Date: Mon, 11 Dec 2017 09:34:10 -0800 From: "Chris H" <portmaster@BSDforge.com> To: "Kurt Jaeger" <lists@opsec.eu> Cc: <freebsd-ports@freebsd.org> Subject: Re: Procmail Vulnerabilities check Message-ID: <64e65ab97f9c2b086ed8c13620f06546@udns.ultimatedns.net> In-Reply-To: <20171211154257.GA2827@home.opsec.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 11 Dec 2017 16:42:57 +0100 "Kurt Jaeger" <lists@opsec=2Eeu> said > Hi! >=20 > > > On Sun, Dec 10, 2017 at 02:58:29PM -0800, Chris H wrote: > > > > OK I'm puzzled a bit=2E FreeBSD' motto has always been: > > > > FreeBSD > > > > The power to serve! > > > >=20 > > > > but many of the proposed, and recent changes/removals end up more l= ike: > > > > FreeBSD > > > > I's castrated! >=20 > > > So, then we should add a web server into our base! Apache? NGINX? Bot= h? > > > But then, what about PHP? MySQL? PostgreSQL? We want to serve website= s, > > > after all! Let's talk about fileservers=2E Samba! I could go on=2E=2E=2E > > OK=2E That's simply an irrelevant argument=2E I never advocated for the > > *addition* of anything=2E Only against the *removal* of something most us= ers > > have come to expect with the installation of FreeBSD=2E >=20 > The argument was made to show the general idea, not to nit-pick 8-} >=20 > As packaging base is also on the horizon, see >=20 > https://www=2Eyoutube=2Ecom/watch?v=3DBr6izhH5P1I >=20 > and >=20 > https://www=2Eyoutube=2Ecom/watch?v=3Dv7px6ktoDAI >=20 > the debate will pop up in any case=2E >=20 > > > FreeBSD's power to serve slogan is about delivering the platform to > > > serve, not all possible server software=2E [=2E=2E=2E] >=20 > > In all fairness, that's just pure supposition=2E I would suggest that it = is > > more probable that more users use Sendmail 1) because it came with the > > FreeBSD install, and 2) as such, makes it easier to implement=2E >=20 > Then it's time to start some research, if this hypothesis really holds=2E Thanks for the links, and the thoughtful reply, Kurt! In all fairness, your right=2E *actual* numbers *do* apply=2E :-) >=20 > I know that the folks at dovecot=2Efi did this in February for dovecot, see >=20 > openemailsurvey=2Eorg >=20 > It was made using shodan, maybe it's time to do the same for port 25 > via shodan ? LOL, showdan=2Eio! Hah! I'm *more* than a little irritated by this sort of th= ing=2E *Sure* it can provide some useful data=2E But the part that really irritates me, is that anyone think it's OK to probe my ports w/o asking=2E It's akin to saying; we initiated a study to determine how many people were using the LG model XYZ refrigerator=2E In that study, we peered into all the windows of as many houses, in as many neighborhoods as possible=2E But please, do not feel violated=2E We made every effort to look away, if we encountered anyone naked, or in an otherwise compromising situation=2E If you still find this method too intrusive=2E You need only tell us so=2E Simply come, and try to find the link to request exclusion=2E Err=2E=2E=2E what?!?! If you, as an administrator of a/your system(s), see no problem with (port) scanners, and take no action to thwart such activity=2E You are more than likely to encounter trouble(s) down the road=2E Even those that take preemptive action ahead of time, to close all unused ports=2E History already *proves* this fact, time, and time again=2E :-) pf(4) has dropped any/all communication from the showdan "project" *long* ago for all the systems I'm responsible for, and along with all the myriad of other "like" projects=2E They all have the policy backward; ask *before* not *after*=2E In short; I see them all as "black hats"=2E Honestly=2E Can you *really* determine good intentions from bad intentions on an incoming port scan? Still=2E Your point is well taken, and your point is not on the top of your head=2E ;-) ;-) We really *do* need corroborating evidence=2E :-) Thanks again, all the best to you, Kurt! --Chris >=20 > --=20 > pi@opsec=2Eeu +49 171 3101372 3 years to= go > !
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?64e65ab97f9c2b086ed8c13620f06546>