Noah Meyerhans <[EMAIL PROTECTED]> writes: > On Mon, Jun 18, 2001 at 06:35:03PM +0100, Tim Haynes wrote: > > b) they shouldn't be. You'll have to check if they still appear by > > default [snip] > > Why not? You've not given any reason at all. Do you know of any malicious > behavior that is made possible by leaving the services turned on?
I don't need to, as my point earlier included `you don't know there won't be a vulnerability tomorrow'. But that said, I gather leaking one's timestamp is not a good thing (leaking *anything* is not really any good). I'm no Kerberos user, but I heard you can do time-dependent auth in that a given ticket is good until <whenever>. I wouldn't want someone to know exactly what time my boxes thought it was. > The potential exists to use the chargen feature as a part of a DoS > attack, but I've not heard of it ever being used as it's not particularly > effective unless you have many many machines available, and even then > there are much more effective weapons. <http://www.sans.org/infosecFAQ/malicious/naptha.htm>, btw. Why bother hooking /dev/{zero,null} onto the net with netcat when you can cause a fair bit of traffic with standard services that do much the same thing? > Really I'm just playing devil's advocate here. I don't care if they're > turned off or not. I've just never seen any evidence that there's any > reason for concern over them. There doesn't have to be a reason for concern for you to not want them available. I don't want anyone so much as fingerprinting my box (given that nmap relies mostly on TCP responses to guage OS), let alone doing anything really interesting with it. ~Tim -- The light of the world keeps shining, |[EMAIL PROTECTED] Bright in the primal glow |http://spodzone.org.uk/
