[ previous ] [ next ] [ threads ]
 
 From:  Chet Harvey <chet at pittech dot com>
 To:  Manuel Kasper <mk at neon1 dot net>
 Cc:  Jean Everson Martina <everson at inf dot ufsc dot br>, m0n0wall dash dev at lists dot m0n0 dot ch
 Subject:  Re: [m0n0wall-dev] Re: [m0n0wall] Restriction Modifications
 Date:  Mon, 20 Sep 2004 10:44:06 -0400
On the console password issue, I agree with Manuel. If someone has access to 
your firewall to do bad things, you have bigger problems. Also it's not like 
the user thru the serial interface can change rules. All they can do is 
add/delete interfaces and change IP's. If you want to disrupt service, just 
unplug it.


Not something a "hacker" would be too interested in anyway.

Rule change would be the badguys biggest thing. Any sys admin worth his/her 
salary would certainly notice the addition of an interface.


Chet Harvey
Pitbull Technologies <http://www.pittech.com/> 
Protecting your Digital Assets
703.407.7311


Quoting Manuel Kasper <mk at neon1 dot net>:

> On 20.09.2004 01:00 -0300, Jean Everson Martina wrote:
> 
> > He sometimes is a litle restrictive on this kind of patches. Like,
> > I'm working hard on monowall to have it internationalized, but he
> > didn't said anything about it. I don't know if it will be a good or
> > bad thing to do with monowall, but I'm doing to help people to work
> > with it in a more pleasant way.
> 
> I just don't like to say the same thing more than once:
> 
> <http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=71&actionargs[]=06>
> 
> > Another thing I did last week was two patches to have a litle
> > increase in m0n0wall console security, but no one said anything
> > about, if it was a god thing or a bad thing.
> 
> <http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=3&actionargs[]=56>
> 
> <http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=8&actionargs[]=37>
> 
> <http://m0n0.ch/wall/list/?action=show_msg&actionargs[]=26&actionargs[]=97>
> 
> The console is only meant for the initial setup and emergencies
> (password forgotten, etc.), which is also why there are only very few
> options in the menu.
> 
> - Manuel
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch
> 
>