Full Disclosure mailing list archives
Re: New Security News Website
From: g0d <g0d () mrplaydoh org>
Date: Mon, 16 Feb 2004 18:21:56 -0800
On Mon, 2004-02-16 at 15:28, Paul Schmehl wrote:
--On Monday, February 16, 2004 1:49 PM -0800 "Gregory A. Gilliss" <ggilliss () netpublishing com> wrote:You're kidding, right? Me thinks you *need* some hacker intel!So you think a simple nmap scan is sufficient to determine if a host is insecure? Interesting. If you scanned my Windows XP boxes, you'd find a bunch of juicy ports open. What you wouldn't find is a hackable daemon. All the open ports feed a program that captures the packets for analysis later. The boxes are running no Internet-addressable services. Yet, from an nmap scan you might (wrongly) assume that those boxes were grossly insecure. This is the Internet. Things are not always what they seem. And open ports don't always mean negligence.
on a host running a production website common sense would dictate that *any* non-essential services be turned off, if for no other reason then the fact that having multiple services running makes the host a prime target for attacks. i should think this is even more true when the host is running a website that has been advertised on a mailing list which attracts the specific element of computing society with a bent towards system compromise. while having a test box out there 'in the wild' accumulating data on currently-employed techniques for cracking hosts, methinks that functionality would be better suited to a separate host. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New Security News Website Pr0 Curve (Feb 16)
- Re: New Security News Website Gregory A. Gilliss (Feb 16)
- Re: New Security News Website Paul Schmehl (Feb 16)
- Re: New Security News Website Gregory A. Gilliss (Feb 16)
- Re: New Security News Website Valdis . Kletnieks (Feb 16)
- Re: New Security News Website Paul Schmehl (Feb 16)
- Re: New Security News Website Paul Schmehl (Feb 16)
- Re: New Security News Website Paul Schmehl (Feb 16)
- Re: New Security News Website g0d (Feb 16)
- Re: New Security News Website Benjamin Meade (Feb 16)
- Re: New Security News Website Ron DuFresne (Feb 16)
- Re: New Security News Website Paul Schmehl (Feb 17)
- Re: New Security News Website Gregory A. Gilliss (Feb 16)
- Re: New Security News Website Paul Schmehl (Feb 16)
- <Possible follow-ups>
- Re: New Security News Website Pr0 Curve (Feb 18)