Re: rlinetd security

Ted Cabeen wrote: > In other news, the maintainer of netbase is against removing the netbase > dependency on netkit-inetd, but I can't really seem to tell why. I've looked > at his posts on debian-devel and in the BTS, but I haven't found a good > justification for the dependency yet. If anyo

Re: rlinetd security

Ted Cabeen wrote: > In other news, the maintainer of netbase is against removing the netbase > dependency on netkit-inetd, but I can't really seem to tell why. I've looked > at his posts on debian-devel and in the BTS, but I haven't found a good > justification for the dependency yet. If any

Re: rlinetd security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > "Hubert" == Hubert Chan <[EMAIL PROTECTED]> writes: > "Dale" == Dale Southard <[EMAIL PROTECTED]> writes: Dale> Is something like the IRIX or redhat (gasp) `chkconfig` system Dale> worth considering? Hubert> I don't have it installed, so I

Re: rlinetd security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > "Dale" == Dale Southard <[EMAIL PROTECTED]> writes: Dale> Is something like the IRIX or redhat (gasp) `chkconfig` system Dale> worth considering? I don't have it installed, so I can't say for sure, but it seems like the file-rc package (from wo

Re: rlinetd security

>From Dale Southard on Tuesday, 19 June, 2001: >Actually, your version is a little more complex than the IRIX version. >Under IRIX there are seperate files for each service, rather than a >single file with on/off entries for each service. In other words >`echo on > /etc/config/xdm` and `chkconfig

Re: rlinetd security

Actually, your version is a little more complex than the IRIX version. Under IRIX there are seperate files for each service, rather than a single file with on/off entries for each service. In other words `echo on > /etc/config/xdm` and `chkconfig xdm on` do exactly the same thing under IRIX. IR

Re: rlinetd security

>From Dale Southard on Tuesday, 19 June, 2001: Hrm. That could be rather easy to implement. The guaranteed way to see if something's going to be started or not, though, is still /etc/rc?.d If you want to, you can replace them and create an easy script, such as --/sbin/chkdconfig-- #!/bin/

Re: rlinetd security

In message <[EMAIL PROTECTED]>, Dale Southard writes: >[EMAIL PROTECTED] (Sami J. Juvonen) writes: >> What I would really like Debian to do when installing services is to *not* >> start them by default. Just install all the files, but make init scripts >> not run unless edited. > >Is something lik

Re: rlinetd security

Tim Haynes wrote: > FWIW I heard recently[i] that djbdns never needs TCP. Maybe this is by Not exactly. tinydns only uses port 53 udp axfrdns only uses port 53 tcp - you run this if you a) need to allow zone transfers to legacy systems, b) need to serve

Re: rlinetd security

[EMAIL PROTECTED] (Sami J. Juvonen) writes: > > What I would really like Debian to do when installing services is to *not* > start them by default. Just install all the files, but make init scripts > not run unless edited. Is something like the IRIX or redhat (gasp) `chkconfig` system worth con

Re: rlinetd security

>From Pat Moffitt on Tuesday, 19 June, 2001: >> -Original Message- >> From: Joseph Pingenot [mailto:[EMAIL PROTECTED] >> Sent: Tuesday, June 19, 2001 9:54 AM >> To: debian-security@lists.debian.org >> Subject: Re: rlinetd security >[snip] >> While

Re: rlinetd security

[EMAIL PROTECTED] (Sami J. Juvonen) writes: > Tim Haynes <[EMAIL PROTECTED]> writes: > > > "Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: > > > > And let's not forget that plenty enough people don't know all 3 obvious > > commands for finding a process responsible for a given listener, or > > d

Re: rlinetd security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > "Hubert" == Hubert Chan <[EMAIL PROTECTED]> writes: > "Dale" == Dale Southard <[EMAIL PROTECTED]> writes: Dale> Is something like the IRIX or redhat (gasp) `chkconfig` system Dale> worth considering? Hubert> I don't have it installed, so I

Re: rlinetd security

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > "Dale" == Dale Southard <[EMAIL PROTECTED]> writes: Dale> Is something like the IRIX or redhat (gasp) `chkconfig` system Dale> worth considering? I don't have it installed, so I can't say for sure, but it seems like the file-rc package (from w

Re: rlinetd security

Tim Haynes <[EMAIL PROTECTED]> writes: > "Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: > > And let's not forget that plenty enough people don't know all 3 obvious > commands for finding a process responsible for a given listener, or don't > have `head /etc/services` in short-term memory, or why

Re: rlinetd security

> >Can't it just be removed with update-rc.d? > > Sure, of course. You just can't delete it from the system entirely, which is > what I would prefer. Exactly, you can do all kinds of things to make sure it isn't enabled, (I usually add exit 0 to the top of the init script) but not having the so

Re: rlinetd security

>From Dale Southard on Tuesday, 19 June, 2001: >Actually, your version is a little more complex than the IRIX version. >Under IRIX there are seperate files for each service, rather than a >single file with on/off entries for each service. In other words >`echo on > /etc/config/xdm` and `chkconfig

Re: rlinetd security

Actually, your version is a little more complex than the IRIX version. Under IRIX there are seperate files for each service, rather than a single file with on/off entries for each service. In other words `echo on > /etc/config/xdm` and `chkconfig xdm on` do exactly the same thing under IRIX. I

Re: rlinetd security

In message <[EMAIL PROTECTED]>, Quietman writes: >On Tue, Jun 19, 2001 at 01:25:17PM -0500, Ted Cabeen wrote: >> >It's true that uninstalling it (in potato, anyway) is not worth all the >> >effort. But you can definitely disable it. I have "K20inetd" links in >> >all my /etc/rc?.d directories whe

Re: rlinetd security

On Tue, Jun 19, 2001 at 01:25:17PM -0500, Ted Cabeen wrote: > >It's true that uninstalling it (in potato, anyway) is not worth all the > >effort. But you can definitely disable it. I have "K20inetd" links in > >all my /etc/rc?.d directories where I don't want to run inetd. > > Unfortunately, you

Re: rlinetd security

In message <[EMAIL PROTECTED]>, Dale Southard writes: >[EMAIL PROTECTED] (Sami J. Juvonen) writes: >> What I would really like Debian to do when installing services is to *not* >> start them by default. Just install all the files, but make init scripts >> not run unless edited. > >Is something li

Re: rlinetd security

Tim Haynes wrote: > FWIW I heard recently[i] that djbdns never needs TCP. Maybe this is by Not exactly. tinydns only uses port 53 udp axfrdns only uses port 53 tcp - you run this if you a) need to allow zone transfers to legacy systems, b) need to serve

Re: rlinetd security

[EMAIL PROTECTED] (Sami J. Juvonen) writes: > > What I would really like Debian to do when installing services is to *not* > start them by default. Just install all the files, but make init scripts > not run unless edited. Is something like the IRIX or redhat (gasp) `chkconfig` system worth co

Re: rlinetd security

>From Pat Moffitt on Tuesday, 19 June, 2001: >> -Original Message- >> From: Joseph Pingenot [mailto:[EMAIL PROTECTED]] >> Sent: Tuesday, June 19, 2001 9:54 AM >> To: [EMAIL PROTECTED] >> Subject: Re: rlinetd security >[snip] >> While we're at

Re: rlinetd security

In message <[EMAIL PROTECTED]>, "Noah L. Meyerhans" writes: >On Tue, Jun 19, 2001 at 10:47:47AM -0700, Jamie Heilman wrote: >> No, you can't if you're plan is to uninstall inetd, the package structure is >> broken and won't allow it due to $@)!ed up dependancies. I've been trying >> to do it for a

Re: rlinetd security

[EMAIL PROTECTED] (Sami J. Juvonen) writes: > Tim Haynes <[EMAIL PROTECTED]> writes: > > > "Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: > > > > And let's not forget that plenty enough people don't know all 3 obvious > > commands for finding a process responsible for a given listener, or > >

Re: rlinetd security

On Tue, Jun 19, 2001 at 10:47:47AM -0700, Jamie Heilman wrote: > No, you can't if you're plan is to uninstall inetd, the package structure is > broken and won't allow it due to $@)!ed up dependancies. I've been trying > to do it for ages. Then, when I found equivs I danced a jig. Its pretty > mu

Re: rlinetd security

> > I do care. I often disable inetd completely, if the server in question > > doesn't need any of what it offers. > > Interesting thought... I wonder if I can get away with that easily? No, you can't if you're plan is to uninstall inetd, the package structure is broken and won't allow it due t

Re: rlinetd security

On Tue, Jun 19, 2001 at 09:30:56AM -0700, Pat Moffitt wrote: > My real concern is for people like me. I know a lot about computers (over > 20 years of experience). But, I don't have much experience with security. > I don't know a lot about many of the packages in Linux. That's partly why I don't

Re: rlinetd security

In message <[EMAIL PROTECTED]>, Joseph Pingenot writes: >While we're at it, it'd be nice if the packages (on an update) didn't re-enable >themselves if I've disabled them. Inetd should check each of the runlevels to >see if it's currently enabled (/etc/rc?.d). If it's not, it shouldn't make it >s

Re: rlinetd security

>From Pat Moffitt on Tuesday, 19 June, 2001: >> -Original Message- >> From: Noah L. Meyerhans [mailto:[EMAIL PROTECTED] >Doesn't it really depend on the use of the machine and the competency of the >admin? Can (should) options be made for say Firewall, Personal System, >Default or by exper

Re: rlinetd security

In message <[EMAIL PROTECTED]>, Quietman writes: >On Tue, Jun 19, 2001 at 01:25:17PM -0500, Ted Cabeen wrote: >> >It's true that uninstalling it (in potato, anyway) is not worth all the >> >effort. But you can definitely disable it. I have "K20inetd" links in >> >all my /etc/rc?.d directories wh

Re: rlinetd security

On Tue, Jun 19, 2001 at 01:25:17PM -0500, Ted Cabeen wrote: > >It's true that uninstalling it (in potato, anyway) is not worth all the > >effort. But you can definitely disable it. I have "K20inetd" links in > >all my /etc/rc?.d directories where I don't want to run inetd. > > Unfortunately, yo

RE: rlinetd security

Hello Noah > -Original Message- > From: Noah L. Meyerhans [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 19, 2001 7:59 AM > To: Debian Security List > Subject: Re: rlinetd security [snip] > > I do care. I often disable inetd completely, if the server in question

Re: rlinetd security

In message <[EMAIL PROTECTED]>, "Noah L. Meyerhans" writes: >On Tue, Jun 19, 2001 at 10:47:47AM -0700, Jamie Heilman wrote: >> No, you can't if you're plan is to uninstall inetd, the package structure is >> broken and won't allow it due to $@)!ed up dependancies. I've been trying >> to do it for

Re: rlinetd security

On Tue, Jun 19, 2001 at 10:47:47AM -0700, Jamie Heilman wrote: > No, you can't if you're plan is to uninstall inetd, the package structure is > broken and won't allow it due to $@)!ed up dependancies. I've been trying > to do it for ages. Then, when I found equivs I danced a jig. Its pretty > m

Re: rlinetd security

In message <[EMAIL PROTECTED]>, "Noah L. Meyerhans" writes: >I do think it's worth discussing whether the policy should be "on by >default" of "off by default". Not just for the simple services, but for >all services that get installed. Which option leaves more work to be >done by the admin? In

Re: rlinetd security

> > I do care. I often disable inetd completely, if the server in question > > doesn't need any of what it offers. > > Interesting thought... I wonder if I can get away with that easily? No, you can't if you're plan is to uninstall inetd, the package structure is broken and won't allow it due

Re: rlinetd security

"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: [snip] > Personally, I don't care if something is turned on by default or not. If > I need it, and it's on by default, I'll leave it on. If it's not on, I'll > turn it on. If I don't need it I'll turn it off. That's if you remember to check for thes

Re: rlinetd security

On Tue, Jun 19, 2001 at 08:56:51AM -0400, Stuart Krivis wrote: > > Why not? You've not given any reason at all. Do you know of any > > malicious behavior that is made possible by leaving the services turned > > on? The potential exists to use the chargen feature as a part of a DoS > > > That's

Re: rlinetd security

On Tue, Jun 19, 2001 at 09:30:56AM -0700, Pat Moffitt wrote: > My real concern is for people like me. I know a lot about computers (over > 20 years of experience). But, I don't have much experience with security. > I don't know a lot about many of the packages in Linux. That's partly why I don'

Re: rlinetd security

In message <[EMAIL PROTECTED]>, Joseph Pingenot writes: >While we're at it, it'd be nice if the packages (on an update) didn't re-enable >themselves if I've disabled them. Inetd should check each of the runlevels to >see if it's currently enabled (/etc/rc?.d). If it's not, it shouldn't make it >

Re: rlinetd security

>From Pat Moffitt on Tuesday, 19 June, 2001: >> -Original Message- >> From: Noah L. Meyerhans [mailto:[EMAIL PROTECTED]] >Doesn't it really depend on the use of the machine and the competency of the >admin? Can (should) options be made for say Firewall, Personal System, >Default or by exp

RE: rlinetd security

Hello Noah > -Original Message- > From: Noah L. Meyerhans [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, June 19, 2001 7:59 AM > To: Debian Security List > Subject: Re: rlinetd security [snip] > > I do care. I often disable inetd completely, if the server in question

Re: rlinetd security

In message <[EMAIL PROTECTED]>, "Noah L. Meyerhans" writes: >I do think it's worth discussing whether the policy should be "on by >default" of "off by default". Not just for the simple services, but for >all services that get installed. Which option leaves more work to be >done by the admin? In

Re: rlinetd security

--On Monday, June 18, 2001 13:48:50 -0400 Noah Meyerhans <[EMAIL PROTECTED]> wrote: Why not? You've not given any reason at all. Do you know of any malicious behavior that is made possible by leaving the services turned on? The potential exists to use the chargen feature as a part of a Do

Re: rlinetd security

"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: [snip] > Personally, I don't care if something is turned on by default or not. If > I need it, and it's on by default, I'll leave it on. If it's not on, I'll > turn it on. If I don't need it I'll turn it off. That's if you remember to check for the

Re: rlinetd security

--On Monday, June 18, 2001 13:48:50 -0400 Noah Meyerhans <[EMAIL PROTECTED]> wrote: > Why not? You've not given any reason at all. Do you know of any > malicious behavior that is made possible by leaving the services turned > on? The potential exists to use the chargen feature as a part of

Re: rlinetd security

On Mon, Jun 18, 2001 at 04:22:15PM -0800, Ethan Benson wrote: > On Mon, Jun 18, 2001 at 01:48:50PM -0400, Noah Meyerhans wrote: > > > > Why not? You've not given any reason at all. Do you know of any > > malicious behavior that is made possible by leaving the services turned > > on? The potenti

Re: rlinetd security

On Mon, Jun 18, 2001 at 04:22:15PM -0800, Ethan Benson wrote: > On Mon, Jun 18, 2001 at 01:48:50PM -0400, Noah Meyerhans wrote: > > > > Why not? You've not given any reason at all. Do you know of any > > malicious behavior that is made possible by leaving the services turned > > on? The potent

Re: rlinetd security

On Mon, Jun 18, 2001 at 07:15:55PM +0200, Sebastiaan wrote: > I know you are right, but I have become curious now: if everyone says that > you do not need them, then where are they used for? And why are they still > installed by default? All those internal services are for testing/debugging, exce

Re: rlinetd security

On Mon, Jun 18, 2001 at 07:15:55PM +0200, Sebastiaan wrote: > I know you are right, but I have become curious now: if everyone says that > you do not need them, then where are they used for? And why are they still > installed by default? All those internal services are for testing/debugging, exc

Re: rlinetd security

On Mon, Jun 18, 2001 at 01:48:50PM -0400, Noah Meyerhans wrote: > > Why not? You've not given any reason at all. Do you know of any > malicious behavior that is made possible by leaving the services turned > on? The potential exists to use the chargen feature as a part of a DoS > attack, but I'

Re: rlinetd security

On Mon, Jun 18, 2001 at 09:06:07AM -0700, Pat Moffitt wrote: > That makes a lot of assumptions about my (or anyone else) understanding of > the system. For example, I have no clue what discard is used for. So, how > do I know if I have a package installed that will not work properly if I > disabl

Re: rlinetd security

On Mon, Jun 18, 2001 at 01:48:50PM -0400, Noah Meyerhans wrote: > > Why not? You've not given any reason at all. Do you know of any > malicious behavior that is made possible by leaving the services turned > on? The potential exists to use the chargen feature as a part of a DoS > attack, but I

Re: rlinetd security

On Mon, Jun 18, 2001 at 09:06:07AM -0700, Pat Moffitt wrote: > That makes a lot of assumptions about my (or anyone else) understanding of > the system. For example, I have no clue what discard is used for. So, how > do I know if I have a package installed that will not work properly if I > disab

Re: rlinetd security

[EMAIL PROTECTED] (Martin Maney) writes: > On Mon, Jun 18, 2001 at 08:34:11PM +0100, Tim Haynes wrote: > > > Well, it depends. You can never tidy up a rooted box; the same > > mentality sort of applies all the way down - if you're setting up a > > box, why worry about installing this and uninstall

Re: rlinetd security

On Mon, Jun 18, 2001 at 08:34:11PM +0100, Tim Haynes wrote: > Well, it depends. You can never tidy up a rooted box; the same mentality > sort of applies all the way down - if you're setting up a box, why worry > about installing this and uninstalling that, when your original > installation shouldn'

Re: rlinetd security

"Pat Moffitt" <[EMAIL PROTECTED]> writes: [snip] > Now that answers some questions. Much better. At least when I turn them > off I will have a clue about what might break. > > BTW, my philosophy on disabling unknown services/ports has been to > disable it and see if anything breaks. If something

Re: rlinetd security

"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: [snip] > > , btw. Why bother > > hooking /dev/{zero,null} onto the net with netcat when you can cause a fair > > bit of traffic with standard services that do much the same thing? > > Yes, but you

Re: rlinetd security

"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 11:08:49AM -0700, Vineet Kumar wrote: > > > The argument below is pretty bad. Have you ever heard of anybody > > actually getting impaled by holding a sword poised at his belly and > > walking into grand central station at 5

RE: rlinetd security

> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf > Of Tim Haynes > Sent: Monday, June 18, 2001 10:35 AM > To: Sebastiaan > Cc: Tim Haynes; [EMAIL PROTECTED]; debian-security@lists.debian.org > Subject: Re: rlinetd security > > >

Re: rlinetd security

On Mon, Jun 18, 2001 at 07:25:37PM +0100, Tim Haynes wrote: > But that said, I gather leaking one's timestamp is not a good thing > (leaking *anything* is not really any good). I'm no Kerberos user, but I > heard you can do time-dependent auth in that a given ticket is good until > . I wouldn't wan

Re: rlinetd security

On Mon, Jun 18, 2001 at 11:08:49AM -0700, Vineet Kumar wrote: > The argument below is pretty bad. Have you ever heard of anybody > actually getting impaled by holding a sword poised at his belly and > walking into grand central station at 5:00pm going "'scuse me, pardon > me, 'scuse me, pardon *GGU

Re: rlinetd security

Noah Meyerhans <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 06:35:03PM +0100, Tim Haynes wrote: > > b) they shouldn't be. You'll have to check if they still appear by > > default [snip] > > Why not? You've not given any reason at all. Do you know of any malicious > behavior that is made

Re: rlinetd security

[EMAIL PROTECTED] (Martin Maney) writes: > On Mon, Jun 18, 2001 at 08:34:11PM +0100, Tim Haynes wrote: > > > Well, it depends. You can never tidy up a rooted box; the same > > mentality sort of applies all the way down - if you're setting up a > > box, why worry about installing this and uninstal

Re: rlinetd security

On Mon, Jun 18, 2001 at 08:34:11PM +0100, Tim Haynes wrote: > Well, it depends. You can never tidy up a rooted box; the same mentality > sort of applies all the way down - if you're setting up a box, why worry > about installing this and uninstalling that, when your original > installation shouldn

Re: rlinetd security

I'm not adding anything new to this thread, only reiterating for those who seem to have missed previous reiterations: 'The more ports you leave open, the greater chance you have of being cracked.' 'If you don't know why you need it, you don't need it.' It seems reasonable that the default instal

Re: rlinetd security

On Mon, Jun 18, 2001 at 06:35:03PM +0100, Tim Haynes wrote: > b) they shouldn't be. You'll have to check if they still appear by default > in unstable; I should hope they don't. (There's been discussion of this > before if you trawl some archives somewhere.) It's possible to use them all > legitima

Re: rlinetd security

Sebastiaan <[EMAIL PROTECTED]> writes: [snip] > > Again, if you don't know why you need it, you don't need it. > > I know you are right, but I have become curious now: if everyone says > that you do not need them, then where are they used for? And why are they > still installed by default? Good q

Re: rlinetd security

"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: [snip] > > , btw. Why bother > > hooking /dev/{zero,null} onto the net with netcat when you can cause a fair > > bit of traffic with standard services that do much the same thing? > > Yes, but yo

Re: rlinetd security

On 18 Jun 2001, Tim Haynes wrote: > "Pat Moffitt" <[EMAIL PROTECTED]> writes: > > > That makes a lot of assumptions about my (or anyone else) understanding > > of the system. For example, I have no clue what discard is used for. So, > > how do I know if I have a package installed that will not wo

Re: rlinetd security

"Noah L. Meyerhans" <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 11:08:49AM -0700, Vineet Kumar wrote: > > > The argument below is pretty bad. Have you ever heard of anybody > > actually getting impaled by holding a sword poised at his belly and > > walking into grand central station at

RE: rlinetd security

> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf > Of Tim Haynes > Sent: Monday, June 18, 2001 10:35 AM > To: Sebastiaan > Cc: Tim Haynes; [EMAIL PROTECTED]; [EMAIL PROTECTED] > Subject: Re: rlinetd security > > > Sebasti

Re: rlinetd security

On Mon, Jun 18, 2001 at 07:25:37PM +0100, Tim Haynes wrote: > But that said, I gather leaking one's timestamp is not a good thing > (leaking *anything* is not really any good). I'm no Kerberos user, but I > heard you can do time-dependent auth in that a given ticket is good until > . I wouldn't wa

Re: rlinetd security

On Mon, Jun 18, 2001 at 11:08:49AM -0700, Vineet Kumar wrote: > The argument below is pretty bad. Have you ever heard of anybody > actually getting impaled by holding a sword poised at his belly and > walking into grand central station at 5:00pm going "'scuse me, pardon > me, 'scuse me, pardon *GG

Re: rlinetd security

"Pat Moffitt" <[EMAIL PROTECTED]> writes: > That makes a lot of assumptions about my (or anyone else) understanding > of the system. For example, I have no clue what discard is used for. So, > how do I know if I have a package installed that will not work properly > if I disable that port. Yes, I

Re: rlinetd security

Noah Meyerhans <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 06:35:03PM +0100, Tim Haynes wrote: > > b) they shouldn't be. You'll have to check if they still appear by > > default [snip] > > Why not? You've not given any reason at all. Do you know of any malicious > behavior that is made

RE: rlinetd security

onday, June 18, 2001 1:57 AM > To: debian-security@lists.debian.org > Subject: Re: rlinetd security > > > On Mon, Jun 18, 2001 at 10:53:06AM +0200, Sebastiaan wrote: > > Yes, that is a good question. I do not know where most of them are used > > for, but because they are a

Re: rlinetd security

I'm not adding anything new to this thread, only reiterating for those who seem to have missed previous reiterations: 'The more ports you leave open, the greater chance you have of being cracked.' 'If you don't know why you need it, you don't need it.' It seems reasonable that the default insta

Re: rlinetd security

On Mon, Jun 18, 2001 at 06:35:03PM +0100, Tim Haynes wrote: > b) they shouldn't be. You'll have to check if they still appear by default > in unstable; I should hope they don't. (There's been discussion of this > before if you trawl some archives somewhere.) It's possible to use them all > legitim

Re: rlinetd security

Sebastiaan <[EMAIL PROTECTED]> writes: [snip] > > Again, if you don't know why you need it, you don't need it. > > I know you are right, but I have become curious now: if everyone says > that you do not need them, then where are they used for? And why are they > still installed by default? Good

Re: rlinetd security

On 18 Jun 2001, Tim Haynes wrote: > "Pat Moffitt" <[EMAIL PROTECTED]> writes: > > > That makes a lot of assumptions about my (or anyone else) understanding > > of the system. For example, I have no clue what discard is used for. So, > > how do I know if I have a package installed that will not w

Re: rlinetd security

"Pat Moffitt" <[EMAIL PROTECTED]> writes: > That makes a lot of assumptions about my (or anyone else) understanding > of the system. For example, I have no clue what discard is used for. So, > how do I know if I have a package installed that will not work properly > if I disable that port. Yes, I

RE: rlinetd security

onday, June 18, 2001 1:57 AM > To: [EMAIL PROTECTED] > Subject: Re: rlinetd security > > > On Mon, Jun 18, 2001 at 10:53:06AM +0200, Sebastiaan wrote: > > Yes, that is a good question. I do not know where most of them are used > > for, but because they are always installed

Re: rlinetd security

Ethan Benson <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 10:53:06AM +0200, Sebastiaan wrote: > > Yes, that is a good question. I do not know where most of them are used > > for, but because they are always installed, I assumed that these are > > needed for correct system operation. But e

Re: rlinetd security

On Mon, Jun 18, 2001 at 10:53:06AM +0200, Sebastiaan wrote: > Yes, that is a good question. I do not know where most of them are used > for, but because they are always installed, I assumed that these are > needed for correct system operation. But even if I would disable these > ports, I still want

Re: rlinetd security

On Mon, 18 Jun 2001, Ethan Benson wrote: > On Mon, Jun 18, 2001 at 09:21:56AM +0200, Sebastiaan wrote: > > Hello, > > > > I found out that rlinetd seems like a great replacement for inetd, because > > it lets you choose which services may be available for the outside world > > and which only for

Re: rlinetd security

On Mon, Jun 18, 2001 at 09:21:56AM +0200, Sebastiaan wrote: > Hello, > > I found out that rlinetd seems like a great replacement for inetd, because > it lets you choose which services may be available for the outside world > and which only for the inner network. So, standard services like echo, >

Re: rlinetd security

Jason Thomas <[EMAIL PROTECTED]> writes upside-down: > this stuff can also be controlled using hosts.deny and hosts.allow. so > then any inetd prog will do! No it can't. There's a difference between not listening on the interface at all, and filtering it out by allowing them to connect to the por

Re: rlinetd security

this stuff can also be controlled using hosts.deny and hosts.allow. so then any inetd prog will do! On Mon, Jun 18, 2001 at 09:21:56AM +0200, Sebastiaan wrote: > Hello, > > I found out that rlinetd seems like a great replacement for inetd, because > it lets you choose which services may be availa

Re: rlinetd security

Ethan Benson <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 10:53:06AM +0200, Sebastiaan wrote: > > Yes, that is a good question. I do not know where most of them are used > > for, but because they are always installed, I assumed that these are > > needed for correct system operation. But

Re: rlinetd security

On Mon, Jun 18, 2001 at 10:53:06AM +0200, Sebastiaan wrote: > Yes, that is a good question. I do not know where most of them are used > for, but because they are always installed, I assumed that these are > needed for correct system operation. But even if I would disable these > ports, I still wan

Re: rlinetd security

On Mon, 18 Jun 2001, Ethan Benson wrote: > On Mon, Jun 18, 2001 at 09:21:56AM +0200, Sebastiaan wrote: > > Hello, > > > > I found out that rlinetd seems like a great replacement for inetd, because > > it lets you choose which services may be available for the outside world > > and which only for

Re: rlinetd security

On Mon, Jun 18, 2001 at 09:21:56AM +0200, Sebastiaan wrote: > Hello, > > I found out that rlinetd seems like a great replacement for inetd, because > it lets you choose which services may be available for the outside world > and which only for the inner network. So, standard services like echo, >

Re: rlinetd security

Jason Thomas <[EMAIL PROTECTED]> writes upside-down: > this stuff can also be controlled using hosts.deny and hosts.allow. so > then any inetd prog will do! No it can't. There's a difference between not listening on the interface at all, and filtering it out by allowing them to connect to the po

Re: rlinetd security

this stuff can also be controlled using hosts.deny and hosts.allow. so then any inetd prog will do! On Mon, Jun 18, 2001 at 09:21:56AM +0200, Sebastiaan wrote: > Hello, > > I found out that rlinetd seems like a great replacement for inetd, because > it lets you choose which services may be avail