From owner-freebsd-security Tue Nov 23 2:19:18 1999 Delivered-To: freebsd-security@freebsd.org Received: from verdi.nethelp.no (verdi.nethelp.no [158.36.41.162]) by hub.freebsd.org (Postfix) with SMTP id CAB7214CFD for ; Tue, 23 Nov 1999 02:19:14 -0800 (PST) (envelope-from sthaug@nethelp.no) Received: (qmail 61260 invoked by uid 1001); 23 Nov 1999 10:19:04 +0000 (GMT) To: gill@topsecret.net Cc: security@FreeBSD.ORG Subject: Re: Disabling FTP (was Re: Why not sandbox BIND?) From: sthaug@nethelp.no In-Reply-To: Your message of "Sat, 20 Nov 1999 14:47:59 -0500 (EST)" References: X-Mailer: Mew version 1.05+ on Emacs 19.34.2 Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Date: Tue, 23 Nov 1999 11:19:04 +0100 Message-ID: <61255.943352344@verdi.nethelp.no> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org > As a relative newbie, having ftpd on by default makes perfect sense. Few > newbies are going to be building a machine to place into mission-critical > service that day. As a person responsible for network security I am amazed and disgusted at the number of boxes running open source OSes that are connected to the net - by students and others - and that are, basically, wide open. SMTP open for relaying, IMAP or POP3 servers with well known holes, etc. There boxes may not be used for mission-critical functions - but because they are open, they are a danger for their surroundings. They are being misused for spamming, are being used as breakin entry points, etc. And new boxes are popping up all the time. For me it makes perfect sense that these services should be turned off by default, and that you have to actually *do* something to turn it on. Steinar Haug, Nethelp consulting, sthaug@nethelp.no To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message