--On Monday, June 18, 2001 13:48:50 -0400 Noah Meyerhans <noahm@debian.org> wrote:
Why not? You've not given any reason at all. Do you know of any malicious behavior that is made possible by leaving the services turned on? The potential exists to use the chargen feature as a part of a DoS
That's completely the wrong way to look at it. You should be saying, "Do I need this for anything?" If you don't need it, then turn it off.
When you _do_ turn something on, then you need to look into the security risks involved in doing so.
Just because something is there is not a valid reason for running it. You'll save yourself a lot of grief if keep what you have running to a minimum.
If nothing else, a future breakin might be easier to handle if you have fewer things open. You'll be able to zero in on the hole more quickly in most cases.
It's just sound practice to control everything that you can. There will be plenty of things that you will need to leave open without adding more. :-)
Really I'm just playing devil's advocate here. I don't care if they're turned off or not. I've just never seen any evidence that there's any reason for concern over them.
You should care. If it isn't running, you have one less thing to worry about.