lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <046e01c2c94e$987917a0$c71121c2@sharpuk.co.uk>
From: DaveHowe at cmn.sharp-uk.co.uk (David Howe)
Subject: The worm author finally revealed!

at Friday, January 31, 2003 3:55 PM, Paul Schmehl <pauls@...allas.edu>
> Firewall?  DMZ?  What makes you think everybody has those?
Its about $40 for a personal firewall; Windows 2K and above come as
standard with one installed anyhow. Even if this won't give you a DMZ,
it at least gives you local port filtering. Why allow access to anything
other than the required ports?  Its your server and if it gets
compromised its your problem. Use the available tools to expose just the
ports you use and no others (unix admins seem to have no problems with
this concept - why do windows admins seem to go for "do a full install
and give it whatever access it wants"?)

> How 'bout
> an even more esoteric question?  Why do the tier 1 providers (like
> UUNET) allow traffic on port 1434???
because there is no reason to block it.
1434 is not a special port in the standard lists - it can't be, as only
ports under 1024 are reserved by default. Therefore, the 410th port
opened by $random_subscriber will be on 1434 and blocking it would cause
a awkward to trace error. Second, some of their customers will *want*
that port open - you can virtually guarantee it - why make extra work
just to lose customers? Finally, the same argument would be presented as
is used for why ISPs don't filter out 1918 addresses - the second you
start doing *any* filtering on a router, it slows down the router and
therefore increases the spec of router needed to handle that traffic at
line speed. You could make a *much* better case to block martians and
spoofs than to block arbitary services.



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ