Timo Schoeler wrote:
thus Eero Volotinen spake:
An IP stack which is part of the kernel *is* (more or less) directly exposed to the internet as long as there's the appropriate cable connected to that machine.
Yes, I hope that IP-stack is not so buggy. Anyway, I think that is easier to exploit systems via normal tcp connection as the kernel ip stack.
You probably mean protocols on and/or above layer five. ;)
We have had our share of TCP flaws. And somethings in network devices we see them come right back again.
IP machinery is simple enough, but then there is ICMP and ICMP6, and IPv6 Neighbor discovery, and....
Anyway, I think that unprotected sshd is bigger risk than postfix or sendmail. Personally I cannot trust sendmail, so I am running postfix on most of mailiservers.
-- Eero
Timo _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos