From owner-freebsd-security Mon Oct 2 17:21:36 2000 Delivered-To: freebsd-security@freebsd.org Received: from fw.wintelcom.net (ns1.wintelcom.net [209.1.153.20]) by hub.freebsd.org (Postfix) with ESMTP id 3774C37B66C; Mon, 2 Oct 2000 17:21:34 -0700 (PDT) Received: (from bright@localhost) by fw.wintelcom.net (8.10.0/8.10.0) id e930LY006073; Mon, 2 Oct 2000 17:21:34 -0700 (PDT) Date: Mon, 2 Oct 2000 17:21:33 -0700 From: Alfred Perlstein To: "Jordan K. Hubbard" Cc: security@FreeBSD.org Subject: Re: cvs commit: src/etc inetd.conf Message-ID: <20001002172133.B27736@fw.wintelcom.net> References: <200010030008.RAA18074@freefall.freebsd.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <200010030008.RAA18074@freefall.freebsd.org>; from jkh@FreeBSD.org on Mon, Oct 02, 2000 at 05:08:16PM -0700 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org * Jordan K. Hubbard [001002 17:08] wrote: > jkh 2000/10/02 17:08:16 PDT > > Modified files: > etc inetd.conf > Log: > Turn fingerd OFF by default. Comparative essentials like telnetd > are bad enough, but finger is hardly a critical system service and > it's traditionally been vulnerable to a variety of attacks; anybody > remember RTFM and his worm? Can we please loose everything but telnet and ftp? This getting silly, your average user nowadays is less likely to know what rsh, rlogin, comsat and ntalk are then to have an actual need for them. And yes I also just had a mad scramble because I could have sworn that finger was off by default, luckily it seems that I'd either killed inetd or commented it out on all my hosts already. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message