On Mon, Jun 23, 2003 at 03:59:56PM +0000, Christopher L. Morrow wrote:
On Mon, 23 Jun 2003, Sean Donelan wrote:
http://www.lurhq.com/popup_spam.html
How many ports should ISPs block? People still buy and connect insecure computers to the net.
ISP's could block all ports and save everyone the hassle of having an Internet.... (I am just kidding of course)
Two interesting points though:
1) Spammers adapt 2) default insecure OS installs cause problems
Not new points, but interesting none-the-less. Spammers have adapted quite quickly and readily to almost all 'fixes' imposed by providers and most default OS installs are insecure still after all this time. With notable exceptions most OS installs are still tailored for closed network installs, lots of never to be used ports listening with old versions of daemon's installed :(
I think that many can learn from this. Instead of defaulting with everything enabled, default with the services installed but disabled so they can be easily enabled. This is fairly easy to do and something that has gradually changed in the free UNIX(r) community over the past years. RedHat (for example) no longer enables every possible service by default and requires you to enable these features to protect your machine from being compromised by software you didn't know you had. Not every machine needs to run its own nameserver. While there are some services that are safe(er) to have enabled by default as it improves the usability of the machine, some of these things are just silly to be enabled on consumer (home) machines. I hope all the vendors out there get a clue on this and stop enabling insecure methods of access by default. (eg: telnet) - Jared -- Jared Mauch | pgp key available via finger from jared@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.