lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
From: pauls at utdallas.edu (Schmehl, Paul L)
Subject: SQL Slammer - lessons learned

All this is well and good, but I have a really hard time understanding
why we need to route insecure networking protocols such as NetBIOS,
CIFS, NFS or NIS across the Internet.  Just closing those ports would do
a world of good for the Internet as a whole, and who in the world would
it hurt?

If you really seriously need to mount drives from a remote network, you
can do it through a secure tunnel (SSH, VPN), which would not be blocked
by blocking those ports.  If the Internet is going to survive in any
viable fashion, we have to come to our senses when it comes to allowable
services.  The uncontrolled access to networking services on home
computers and poorly secured commercial networks is the root cause
behind a lot of the problems that exist on the Internet today - worms,
virus, trojans, etc.  Ports 139 and 445, *at a minimum*, should be
closed (to the outside) on every network in the world.

Are you really willing to demand your "freedom" in the face of the
overwhelming odds that leaving those ports open will do more harm than
good?

Paul Schmehl (pauls@...allas.edu)
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/~pauls/
AVIEN Founding Member 


-----Original Message-----
From: yossarian [mailto:yossarian@...net.nl] 
Sent: Sunday, February 09, 2003 12:52 PM
To: Steffen Dettmer; full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] SQL Slammer - lessons learned


My question - must my ISP know all types of traffic legit to me, in
order to service me? And change the rulesets if I update some software?
Or should I apply this knowledge to set up a firewall that suits my own
needs? My ISP can not setup a FW that suits me 100%, since it has other
companies / customers with different needs on the same local loop. So
even if my ISP were to block most of the dangerous traffic, I still
would need a FW, since it cannot block all. And since an ISP must make
profit, having them doing MY firewall be probably be a lot more
expensive than if I do it myself.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ