From: "Doug Sutherland" <doug@proficio.ca>
To: "Speakup is a screen review system for Linux." <speakup@braille.uwo.ca>
Subject: Re: ftp configuration clarification
Date: Sat, 30 Jun 2007 12:05:38 -0500 [thread overview]
Message-ID: <006701c7bb38$e21fb540$ab00a8c0@tenstac> (raw)
In-Reply-To: <20070630155111.GA19189@cq.ftml.net>
Chuck,
I once logged into one of my linux boxes and found a home directory
for someone called dave, who intalled stuff that goes out on the net
and scans other machines. This is very serious business. That means
my machine is actually doing the scanning. Nobody with any brains
does hacking from their own machine, they log in five, ten or more
machines deep. The topic of detecting breaches is a very deep one,
and if I was to have any ports pemanently open I'd look into
software that monitors changes to files like tripwire or similar. Also
set up firewall with logging rules.
I have been hacked more than once, trust me it is not fun. Hackers
look for easy entry. It's just like home security, they say you should
have bars on your basement windows not because they are
unbreachable but because they are deterrent, they make the
criminals go to someone else's home without bars. Same is true for
network security, don't make it easy for them. If you ask any security
guru they will say there is no such thing as guaranteed network security.
It is a trade off of risk versus cost, where cost is the effort expended in
securing your system. The only way to be truly secure is too be off the
net. Not viable for most but having ports open when you don't to is an
invitation. If you do that, get on security alert lists and follow the known
exploits, update your network software (dns, ftp, etc) as soon as new
versions are created to fix exploit bugs.
-- Doug
next prev parent reply other threads:[~ UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
Chuck Hallenbeck
` Doug Sutherland
` Chuck Hallenbeck
` Doug Sutherland [this message]
` Doug Sutherland
` Chuck Hallenbeck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='006701c7bb38$e21fb540$ab00a8c0@tenstac' \
--to=doug@proficio.ca \
--cc=speakup@braille.uwo.ca \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).