[CentOS] firewall?

Sun Jul 17 16:21:38 UTC 2011
John R Pierce <pierce at hogranch.com>

On 07/17/11 1:24 AM, Ljubomir Ljubojevic wrote:
> If you check the frequency of Apache (httpd) security bugs on CentOS
> 5.x, I think you will see several Denial Of Service bugs, but only one
> or two that would allow code execution. And bug reports for Apache are
> made to secure mailing list so rest of the world is not aware of them
> until they are already fixed.
>
> So I would not be overly concerned about HTTP tunneling attacks.

most successful exploits of 'nix web servers involve poorly implemented 
user code, such as exploitable PHP, perl cgi, etc, things that allow sql 
insertion attacks, etc etc.

http://xkcd.com/327/



-- 
john r pierce                            N 37, W 122
santa cruz ca                         mid-left coast