My guess is, your Linux wasn't configured properly. Which Kernel were
you using on the Pentium 133 machine? You conveniently forget to
mention the version number for Linux. But you didn't forget the FreeBSD
version, did you? I can easilly setup a Linux box that will Kernel
panic from an attack. But just as easilly you can set one up that
won't.
I can give you a list of TONS of commercial web-servers from big
company's that are currently run on Linux. You may wonder how I know,
well, I helped set them up! :-)
>----------
>From: john[SMTP:zaph0d @
phawd .
com-stock .
com]
>Sent: Friday, October 31, 1997 2:04 AM
>To: Greg Whalin
>Cc: Firewall list
>Subject: Re: Linux et al PFs
>
>I've been hit by about everything, from one time to another. Be it simple
>buffer overflows - SYN or Smurf attacks. And i've seen linux puke under
>conditions that BSD sailed right through. I think that speaks for itself.
>
>Linux isn't anything new to me. Aside from the old SysV/Xenix machines I
>used, it was my first "personal" unix. I have had alot of experience with
>it in both firewalled and non-firewalled enviroments. It's a great
>personal work enviroment. It can't take high stress. I dare you to take a
>Linux 2.X kernel machine- and hit it hard, with a syn attack. It will
>puke, unless you have some serious CPU/Memory.
>
>I've seen attacks hit a FreeBSD 2.2.X machine running on a *486/33* that
>were correctly filtered and everything went on like normal. Similar
>attacks on a Pentium 133 we were useing for testing (which now serves as a
>quake server) made it "Kernel Panic - AHHHIIIIEEE" in a matter of about 10
>minutes.
>
>Again, i'm only pointing out, it is just not a very suitable OS for large
>networks, or anything where you're really worried about security. I could
>name off about 10 different bugs - external, and internal, that is default
>with most Slackware/Redhat/Debian installations.
>
>The fact is: Linux is not designed by a group of people intent on makeing
>a secure OS. It's hacked together, and there is always some new problem
>with it. Be that security holes, kernel bugs, etc.
>
>I'd rather place my bets with something time-tested, and worked on by a
>set group of experienced individuals.
>
>On Fri, 31 Oct 1997, Greg Whalin wrote:
>
>> OK, fine, I can accept that this is your opinion. Unfortunately,
>> platforms adequate for firewall use should not be based upon opinion, but
>> on fact and/or example. What situations were you in when your system
>> "cracked". If you have a linux system that is cracking when put to the
>> test, then I question your ability to set up a "well configured, "stable"
>> machine". As I have stated, I use several linux servers running on
>> (actual) well configured platforms as corporate firewall systems with
>> heavy network bandwidth demand. They perform brilliantly every time. I
>> have zero OS related crashes in over two years of uptime. In fact, the
>> only crashes I have handled are hardware related. I would venture a guess
>> as to say that your statements are biased, or uninformed, or quite simply
>> that you are not setting these systems up correctly.
>>
>> I am not here to say that linux is better than any BSD variant. In fact,
>> I am not even discussing any BSD OS. I am simply stating that your claims
>> as to the stability, reliability, and performance of linux as a viable
>> firewall platform are wrong and without any basis of fact or example.
>>
>> --------------------
>> Greg Whalin
>> gwhalin @
numerix .
com
>>
>> On Thu, 30 Oct 1997, john wrote:
>>
>> > Actually, i'm on a Linux 2.0.30 machine right now. I've run linux since
>> > near it's inception and I can say it's a nice OS, for a devolper. I've
>> > seen it put to the test - and granted - it sometimes runs ok, but far
>>more
>> > times i've seen it croak and die, on well configured, "stable" machines..
>> >
>> > I've been running FreeBSD for all of my commercial applications, be they
>> > serveing webpages, or firewalling, and i've been much more impressed with
>> > it's stability, sense of security, and in some respects, it's
>>preformance.
>> >
>> > If I was to ever consider useing either of them for something that needed
>> > to be protected, I would choose FreeBSD - no questions asked.
>> >
>> > But I will always love Linux for my home masqueradeing setup :)
>> >
>> > Not saying one is nessescarly better than the other, they both have their
>> > applications. But for firewalling, and packet filtering, BSD definatly
>>has
>> > the edge. In my opinion.
>> >
>> >
>> > On Thu, 30 Oct 1997, Joe Klemmer wrote:
>> >
>> > > On Thu, 30 Oct 1997, john wrote:
>> > >
>> > > > In my experience... with the free OS's, this is what I have to say:
>> > > >
>> > > > Linux is good for low bandwidth situations where setup time is a
>>concern,
>> > > > and reliability isn't an absolute nesscity.
>> > > >
>> > > > FreeBSD/OpenBSD/NetBSD etc has proven to generally be reliable in
>> > > > high-stress conditions, but isn't quite as easy to setup.
>> > >
>> > > It must have been a long time since you've looked at Linux, then.
>> > > It's current state is equal or better at networking that the BSD's.
>> > >
>> > > ---
>> > > Microsoft is not the answer. | In a World Without Fences,
>> > > Microsoft is the question, | Who Needs Gates?
>> > > NO is the answer. | Linux - http://www.linux.org
>> > >
>> > >
>> >
>>
>>
>
>
Follow-Ups:
|
|
