[nos-bbs] Access control lists
(Skip) K8RRA
k8rra at ameritech.net
Tue Jun 3 19:57:48 EDT 2008
Greetings to all.
I'm looking over the subject of access control, and I've applied a
little of it on my site. So far it seems to be doing what it was
designed to do.
Here is something I see in how it operates:
A bogus SMTP SYN packet arrives via my radio port.
My site ACKS it and processes the SYN then frames a response.
The response is placed on the stack then access silently drops it.
The response does not transmit.
The objective is met -- the bogus record never gets a response.
That is good.
I'm comparing iptables from Linux as a model to jnos access controls.
ONE difference I see is that iptables filters both in and out traffic,
so *if* iptables technology were applied to jnos the bogus SYN record in
the above sample would would be dropped during input handling and would
not cause my site to process. I wonder if not dropping input opens jnos
up to known problem attacks because access stops only output?
Thanks for considering this!
73
de [George (Skip) VerDuin] K8RRA k
More information about the nos-bbs
mailing list