> > last i used OpenBSD (2.6) it started portmap and identd by default at > > the very least, maybe fingerd too i don't remember for sure. > > > The difference is, those were not exploitable.
And they are on debian? Turning off services makes an excuse for the real problem -- software needs to be secure, and people need to make sure they are using software that is secure. Sysadmins need to keep up with updates no matter what OS they are administering to make sure their software is secure. Firewalling services makes the same excuse. "I don't care if my software is secure because I have a firewall!" ... what happens if your firewall gets penetrated? What happens if some local user (hard) reboots your box because they want it to run an NFS server? If you have secure software, you don't really have to worry about running those services, do you? -nicole
