I've been hit by about everything, from one time to another. Be it simple
buffer overflows - SYN or Smurf attacks. And i've seen linux puke under
conditions that BSD sailed right through. I think that speaks for itself.
Linux isn't anything new to me. Aside from the old SysV/Xenix machines I
used, it was my first "personal" unix. I have had alot of experience with
it in both firewalled and non-firewalled enviroments. It's a great
personal work enviroment. It can't take high stress. I dare you to take a
Linux 2.X kernel machine- and hit it hard, with a syn attack. It will
puke, unless you have some serious CPU/Memory.
I've seen attacks hit a FreeBSD 2.2.X machine running on a *486/33* that
were correctly filtered and everything went on like normal. Similar
attacks on a Pentium 133 we were useing for testing (which now serves as a
quake server) made it "Kernel Panic - AHHHIIIIEEE" in a matter of about 10
Again, i'm only pointing out, it is just not a very suitable OS for large
networks, or anything where you're really worried about security. I could
name off about 10 different bugs - external, and internal, that is default
with most Slackware/Redhat/Debian installations.
The fact is: Linux is not designed by a group of people intent on makeing
a secure OS. It's hacked together, and there is always some new problem
with it. Be that security holes, kernel bugs, etc.
I'd rather place my bets with something time-tested, and worked on by a
set group of experienced individuals.
On Fri, 31 Oct 1997, Greg Whalin wrote:
> OK, fine, I can accept that this is your opinion. Unfortunately,
> platforms adequate for firewall use should not be based upon opinion, but
> on fact and/or example. What situations were you in when your system
> "cracked". If you have a linux system that is cracking when put to the
> test, then I question your ability to set up a "well configured, "stable"
> machine". As I have stated, I use several linux servers running on
> (actual) well configured platforms as corporate firewall systems with
> heavy network bandwidth demand. They perform brilliantly every time. I
> have zero OS related crashes in over two years of uptime. In fact, the
> only crashes I have handled are hardware related. I would venture a guess
> as to say that your statements are biased, or uninformed, or quite simply
> that you are not setting these systems up correctly.
> I am not here to say that linux is better than any BSD variant. In fact,
> I am not even discussing any BSD OS. I am simply stating that your claims
> as to the stability, reliability, and performance of linux as a viable
> firewall platform are wrong and without any basis of fact or example.
> Greg Whalin
> gwhalin @
> On Thu, 30 Oct 1997, john wrote:
> > Actually, i'm on a Linux 2.0.30 machine right now. I've run linux since
> > near it's inception and I can say it's a nice OS, for a devolper. I've
> > seen it put to the test - and granted - it sometimes runs ok, but far more
> > times i've seen it croak and die, on well configured, "stable" machines..
> > I've been running FreeBSD for all of my commercial applications, be they
> > serveing webpages, or firewalling, and i've been much more impressed with
> > it's stability, sense of security, and in some respects, it's preformance.
> > If I was to ever consider useing either of them for something that needed
> > to be protected, I would choose FreeBSD - no questions asked.
> > But I will always love Linux for my home masqueradeing setup :)
> > Not saying one is nessescarly better than the other, they both have their
> > applications. But for firewalling, and packet filtering, BSD definatly has
> > the edge. In my opinion.
> > On Thu, 30 Oct 1997, Joe Klemmer wrote:
> > > On Thu, 30 Oct 1997, john wrote:
> > >
> > > > In my experience... with the free OS's, this is what I have to say:
> > > >
> > > > Linux is good for low bandwidth situations where setup time is a concern,
> > > > and reliability isn't an absolute nesscity.
> > > >
> > > > FreeBSD/OpenBSD/NetBSD etc has proven to generally be reliable in
> > > > high-stress conditions, but isn't quite as easy to setup.
> > >
> > > It must have been a long time since you've looked at Linux, then.
> > > It's current state is equal or better at networking that the BSD's.
> > >
> > > ---
> > > Microsoft is not the answer. | In a World Without Fences,
> > > Microsoft is the question, | Who Needs Gates?
> > > NO is the answer. | Linux - http://www.linux.org
> > >
> > >