
28 Mar
2001
28 Mar
'01
15:32
I'm still learning. Can you clearify for me about dns on your packet filter? What I gather from your ideal here is this: - no nameserver runs on the filter. - the resolver on the filter does not point to internal (or DMZ even) nameservers. - /etc/hosts on filter lists localhost only. Does the packet filter need access to any nameservice at all? On Tue, Mar 27, 2001 at 04:44:16PM +0200, Thomas Michael Wanka wrote:
2) there must not be access to a dns server mapping the protected network thus one must browse the log files to get an idea of the members of the internal network and make it as hard as possible to browse files (no editor),
-- -ashley One of these days I'm going to completely organize my life.