Security Incidents mailing list archives
Re: Lots of rpc.statd probes lately
From: Joseph Nicholas Yarbrough <nyarbrough () LURHQ COM>
Date: Fri, 2 Mar 2001 10:02:53 -0500
Along these same lines, I have what I feel is a slightly better plan. Educate the vendors to not turn on all the services they enable be default. What does the average user need portmap for? What does the average user need rsh or rlogin for? daytime, discard, chargen? Stop the madness! Turn off those services by default and the world will be a much safer place. If a user actually needs one of those services, they will probably have enough knowledge to use them properly, not always but the odds are greater that they will. Also don't advertise what OS or version you're running in every possible banner. We don't need to advertise to the world that this a a Redhat 5.2 box running 2.0.34 on a 486, do we? Picture in your mind a full portscan of an Irix or AIX box. Now tell me, do we really need to enable every single service no to mankind? SNMP, echo, Appletalk Routing?! I hope not. The uneducated users are a symptom. The vendors are the problem. Get the vendors to change their ways about what they enable by default and then worry about educating the uneducated that still have those services enabled.
Lets face it, that will never happen for "server" installs of linux. This is the fault of the stupid people we have running linux these days. Lets say: Distro1: enable rpc/nfsd/etc on boot. Distro2: doesn't User1: runs Distro1... User1: decides to install Distro2... User1: cant get his' smb/nfs/whatever to work... User2: asks User1 which distro to run... User1: says "DONT RUN DISTRO2!! IT SUCKS!!" Therefore, the distro looses market presence outside of the "leeter-than-thow" group of linux users. -Nick
Current thread:
- Lots of rpc.statd probes lately Frank Louwers (Mar 01)
- Re: Lots of rpc.statd probes lately Steve Stearns (Mar 01)
- <Possible follow-ups>
- Re: Lots of rpc.statd probes lately James Paterson (Mar 01)
- Re: Lots of rpc.statd probes lately Justin Shore (Mar 01)
- Re: Lots of rpc.statd probes lately Joseph Nicholas Yarbrough (Mar 02)