|
Chris, Your firewall changes the TCP sequence numbers of your packets? Seriously? It's doing a lot more than just being a firewall, then... it's more akin to NAT. There are many times when you don't want your firewall messing with the contents of TCP/IP datagrams, and many instances where it is just not practical or logical to do. The operating system SHOULD be changed to not use predictable sequence numbers. OS/400 is intended to be a secure operating system, you should not need a 3rd party hack to make it safe. It really bothers me that open-source operating systems where the programmers don't even get paid for it can make the time to make these things secure, and have been doing so for years, while a huge corporation like IBM trails behind the pack. Really. IBM wants to take TCP/IP and security seriously, then they HAVE to fix things like this, and they HAVE to be proactive about it. On Thu, 12 Sep 2002, Chris Bipes wrote: > > If you put any server directly onto the internet you are asking for trouble. > Now if you have a firewall, it SHOULD be configured to randomize packet > headers thus preventing the attach they are talking about. Trying to secure > individual server is way too much work. It is easiest to secure you entire > network with a firewall. Now if they were testing IBM AS400 Firewall > product and you are running that, then I would reconsider a new firewall > product. What they were testing is somewhat unclear. >
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
