[89752] in North American Network Operators' Group
Re: OT: Xen
daemon@ATHENA.MIT.EDU (Christopher L. Morrow)
Tue Apr 4 00:57:53 2006
Date: Tue, 04 Apr 2006 04:57:12 +0000 (GMT)
From: "Christopher L. Morrow" <christopher.morrow@verizonbusiness.com>
In-reply-to: <200604040449.k344nq90009584@turing-police.cc.vt.edu>
To: Valdis.Kletnieks@vt.edu
Cc: peter@peter-dambier.de, nanog list <nanog@merit.edu>
Errors-To: owner-nanog@merit.edu
On Tue, 4 Apr 2006 Valdis.Kletnieks@vt.edu wrote:
> On Mon, 03 Apr 2006 23:16:40 +0200, Peter Dambier said:
>
> > Best is: You dont run anything that is not needed. If you run only a
> > single application, your system is not worth the time it takes to hack it :)
>
> For the benefit of people reading the archives in search of clue: There's
> a smiley on that, because Peter knows full well that the single biggest
> security problem on the Internet is boxes that are running one application,
> or end-user boxes, that aren't run in a secure manner because there's nothing
> of interest on the box.
>
though one application means a very simple host, firewall, audit:
1) its running smtp
2) its filtered to permit any -> tcp/25 tcp/25 -> any
3) its log auditor (offline on the log host of course) flags anything NOT
smtp
presume that smtpd is, of course, hardened and patched and looked-after
properly... Sean is right, anything with an ip address is a target,
perhaps not a focused target, but a target none-the-less.
If it's on the internet take proper precautions.
> If the box has an IP address, and an Internet connection, it's *always* of
> interest, if only as a zombie or a steppingstone box to launder a connection.
oh zombies... where would we be without thee?
