Re: your mail

To: Peter Cordes <peter@llama.nslug.ns.ca>
Cc: debian-security@lists.debian.org
Subject: Re: your mail
From: Aaron Dewell <acd@woods.net>
Date: Thu, 16 Mar 2000 13:10:50 -0900 (AKST)
Message-id: <[🔎] Pine.GSO.4.10.10003161307540.10352-100000@elm.woods.net>
In-reply-to: <[🔎] 20000316175800.A6767@llama.nslug.ns.ca>

Yes, the best policy is always to disable anything on your machine that
you're not using.  Those you _are_ using, you then filter the crap out of.  

Personally, my workstation-type machines only listen on port 6000 (X), 22
(ssh), and occasionally ftp and tftp if I need them for a specific
purpose.  For my server-type machines, subtract X, then add what services
they are providing, which would then be heavily protected.

On Thu, 16 Mar 2000, Peter Cordes wrote:
>  This isn't specific to identd, but I'm wondering why you would bother
> filtering the port instead of just not running identd?  (I assume you would
> have/do turn off identd in /etc/inetd.conf as well as using doing port
> filtering.)  I've never really understood why people filter all kinds of
> ports on their own machine when the ports are closed anyway.  The only
> advantage I can see is that if someone hits you with a trojan
> something-or-other, the the bad guys won't be able to talk to it if it picks
> a blocked port.  Is this the reason for doing it, or am I missing something?
> 
>  Filtering ports makes sense when you are protecting a bunch of machines,
> especially ones which you don't run directly, but for a machine filtering
> traffic for only itself, it seems like a waste.
> 
>  Thanks,

Reply to:

References:
- Re: your mail
  - From: Peter Cordes <peter@llama.nslug.ns.ca>

Prev by Date: Re: your mail
Next by Date: Re: your mail
Previous by thread: Re: your mail
Next by thread: Re: your mail
Index(es):
- Date
- Thread