Re: Open ports on FC2

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Am So, den 25.07.2004 schrieb Kostas Sfakiotakis um 22:33:

> By the way isn't FC2 supposed to have telnet disabled by default
>   ( I have FC 1 ), for the very reason that Alexander Dalloz suggested 
> the use of  ssh ?

Yes, telnet (as a server) is obsolete and should be avoided under any
circumstances. It's insecurity by design is the reason why the
telnet-server is not installed by default.

> A final note for Alexander Dalloz , could you please provide me the
> title of the thread that was discussing the issues between DROP and
> REJECT that you mentioned on your posting of 24/07/2004 11:30 PM
> ( Am on GMT+2  so there might be a variation on the original time
> you sent it , but 11:30 PM is the time that Mozilla gives )

The thread I had in mind had the subject "NTP, ntpdate, and ISP-based
firewall" and did start Wed, 03 Mar 2004 16:46:36 -0500. DROP vs. REJECT
strategy was not that starting point of the thread, it came up within
the discussion.

> And if it's not a real pain could you please explain a bit more that
> "security by obscurity" you said in regard to blocking the icmp echo
> request ?

http://slashdot.org/features/980720/0819202.shtml
http://en.wikipedia.org/wiki/Security_by_obscurity

2 links which explain the term "security by obscurity" and some
backgrounds in a general way.

What I meant in especial when it comes to suppress ICMP echo requests is
that people think they can camouflage or make their system invisible for
others on the net. But this is not the case because if there is really
no host, then the sender gets by the router an ICMP destination
unreachable back. So someone on the net inspecting your address will
find that there is a host which tries to hide and makes it certainly
more attractive for the "enemy", because it shows that the admin tries
to cover something with inadequate settings.

> Kostas

Hope that helps a bit.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.6-1.435.2.3.ad.umlsmp 
Serendipity 00:36:42 up 3 days, 9:24, load average: 0.89, 0.43, 0.40

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux