Open ports on FC2
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Sun Jul 25 22:58:28 UTC 2004
Am So, den 25.07.2004 schrieb Kostas Sfakiotakis um 22:33:
> By the way isn't FC2 supposed to have telnet disabled by default
> ( I have FC 1 ), for the very reason that Alexander Dalloz suggested
> the use of ssh ?
Yes, telnet (as a server) is obsolete and should be avoided under any
circumstances. It's insecurity by design is the reason why the
telnet-server is not installed by default.
> A final note for Alexander Dalloz , could you please provide me the
> title of the thread that was discussing the issues between DROP and
> REJECT that you mentioned on your posting of 24/07/2004 11:30 PM
> ( Am on GMT+2 so there might be a variation on the original time
> you sent it , but 11:30 PM is the time that Mozilla gives )
The thread I had in mind had the subject "NTP, ntpdate, and ISP-based
firewall" and did start Wed, 03 Mar 2004 16:46:36 -0500. DROP vs. REJECT
strategy was not that starting point of the thread, it came up within
the discussion.
> And if it's not a real pain could you please explain a bit more that
> "security by obscurity" you said in regard to blocking the icmp echo
> request ?
http://slashdot.org/features/980720/0819202.shtml
http://en.wikipedia.org/wiki/Security_by_obscurity
2 links which explain the term "security by obscurity" and some
backgrounds in a general way.
What I meant in especial when it comes to suppress ICMP echo requests is
that people think they can camouflage or make their system invisible for
others on the net. But this is not the case because if there is really
no host, then the sender gets by the router an ICMP destination
unreachable back. So someone on the net inspecting your address will
find that there is a host which tries to hide and makes it certainly
more attractive for the "enemy", because it shows that the admin tries
to cover something with inadequate settings.
> Kostas
Hope that helps a bit.
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp
Serendipity 00:36:42 up 3 days, 9:24, load average: 0.89, 0.43, 0.40
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20040726/ccecad43/attachment-0002.bin
More information about the users
mailing list