[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: rlinetd security

I'm not adding anything new to this thread, only reiterating for those
who seem to have missed previous reiterations:

'The more ports you leave open, the greater chance you have of being

'If you don't know why you need it, you don't need it.'

It seems reasonable that the default installation should try to make
itself useful to the average target user. Now, by a show of hands
(rather than a string of replies), how many of us have sat down at our
newly-installed machines and said "All right, time to get my discard
service on! Let's follow that up with a little chargen, while we're at
it!" They may be legitimate services with legitimate uses, but are not
needed in the normal case, and as such, should not be activated in the
default case.

The argument below is pretty bad. Have you ever heard of anybody
actually getting impaled by holding a sword poised at his belly and
walking into grand central station at 5:00pm going "'scuse me, pardon
me, 'scuse me, pardon *GGUAGHGH!*"? I sure haven't. So why not do it?
Our hypothetical late friend didn't need to be doing it, and he
shouldn't have been doing it. 

...which brings me to my next point: just because I've never heard of
such a ridiculous demise actually occuring doesn't rule out the
possibility that it has. And just because you haven't heard of
exploits involving these services doesn't mean they haven't been
around. Again, a reiteration of wiser words earlier in the thread:

"the standard inetd services including discard, echo, sysstat,
netstat et al all *have* *had* their known vulnerabilities before now.
All long-since patched, but that's not to say there won't be another


* Noah Meyerhans (noahm@debian.org) [010618 10:51]:
> Why not?  You've not given any reason at all.  Do you know of any
> malicious behavior that is made possible by leaving the services turned
> on?  The potential exists to use the chargen feature as a part of a DoS
> attack, but I've not heard of it ever being used as it's not
> particularly effective unless you have many many machines available, and
> even then there are much more effective weapons.  And what about the
> rest of the ports?  How are they dangerous?  I've never heard of an
> exploit involving any of them.
> Really I'm just playing devil's advocate here.  I don't care if they're
> turned off or not.  I've just never seen any evidence that there's any
> reason for concern over them.
> noah
> -- 
>  _______________________________________________________
> | Web: http://web.morgul.net/~frodo/
> | PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpplWl7m_qEf.pgp
Description: PGP signature

Reply to: