Re: red worm amusement
> On 20010721.2117, Jacob Meuser said ...
>
> On Sat, Jul 21, 2001 at 08:21:09PM -0700, Nicole Zimmerman wrote:
> >
> > > > last i used OpenBSD (2.6) it started portmap and identd by default at
> > > > the very least, maybe fingerd too i don't remember for sure.
> > > >
> > > The difference is, those were not exploitable.
> >
> > And they are on debian?
>
> It seems everyone on this list YELLS at people who leave rpc.statd
> running. I don't know whether it's exploitable or not, I know
> enough to turn it off because I don't use it. I am not talking about
> people who know what they are doing. I am talking about new users
> who have no practical knowledge of the system. I'm talking about
> protecting them from being immediately vulnerable. If people are
> running services, they should know how to start and stop them, right?
I'm with you on this one. I ran 'apt-get install apache' because I
wanted to run it once to configure Samba via Swat. It irked me that
it started apache right away and set it up to start each time I
rebooted. Not what I wanted, and I can see your point. I would much
rather be running a system that depended on me to check the config
before a service started, vulnerability or not.
-Rob
Reply to: