> On 20010721.2117, Jacob Meuser said ... > > On Sat, Jul 21, 2001 at 08:21:09PM -0700, Nicole Zimmerman wrote: > > > > > > last i used OpenBSD (2.6) it started portmap and identd by default at > > > > the very least, maybe fingerd too i don't remember for sure. > > > > > > > The difference is, those were not exploitable. > > > > And they are on debian? > > It seems everyone on this list YELLS at people who leave rpc.statd > running. I don't know whether it's exploitable or not, I know > enough to turn it off because I don't use it. I am not talking about > people who know what they are doing. I am talking about new users > who have no practical knowledge of the system. I'm talking about > protecting them from being immediately vulnerable. If people are > running services, they should know how to start and stop them, right?
I'm with you on this one. I ran 'apt-get install apache' because I wanted to run it once to configure Samba via Swat. It irked me that it started apache right away and set it up to start each time I rebooted. Not what I wanted, and I can see your point. I would much rather be running a system that depended on me to check the config before a service started, vulnerability or not. -Rob
