Long Uptime

[lars]

Dmitry Mityugov wrote:
>>>Apart from that, I must agree with Dave Horsfall - please provide an IP.
>>
>>Is there a critical patch that you believe those machines would need?
>>Anything more serious than a potential denial of service attack?
Yes, I recommend all patches.
DOS is enough for me.

> Indeed. If the machine is properly firewalled, what kind of attack
> other than DoS can break it?
All those on vulnerabilites that were fixed in patches after the last one applied.

A firewall may or may not help you.

If the attack is on a jail to which you allow access through your firewall,
you've had it, e.g..

Or someone sends you a specially crafted file that exploits a vulnerability
described in FreeBSD-SA-05:11.gzip and/or FreeBSD-SA-05:14.bzip2.asc.
That's DOS, that kind of attack is serious enough for me to try to avoid.

Or someone gains root privileges via the vulnerability described in
FreeBSD-SA-05:16.zlib, FreeBSD-SA-05:17.devfs or FreeBSD-SA-05:18.zlib.

I mean it's great FreeBSD can sustain such a long uptime.
But, IMHO, it's nothing to brag about, since it simultaneously indicates
missing patches, which I find worse.
Planned downtime for maintenance is ok.

Kind regards,
lars.