Noah Meyerhans <[EMAIL PROTECTED]> writes:

> On Mon, Jun 18, 2001 at 06:35:03PM +0100, Tim Haynes wrote:
> > b) they shouldn't be. You'll have to check if they still appear by
> > default
> Why not? You've not given any reason at all. Do you know of any malicious
> behavior that is made possible by leaving the services turned on? 

I don't need to, as my point earlier included `you don't know there won't
be a vulnerability tomorrow'.

But that said, I gather leaking one's timestamp is not a good thing
(leaking *anything* is not really any good). I'm no Kerberos user, but I
heard you can do time-dependent auth in that a given ticket is good until
<whenever>. I wouldn't want someone to know exactly what time my boxes
thought it was.

> The potential exists to use the chargen feature as a part of a DoS
> attack, but I've not heard of it ever being used as it's not particularly
> effective unless you have many many machines available, and even then
> there are much more effective weapons.

<>, btw. Why bother
hooking /dev/{zero,null} onto the net with netcat when you can cause a fair
bit of traffic with standard services that do much the same thing?

> Really I'm just playing devil's advocate here. I don't care if they're
> turned off or not. I've just never seen any evidence that there's any
> reason for concern over them.

There doesn't have to be a reason for concern for you to not want them
available. I don't want anyone so much as fingerprinting my box (given that
nmap relies mostly on TCP responses to guage OS), let alone doing anything
really interesting with it.

The light of the world keeps shining,       |[EMAIL PROTECTED]
Bright in the primal glow                   |

Reply via email to