[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: red worm amusement

> > last i used OpenBSD (2.6) it started portmap and identd by default at
> > the very least, maybe fingerd too i don't remember for sure.
> >
> The difference is, those were not exploitable. 

And they are on debian?

Turning off services makes an excuse for the real problem -- software
needs to be secure, and people need to make sure they are using software
that is secure. Sysadmins need to keep up with updates no matter what OS
they are administering to make sure their software is secure.

Firewalling services makes the same excuse. "I don't care if my software
is secure because I have a firewall!" ... what happens if your firewall
gets penetrated? What happens if some local user (hard) reboots your box
because they want it to run an NFS server?

If you have secure software, you don't really have to worry about running
those services, do you? 


Reply to: