--On Monday, June 18, 2001 13:48:50 -0400 Noah Meyerhans <[EMAIL PROTECTED]>
wrote:
> Why not? You've not given any reason at all. Do you know of any
> malicious behavior that is made possible by leaving the services turned
> on? The potential exists to use the chargen feature as a part of a DoS
That's completely the wrong way to look at it. You should be saying, "Do I
need this for anything?" If you don't need it, then turn it off.
When you _do_ turn something on, then you need to look into the security
risks involved in doing so.
Just because something is there is not a valid reason for running it.
You'll save yourself a lot of grief if keep what you have running to a
minimum.
If nothing else, a future breakin might be easier to handle if you have
fewer things open. You'll be able to zero in on the hole more quickly in
most cases.
It's just sound practice to control everything that you can. There will be
plenty of things that you will need to leave open without adding more. :-)
> Really I'm just playing devil's advocate here. I don't care if they're
> turned off or not. I've just never seen any evidence that there's any
> reason for concern over them.
You should care. If it isn't running, you have one less thing to worry
about.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
