Re: Odd Behavior - Windows Messenger Service

[Jay Sulzberger <jays () panix com>]

On Thu, 17 Jul 2003, Neil McKellar wrote:

> Schmehl, Paul L wrote:
> > But, back to your original complaint, which was that remote services
> > should not be available until you login to the console.....I'm willing
> > to bet that *many* people who use *nix as a workstation, *even at home*,
> > allow *at least* ssh sessions remotely.  And there are KaZaA lovers
> > worldwide who are offering remote access to files, on numerous Oses,
> > even when they're not at home and logged in.
>
> I was wondering about this as well.  Even if you don't run a local FTP,
> HTTP, NFS, SMB, SSH, or other service on your local Linux workstation,
> you're guaranteed to be bringing up parts of the system to talk to the
> network during the boot process.  Chances are you're broadcasting for
> DHCP.  If you're a thin-client, you may be asking for tftp or bootp even
> before that.  If you're running a virus scanner, it may be starting in
> the background, downloading updates automatically from a central server
> and scanning files.  If you've got NIS, ADS, or Kerberos or something
> running, you may be hooking into local authentication systems.  These
> things are all true for Windows workstations and Mac workstations, too.
>
> All these things require network connectivity, imply levels of trust
> with services inside the local network, and may be vulnerable to
> spoofing locally.  Even the order in which these things become available
> may result in greater or lesser exposure.
>
> You don't want your workstations talking to the network or running local
> services with network connectivity before the user logs in?  Well, when
> is it renewing the DHCP lease?  How are you remotely pushing software
> updates or virus updates to those 1,000+ users?  How are you remotely
> administering the workstation at all?  How are you running backups over
> the network, if you need to do such things?
>
> If you need complete lockdown on all these things, then this is no
> normal workstation and shouldn't be treated as such.  Don't be surprised
> if the default install isn't fulfilling your needs.
> --
> Neil (mckellar () telusplanet net)

Out of the box, the default should be that no network services are started
at boot without human command transmitted via local hardware.  This may be
seen from even the first, even the most crude and blunt, cost benefit
analysis.

oo--JS.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html