Re: red worm amusement

To: Jacob Meuser <jakemsr@clipper.net>
Cc: debian-security@lists.debian.org
Subject: Re: red worm amusement
From: Nicole Zimmerman <colby@wsu.edu>
Date: Sat, 21 Jul 2001 20:21:09 -0700 (PDT)
Message-id: <[🔎] Pine.OSF.4.10.10107212016590.16959-100000@unicorn.it.wsu.edu>
In-reply-to: <[🔎] 20010721182700.A19667@funk.meus0002.clipper.net>

> > last i used OpenBSD (2.6) it started portmap and identd by default at
> > the very least, maybe fingerd too i don't remember for sure.
> >
> The difference is, those were not exploitable. 

And they are on debian?

Turning off services makes an excuse for the real problem -- software
needs to be secure, and people need to make sure they are using software
that is secure. Sysadmins need to keep up with updates no matter what OS
they are administering to make sure their software is secure.

Firewalling services makes the same excuse. "I don't care if my software
is secure because I have a firewall!" ... what happens if your firewall
gets penetrated? What happens if some local user (hard) reboots your box
because they want it to run an NFS server?

If you have secure software, you don't really have to worry about running
those services, do you? 

-nicole

Reply to:

Follow-Ups:
- Re: red worm amusement
  - From: Sam Couter <sam@topic.com.au>
- Re: red worm amusement
  - From: Jacob Meuser <jakemsr@clipper.net>

References:
- Re: red worm amusement
  - From: Jacob Meuser <jakemsr@clipper.net>

Prev by Date: Re: red worm amusement
Next by Date: Re: red worm amusement
Previous by thread: Re: red worm amusement
Next by thread: Re: red worm amusement
Index(es):
- Date
- Thread