[Dshield] You can't be too paranoid...

Coxe, John B. JOHN.B.COXE at saic.com
Thu Mar 6 22:33:30 GMT 2003


Absolutely.  Certainly, if one installs RedHat (or others) and disables
unused services, they should also configure some of the built-in firewalling
(ipchains, ...) to limit port access.  But even if you are behind a firewall
or run local firewalling, probes still reach the interface and need to be
responded to; the difference is they can be chosen to drop or reject.
Usually that is not a big deal, at least not that I would expect 90% CPU
consumption from it.  Now if you really want to see fireworks, set a
honeypot that listens on all ports up on a residential broadband connection.
The bees swarm in no time and you can watch their activities like they are
the 21st century lava lamp.

The biggest problems IMO with regard to system security are:

(1) Opting for default configured services or (worse) choosing to enable all
possible services, as if you need to get your money's worth.  (That goes for
seasoned UNIX admins too.  How many turn on things like font services at
install without a clue as to what they are?  ...not to mention all the
portmap/111 rpc stuff.)

(2) Not keeping up with system and application patches.  There is ABSOLUTELY
no excuse for Code Red being out there still.  That is a good measure of
netizen irresponsibility.


Also:

Following opt-out instructions from spam, which invariably updates your
profile as an active email account.




More information about the list mailing list