Microsoft didn't invent Javascript until after the Pentium, every time they went to use it, their pages exceeded 4K, and henceforth froze the computer. Intel came to the rescue with the Pentium line of chips, and, as usual, AMD got out their super high tech Asian hacking tools and "reverse-engineered" (code-name for 'illegally hacked') Intel's technology. Thus, users of the inferior AMD Cyrix Kx86-2 Now! processor could also view large web pages without crashing. So why did no one notice that pages larger than 4K would crash AMD processors? Well, Microsoft has had a fix for 16 months, like we mentioned earlier. But why did no one from the Linux community notice? Well, apparently, there does not exist a page devoted to Linux that is more than 4K in size. Since most of the Linux installations out there denounce color as 'feature bloat,' all Linux pages follow an unwritten oath to suck. Believe me, they all do.

So, for the good of Linux, you may now disperse. Head off to various tech sites and continue blaming Microsoft for not telling you sooner. Your community will thank you.

Apparently, if you'd believe the Linux community, you'd be hard-pressed upon where to place the blame. You see, the Linuxist Manifesto's number one rule is to lie to protect the best interests of Linux. No self-respectable Linux zealot would insult or place blame upon AMD, because AMD's philosophy centers around tackling American Corporations with their Asian sweatshops, selling their chips at bargain-basement prices like the Red Menace Commies do with their Wal-Mart shit.

So, right about now, you're probably thinking that the zealots are clearly in a dilemma. Who are they going to blame? If you have a prediction before I tell you, the poll is on the right. Or maybe the left. Either way, take your pick.

You'd think that the parasitic community would place blame upon Microsoft, right? Alas, Microsoft has had the bug patched since September 2000. Not only that, Windows XP , the latest in the suite of high-powered, stable operating systems from Microsoft Corp., has this patch built in. That's right, built in. Keep in mind that Windows XP was released in October 2001, over three months ago. Meanwhile, no one knows what the hell Alan Cocks has been doing since then, since he hides under the cloak of secrecy. nVidia has been informing users via tech support, even to the Linux community, how to fix the problem for months now. Clearly the blame is upon Alan Cocks's shoulder, but to place the blame where it is rightfully justified is inexcusable in the Linux community. The drones are in disarray.

The actual bug occurs when Linux users contract the Tux Racer virus via KEmail. When first run, Tux Racer enables a feature in your third-world sweatshop AMD processor called "extended paging." Now, I know you're probably thinking that this sounds like some sort of Nokia feature. Well, you're wrong. It's yet another feature that AMD illegally hacked from Intel. It allows your browser to seamlessly view pages up to 4Mb in size. Before its introduction in the early days of the Intel Pentium processor, web pages were broken up into 4K segments, because any pages larger would freeze the computer. That's why Microsoft didn't invent Javascript until after the Pentium, every time they went to use it, their pages exceeded 4K, and henceforth froze the computer. Intel came to the rescue with the Pentium line of chips, and, as usual, AMD got out their super high tech Asian hacking tools and "reverse-engineered" (code-name for 'illegally hacked') Intel's technology. Thus, users of the inferior AMD Cyrix Kx86-2 Now! processor could also view large web pages without crashing. So why did no one notice that pages larger than 4K would crash AMD processors? Well, Microsoft has had a fix for 16 months, like we mentioned earlier. But why did no one from the Linux community notice? Well, apparently, there does not exist a page devoted to Linux that is more than 4K in size. Since most of the Linux installations out there denounce color as 'feature bloat,' all Linux pages follow an unwritten oath to suck. Believe me, they all do.

So, for the good of Linux, you may now disperse. Head off to various tech sites and continue blaming Microsoft for not telling you sooner. Your community will thank you.

IANAlan Cox, but what 99% of the people in this discussion fail to realize is that this probably has nothing to do with the future of Redhat/Linux, but with the principles involved.

Fact: Alan Cox has serious issues with the DMCA, both practical and philosophical.

Fact: AOL/Time-Warner, being an industry leader in the area of movies and such, is a proponent of the DMCA and other similar laws.

Alan, being a man of principle, probably feels that the merger would be a bad thing becuase of this, and his working in the resulting company would comprimise things that he believes in. Unlike many people in this world (and, it seems, on slashdot), he feels the finding a new job is the proper course of action in this case.

As an aside, the non-Alan consequences of this are interesting - AOL/TW owns RH, in order for RH to play DVDs (which is an important feature of a modern desktop OS) it needs to violate the DMCA, AOL/TW supports the DMCA. So with AOL/TW owns a product that endorses breaking the DMCA, or they give RH (and by that, perhaps all of Linux/x86) a "legal" (if not open) method to play DVDs.

The SecurID tokens work pretty well; they represent a nice balance of security and ease of use for the inexperienced user. The server software is a hulking piece of difficult-to-manage bloatware (it was when I last used it two years ago, in any case), but it's generally being installed and used by experienced folks.

The cards themselves have some tamperproofing that protects them from casual disassembly, but it doesn't look like something that's designed to withstand a determined attack. I think it'd be much harder, though, to access the internals of the card in a way that wouldn't leave obvious visible evidence of tampering--I'm guessing this was the design goal, not total tamperproofing.

The algorithm used by the cards isn't something that RSA publishes, but it's been out in the open for a while now.

The cards are each preloaded with a secret key, which is also loaded onto the SecurID server that does the authentication. Without the secret key, the algorithm doesn't do you that much good so long as it isn't easily possible to derive the secret key from a sequence of the displayed number. The jury is still out as to whether this is possible. But assuming there aren't obvious holes in the algorithm, one has to obtain the keying material from the server (where it's presumably closely guarded) or from the physical token itself. Doing the latter would require theft of the token or tampering in a way that would be obvious to the user.

In the Howto's only the basics are mentioned.
In the manpage, lots of options are explained.
For examples you will want to search freshmeat.net.

A few of my bookmarks:
http://www.lysator.liu.se
http://64.39.18.129
http://www.linuxsecurity.com

And some example scripts you might not find on freshmeat.net:
http://nerdfest.org
http://chaosmongers.org

There are several sites for "Jam Echelon Day" which was October 21. An email generator that will send email to Echelon (on your behalf) can be found at http://uid0.sk/echelon/mail_en.php And a very detailed site can also be found over at Linux Security at http://echelon.linuxsecurity.com/

AFAIK, banks have a own seperated network.

The DARPA-NET was created to provide a mean to communicate after a nuclear-strike or any other physical attack.
It should be redundant (and by this mean fault tolerant).
Therefor all partners were more or less equal.
It didn't matter which way the packets go and it shouldn't matter.
Security was never a main issue as you can see from the amount of security flaws, which exist(ed) in TCP/IP.
Granted, IPv6 seems to tackle these problems, but it is still not in use. And sometimes it's easier to build something new than to change the existing (I would suggest doing the same with tax law).

What was the best network security tool again? IRC, pliers.

Here are some of the more promising results of a search from google.com (String used was :unix ref card pdf)

Unix Cheat Sheet
Unix Cheat Sheet
From Rice University : Very basic
Another Too large and outdated
Selection of Unix, Vi, and Emacs refferences Courtesy Univ. of Alberta.ca

You should be able to find what you need easy enough. I should also highly reccommend to everyone the linuxsecurity.com Linux Security guidesheet. Damn good reading to hardening your system. Here

Toodles

Heres what I was just about to submit:

LaBrea - The Tarpit: Keep your friends close, your enemies closer.
- -
With the recent proliferation in worms (Code Red, Sircam, Nimda, etc) beyond either switching to a more secure? webserver or keeping up to date with the patches for your own and hoping that others do the same; approaches to actively dealing the problem have been limited. One can try to either contact the administrator[s] of the machines infected or take a slight more risky proactive approach. 'LaBrea' - The Tarpit offers proof of concept? for an interesting open source approach.
Linux today, Wired and Linuxsecurity have covered this developing project, more information is available from Hackbusters here, here, here, here, here, or here.
- -
Im off to sulk. :)

Heres what I was just about to submit:

LaBrea - The Tarpit: Keep your friends close, your enemies closer.
- -
With the recent proliferation in worms (Code Red, Sircam, Nimda, etc) beyond either switching to a more secure? webserver or keeping up to date with the patches for your own and hoping that others do the same; approaches to actively dealing the problem have been limited. One can try to either contact the administrator[s] of the machines infected or take a slight more risky proactive approach. 'LaBrea' - The Tarpit offers proof of concept? for an interesting open source approach.
Linux today, Wired and Linuxsecurity have covered this developing project, more information is available from Hackbusters here, here, here, here, here, or here.
- -
Im off to sulk. :)

The Cheese Worm seems to constitute exactly what you want. Cheese actually sought out Linux hosts infected by the Lion worm and removes any backdoor root shells from /etc/inetd.conf . Some say the Cheese Worm constitutes the first hack-of-a-hack known.

Another first for Linux and Open Source software!

what does the future bring with the .Net strategy? Lost privacy? Stupid security bugs everywhere? Pay-to-play software?

Typical anti-MSFT FUD.
I haven't lost any privacy using .NET (no, you do NOT have to use passport).
Security bugs? Yes, IIS has had and still has a HUGE problem with these rediculous buffer overflows, but it doesn't look like MSFT is the only one with recent major security problems.
Pay-to-play is a business decision, and is not an inherint attribute of .NET.

what are the chances that .Net vulnerabilities will have reprocussions across all Internet services and platforms?

What are the chances that the same goes for J2EE with Sun ONE? It's the nature of the interconnected beast.

This week, Microsoft announced that it will work with Corel to port the .NET Common Language Infrastructure and the C# programming language to open-source OS FreeBSD, a Linux competitor ... Contrary to reports, this porting effort doesn't constitute an implementation of .NET on FreeBSD, but involves only some of the low-level technologies that are part of .NET. Microsoft's decision to use FreeBSD rather than the far more widely used Linux is reportedly because of the company's disdain for Linux's GNU Public License (GPL), which Microsoft has described as "Pac-Man like" and "a cancer." The FreeBSD license is reportedly far more amenable to Microsoft because the license doesn't require the author of commercial works to provide the source code to others, as does the GPL.

• 1. LinuxNewbie -- They've got tutorials on just about everything.
  1. The Linux Security Portal
  1. The raQ3 download site -- security patches here
  1. CommuniTech's satisfaction ratings with EOpinions - looks like you're not the only dissatisfied customer
  1. A bunch of Linux security stuff here
  
  
  Hope this helps...

There's an interview with the AES winners on LinuxSecurity.com:

LinuxSecurity.com Speaks With AES Winner

http://www.linuxsecurity.com/fwdoc.html

Nice to see Dave Wresky on Slashdot. He is one of the good guys, and you should use his company Guardian Digital if you need consulting. He is smart, nice and a technical whiz. I've heard Paul "Rusty" Russel give him a solid thumbs up... Security doesn't get better than having the guy who wrote all the firewall code give you an endorsement! see linuxsecurity.com

LinuxSecurity.com is offering bandwith to download the images at http://honeynet.linuxsecurity.com/

A project such as this does such a good job of exposing users to the methodologies of the black hat community. This is a great project for anyone who has even been hacked or might be hacked in the future. Its an excellent idea to play with a compromised system to see what one looks like, what gets "messed with" and what needs to be fixed.

-mark

LinuxSecurity.com is offering bandwith to download the images at http://honeynet.linuxsecurity.com/

A project such as this does such a good job of exposing users to the methodologies of the black hat community. This is a great project for anyone who has even been hacked or might be hacked in the future. Its an excellent idea to play with a compromised system to see what one looks like, what gets "messed with" and what needs to be fixed.

-mark

Isn't this more of a server concern? I mean, even if my system was "compromised" (the official-sounding wording in the FAQ) why would I truly care?

Section5.2 of the FAQ covers this. Kind of. Do you want to explain to the police that you didn't know about the warez and child porn on your hard drive?

All-in-all, would I even need security if there wasn't the internet? If the machine was just sitting in my room and the only thing that could "attack it" is a 12-year old brother with a misladen hockey stick? Probably not.

Less so, maybe, does your 12-year-old brother never swap Word documents or games with friends? But then who would want to disseminate viruses and trojans, they serve no purpose, right?

I have done some Linux tutorials and the sites I have utilized the most have been Rootprompt.org and LinuxSecurity.com. Rootprompt has alot of excellent "essays" on lots of different topics relating to Unix and Linux that can easily be converted to micro-lectures.

LinuxSecurity is more specialized, but when you do get to your security lecture, their "Reference Card" is indisposable.

Hope this helps some, and keep teaching!

-Redux

All in all Bindv9 sounds good. Some have been real critical that it will have bugs etc etc, so whats the deal...I dont think there is any major SW out there that has 0 bugs. Especially in .0 release. If they squash or work around the bugs quickly and efficiently I am satisfied. Monitor the various lists and web sites if your an admin, basically its a job req. I wish it wasn't but then again so do most of the SW developers.

Having said all that I must admit the comment about security being "an indirect goal" by Paul was a bit disconcerting to me too. But then David's comment that it was a "core requirement." Different viewpoints ? Quick damage control by D.C. ?

Frank van Vliet, aka {}, was as well the wizard who managed to put an IIS banner on apache.org some months ago.. I'm really curious for his next hack!
Here is an interview on LinuxSecurity with him.

Google search found This good interview with you...

I'm running an OpenBSD filtering bridge between my LAN and cable modem. Its a 486 33, with 16 MBs RAM. I've had so speed issues, and the logging with ipf is excellent. An ipf howto can be found here. Near the bottom there is a section(B.2?) on how to work with bridges.

I've found http://www.linuxsecurity.com pretty useful.