No, nobody else mentioned it. I slightly threw that out earlier, but I guess I immediately dismissed it for some reason. My thought was that if I was to wrap up nessusd with tcp-wrappers it would prevent packets from making the return trip to the process.
> -----Original Message----- > From: Dion Stempfley [mailto:[EMAIL PROTECTED]] > Sent: Monday, June 24, 2002 3:23 PM > To: 'Darren Young'; Nessus Nessus Mailing List > Subject: RE: Nessus Location > > > Has anyone mentioned the --enable-tcpwrappers compile option? > Seems like a > must for this discussion. > > Dion > > > -----Original Message----- > > From: Darren Young [mailto:[EMAIL PROTECTED]] > > Sent: Monday, June 24, 2002 3:42 PM > > To: Nessus Nessus Mailing List > > Subject: RE: Nessus Location > > > > > > How about the nessus daemon itself. Are there any real > > "gotchas" on having > > it open to the outside? Any precautions that should be taken? > > > > > -----Original Message----- > > > From: David Ford [mailto:[EMAIL PROTECTED]] > > > Sent: Monday, June 24, 2002 2:32 PM > > > To: twig les > > > Cc: Bezalel, Yaakov; Darren Young; Nessus Nessus Mailing List > > > Subject: Re: Nessus Location > > > > > > Isn't that a contradiction in advice since OpenBSD and > > OpenSSH are done > > > by the same group? :) > > > > > > Use *bsd, linux, etc. (Not windoze) > > > > > > twig les wrote: > > > > > > >I hesitate to write this cause I *really* don't want > > > >to start a religous war...but in my experience if you > > > >want it critically secured, build a headless OpenBSD > > > >box that only listens for ssh (and, hence, sftp). > > > >Patch every 3 months or whenever OpenSSH gets hacked > > > >again, problem solved for the most part... > > > > > > > > > >
