On 12/06/2012 10:41 AM, Les Mikesell wrote: > On Thu, Dec 6, 2012 at 9:13 AM, <m.roth at 5-cent.us> wrote: >> Disabling selinux, or at least setting it to permissive, I agree with. >> Turning down your firewall?! Anyone suggesting that is, IMO, either a) >> clueless, or b) a malware user/vendor trying to make life easier. Can >> anyone think of any other possibilities? > Someone with good site and subnet-level hardware firewalling. And a > good feeling that all the bad guys are on the other side of the > firewalls. Which I have. A Juniper branch firewall that I was given for testing purposes. And I am subnetted up the gazoo; I have a 64 address CIDR allocation that I have subnetted to /29s and /28s. I also use RFC1918 extensively. Afterall, I am one of its authors :)