lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <Pine.NEB.4.55.0307171600030.1509@panix2.panix.com>
From: jays at panix.com (Jay Sulzberger)
Subject: Odd Behavior - Windows Messenger Service


On Thu, 17 Jul 2003, Neil McKellar wrote:

> Schmehl, Paul L wrote:
> > But, back to your original complaint, which was that remote services
> > should not be available until you login to the console.....I'm willing
> > to bet that *many* people who use *nix as a workstation, *even at home*,
> > allow *at least* ssh sessions remotely.  And there are KaZaA lovers
> > worldwide who are offering remote access to files, on numerous Oses,
> > even when they're not at home and logged in.
>
> I was wondering about this as well.  Even if you don't run a local FTP,
> HTTP, NFS, SMB, SSH, or other service on your local Linux workstation,
> you're guaranteed to be bringing up parts of the system to talk to the
> network during the boot process.  Chances are you're broadcasting for
> DHCP.  If you're a thin-client, you may be asking for tftp or bootp even
> before that.  If you're running a virus scanner, it may be starting in
> the background, downloading updates automatically from a central server
> and scanning files.  If you've got NIS, ADS, or Kerberos or something
> running, you may be hooking into local authentication systems.  These
> things are all true for Windows workstations and Mac workstations, too.
>
> All these things require network connectivity, imply levels of trust
> with services inside the local network, and may be vulnerable to
> spoofing locally.  Even the order in which these things become available
> may result in greater or lesser exposure.
>
> You don't want your workstations talking to the network or running local
> services with network connectivity before the user logs in?  Well, when
> is it renewing the DHCP lease?  How are you remotely pushing software
> updates or virus updates to those 1,000+ users?  How are you remotely
> administering the workstation at all?  How are you running backups over
> the network, if you need to do such things?
>
> If you need complete lockdown on all these things, then this is no
> normal workstation and shouldn't be treated as such.  Don't be surprised
> if the default install isn't fulfilling your needs.
> --
> Neil (mckellar@...usplanet.net)

Out of the box, the default should be that no network services are started
at boot without human command transmitted via local hardware.  This may be
seen from even the first, even the most crude and blunt, cost benefit
analysis.

oo--JS.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ