24 Nov
2009
24 Nov
'09
3:43 p.m.
An IP stack which is part of the kernel *is* (more or less) directly exposed to the internet as long as there's the appropriate cable connected to that machine.
Yes, I hope that IP-stack is not so buggy. Anyway, I think that is easier to exploit systems via normal tcp connection as the kernel ip stack.
Anyway, I think that unprotected sshd is bigger risk than postfix or sendmail. Personally I cannot trust sendmail, so I am running postfix on most of mailiservers.
-- Eero