funsec mailing list archives
LIST SECURITY - what's going on here?
From: "Jon O." <jono () networkcommand com>
Date: Tue, 28 Feb 2006 23:47:46 -0800
On 28-Feb-2006, Fergie wrote:
This might not be news to some of you, but I unsubscribed to FD several months ago due to the SN ratio. :-)
Yeah, too bad Gadi kicked Lance from this 'open' list so now we have to use FD to discuss it or get other details ;(. It's unforunate the list isn't as open as the machine hosting it (and the other "high security" lists like DA, MWP, TH-R): [someone sent this over, found it interesting -- is that the default set of open ports on a linux install?] Interesting ports on linuxbox.org (24.155.83.21): (The 1646 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 9/tcp open discard 13/tcp open daytime 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 37/tcp open time 53/tcp open domain 80/tcp open http 110/tcp open pop3 111/tcp open rpcbind 113/tcp open auth 143/tcp open imap 199/tcp open smux 443/tcp open https 587/tcp open submission 617/tcp open sco-dtmgr 993/tcp open imaps MAC Address: 00:E0:80:4C:8F:00 (Control Resources) NO HONETPOTS ON LISTSERVS, mailman is enough if a honetpot itself ;)!! I would be posting more on those other lists, but things like the example above freak me out when we are handling sensitive info. Does anyone actually know Sean Schneyer (tech contact for linuxbox.org)? Can anyone vouch for him? I assume Gadi knows him, but I never asked. Is the linuxbox.org machine admin'd by Sean or Gadi? Can someone clarify -- there were quite a few posts when these lists were started about the list security, talk of PGP list signing, etc. but it seems to have been missed in inetd... BTW, this is truly funny: http://ip.securescience.net/exploits/P1010029.JPG _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- Report: FedEx Kinko's ExpressPay Can Be Exploited For Cash Fergie (Feb 28)
- Re: Report: FedEx Kinko's ExpressPay Can Be Exploited For Cash Drsolly (Feb 28)
- LIST SECURITY - what's going on here? Jon O. (Mar 01)
- Re: [mwp] LIST SECURITY - what's going on here? Gadi Evron (Mar 01)