Re: rlinetd security
Noah Meyerhans <noahm@debian.org> writes:
> On Mon, Jun 18, 2001 at 06:35:03PM +0100, Tim Haynes wrote:
> > b) they shouldn't be. You'll have to check if they still appear by
> > default
[snip]
>
> Why not? You've not given any reason at all. Do you know of any malicious
> behavior that is made possible by leaving the services turned on?
I don't need to, as my point earlier included `you don't know there won't
be a vulnerability tomorrow'.
But that said, I gather leaking one's timestamp is not a good thing
(leaking *anything* is not really any good). I'm no Kerberos user, but I
heard you can do time-dependent auth in that a given ticket is good until
<whenever>. I wouldn't want someone to know exactly what time my boxes
thought it was.
> The potential exists to use the chargen feature as a part of a DoS
> attack, but I've not heard of it ever being used as it's not particularly
> effective unless you have many many machines available, and even then
> there are much more effective weapons.
<http://www.sans.org/infosecFAQ/malicious/naptha.htm>, btw. Why bother
hooking /dev/{zero,null} onto the net with netcat when you can cause a fair
bit of traffic with standard services that do much the same thing?
> Really I'm just playing devil's advocate here. I don't care if they're
> turned off or not. I've just never seen any evidence that there's any
> reason for concern over them.
There doesn't have to be a reason for concern for you to not want them
available. I don't want anyone so much as fingerprinting my box (given that
nmap relies mostly on TCP responses to guage OS), let alone doing anything
really interesting with it.
~Tim
--
The light of the world keeps shining, |piglet@stirfried.vegetable.org.uk
Bright in the primal glow |http://spodzone.org.uk/
Reply to: