Date: Mon, 24 Jun 2002 04:59:00 -0700 From: Lawrence Sica <lomifeh@earthlink.net> To: Cy Schubert - CITS Open Systems Group <Cy.Schubert@uumail.gov.bc.ca> Cc: "Kevin Kinsey, DaleCo, S.P." <kdk@daleco.biz>, Trevor Johnson <trevor@jpj.net>, security@FreeBSD.ORG Subject: Re: Possible security liability: Filling disks with junk or spam Message-ID: <3D170984.6010003@earthlink.net> References: <200206232339.g5NNdXJw079333@cwsys.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Cy Schubert - CITS Open Systems Group wrote: > In message <008901c21afc$4a836100$44ec910c@daleco>, "Kevin Kinsey, > DaleCo, S.P. > " writes: > >>----- Original Message ----- >>From: "Lawrence Sica" <lomifeh@earthlink.net> >>To: "Trevor Johnson" <trevor@jpj.net> >>Cc: <security@FreeBSD.ORG> >>Sent: Sunday, June 23, 2002 12:07 AM >>Subject: Re: Possible security liability: Filling disks with junk or spam >> >> >> >>>Trevor Johnson wrote: >>> >>>>>A client recently called me in puzzlement, saying that his system was >>>>>misbehaving, and it turned out that this was what had happened. The >>>> >>address >> >>>>>"news@victim.com" had somehow wound up on quite a few spammers' lists. >>>> >>He'd >> >>>>>never used or hosted netnews, and so had no need for the pseudo-user. >>>> >>But that >> >>>>>pseudo-user was there by default, and the system dutifully created a >>>> >>mailbox >> >>>>>for him/her/it when the very first spam arrived. It started growing by >>>> >>leaps >> >>>>>and bounds until it was -- I kid you not! -- several hundred megabytes >>>> >>in >> >>>>>size. At which point the partition ran out of room. >>>>> >>>>>It seems to me that pseudo-users should be non-mailable, just as a basic >>>>>security policy. Ideas for the best way to implement this in the default >>>>>install? >>>> >>>> <snip RFC interp and suggested inetd.conf comments> >>> >>>Consider that the daily output includes a df output so you just need to >>>read your root email ;) >>> >>>--Larry >>> >> >>And that's a great point worthy of a reposting. While it's unfortunate that >>someone got their disk filled with junk, it's also seemingly indicative of a >>general lack of supervision on that box. The first line of defense is the >>scrutiny of the operator, not necessarily the revision of the OS. > > > Agreed and scrutiny by the operator should also be the last line of > defense. Little do many understand that an experienced sysadmin is the > best asset they can have. Unfortunately many companies and > organizations are unwilling to pay for that. > > >>One of the reasons I choose FBSD over other servers, especially M$, is >>that it's not too hard to do some reading and learn the OS; learn a couple >>of easy command line statements and see what's installed, what services are >>running, and etc Patience is a virtue, time with a browser a must, but no >>rocket science degree is needed. >> >>Perhaps this should be added to /stand/sysinstall: >> "You have just installed an operating system. Before you reboot >>your >>computer, PLEASE take some time and learn just what the thing will be >>doing while it sits in your home and/or place of business...." > > > Or hire or rent someone with the qualifications and experience to do it > right. Of course paying a lot of money doesn't guarantee that the job > will be done right. I've seen cases where high priced vendor personnel > installed insecure systems stating that the <vendor> O/S comes secure > right out of the box and that no additional security "tweaking" was > required. Unfortunately these systems were quickly discovered by > spammers. The rest was history. > > Mistrust of vendor defaults is, unfortunately, the first thing one often learns heh. I guess though this is getting into off topic for this list what is really needed is better training, and the resources for that. I am not sure of the best solution here, I myswelf have written some articles and try and help where I can in that regard. --Larry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3D170984.6010003>