I'm not adding anything new to this thread, only reiterating for those who seem to have missed previous reiterations:
'The more ports you leave open, the greater chance you have of being cracked.' 'If you don't know why you need it, you don't need it.' It seems reasonable that the default installation should try to make itself useful to the average target user. Now, by a show of hands (rather than a string of replies), how many of us have sat down at our newly-installed machines and said "All right, time to get my discard service on! Let's follow that up with a little chargen, while we're at it!" They may be legitimate services with legitimate uses, but are not needed in the normal case, and as such, should not be activated in the default case. The argument below is pretty bad. Have you ever heard of anybody actually getting impaled by holding a sword poised at his belly and walking into grand central station at 5:00pm going "'scuse me, pardon me, 'scuse me, pardon *GGUAGHGH!*"? I sure haven't. So why not do it? Our hypothetical late friend didn't need to be doing it, and he shouldn't have been doing it. ...which brings me to my next point: just because I've never heard of such a ridiculous demise actually occuring doesn't rule out the possibility that it has. And just because you haven't heard of exploits involving these services doesn't mean they haven't been around. Again, a reiteration of wiser words earlier in the thread: "the standard inetd services including discard, echo, sysstat, netstat et al all *have* *had* their known vulnerabilities before now. All long-since patched, but that's not to say there won't be another tomorrow." Vineet * Noah Meyerhans ([EMAIL PROTECTED]) [010618 10:51]: > Why not? You've not given any reason at all. Do you know of any > malicious behavior that is made possible by leaving the services turned > on? The potential exists to use the chargen feature as a part of a DoS > attack, but I've not heard of it ever being used as it's not > particularly effective unless you have many many machines available, and > even then there are much more effective weapons. And what about the > rest of the ports? How are they dangerous? I've never heard of an > exploit involving any of them. > > Really I'm just playing devil's advocate here. I don't care if they're > turned off or not. I've just never seen any evidence that there's any > reason for concern over them. > > noah > > -- > _______________________________________________________ > | Web: http://web.morgul.net/~frodo/ > | PGP Public Key: http://web.morgul.net/~frodo/mail.html >
pgpo1zzoxfxVx.pgp
Description: PGP signature