Full Disclosure mailing list archives
Re: New Security News Website
From: Paul Schmehl <pauls () utdallas edu>
Date: Mon, 16 Feb 2004 20:34:20 -0600
--On Monday, February 16, 2004 6:21 PM -0800 g0d <g0d () mrplaydoh org> wrote:
That's certainly the conventional wisdom. All I'm saying is that one should not assume that open ports == insecure. Sometimes it doesn't mean that at all. If one takes everything they find on the Internet at face value, one will often be mistaken.on a host running a production website common sense would dictate that *any* non-essential services be turned off, if for no other reason then the fact that having multiple services running makes the host a prime target for attacks. i should think this is even more true when the host is running a website that has been advertised on a mailing list which attracts the specific element of computing society with a bent towards system compromise. while having a test box out there 'in the wild' accumulating data on currently-employed techniques for cracking hosts, methinks that functionality would be better suited to a separate host.
I suspect that you would agree that there's nothing wrong with running multiple services on a "production" box if one has made that decision consciously and intelligently? If so, why assume that the OP has *not* done that? I've already shown evidence that not all the ports are as open as they first appear. Without knowledge of the box, why assume that the OP has insecurely configured the host?
Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: New Security News Website, (continued)
- Re: New Security News Website Gregory A. Gilliss (Feb 16)
- Re: New Security News Website Paul Schmehl (Feb 16)
- Re: New Security News Website Gregory A. Gilliss (Feb 16)
- Re: New Security News Website Valdis . Kletnieks (Feb 16)
- Re: New Security News Website Paul Schmehl (Feb 16)
- Re: New Security News Website Paul Schmehl (Feb 16)
- Re: New Security News Website Paul Schmehl (Feb 16)
- Re: New Security News Website g0d (Feb 16)
- Re: New Security News Website Benjamin Meade (Feb 16)
- Re: New Security News Website Ron DuFresne (Feb 16)
- Re: New Security News Website Paul Schmehl (Feb 17)
- Re: New Security News Website Gregory A. Gilliss (Feb 16)
- Re: New Security News Website Paul Schmehl (Feb 16)