Date: Sat, 26 Oct 1996 12:12:52 -0400 (EDT) From: "Graydon Hoare ()" <admin@multinet.net> To: Rick Gray <rickg@nwpros.com> Cc: freebsd-isp@freebsd.org Subject: Re: Hackers Message-ID: <Pine.BSF.3.91.961026115324.10483A-100000@house.multinet.net> In-Reply-To: <1.5.4.32.19961025224330.00688860@nwpros.com>
next in thread | previous in thread | raw e-mail | index | archive | help
you just have people using your site as a pirate exchanger. It's kinda like having carpenter ants in your apartment or something -- usually they have no intrest in hurting you, and you can kill them off if you really feel like it, but it just serves to increase paranoia and likely waste your time. Most users have 28.8s at best, it's unlikely the FTP traffic is really going to cripple your machine. If your ftpd is actually malfunctionning, you may have more substantial trouble in the way of people modifying your system. I tend to kerberize all the root and privelidged access just to create the air of impenetrability, but who knows, maybe that just tempts more people ;) FreeBSD is probably not exclusively at fault for any security violations. UNIX in general was never intended to be a "deny all, allow few" sort of secure system, probably won't be like that for years to come, the design reflects a general level of trust for most users, with little password checks to make sure people aren't reading each others' mail etc. But your users will invariably choose crappy passwords, tell their friends their passwords, send passwords in cleartext, or write stupid CGIs that allow people to gobble up their account. Not to be overly paranoid, but you really can't get too surprised that there's some 14 year old somewhere who thinks it'd be fun to crack something. so it's simple for someone to decide your site is the flavour of the week as far as pirate file exchange. Delete the files, get checksums on all your inetD daemons, do a find every day on your filesystem for files bigger than a meg that end in .zip or .arj... Hire a 14 year old to play Site Security God-King for you, leaving you to cultivate mature civilized pursuits ;) -graydon __________________________________________________________ I used to think that my brain was the most important organ in my body, but then I realized who was telling me this
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.91.961026115324.10483A-100000>