Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Firewall Wizards: RE: Annoying pop-ups

RE: Annoying pop-ups

From: R. DuFresne <dufresne_at_sysinfo.com>
Date: Fri, 1 Nov 2002 16:29:28 -0500 (EST)

Gregory,

>
> I tend to agree with you (as I noted), but that doesn't address my
> question at all. Are you guys saying that the messenger service is
> dangerous/not useful on the LAN? I think I can make a better argument for
> some core network functionality being turned on by default than you guys
> can for turning everything off. Imagine if everything were turned off by
> default, things would definitely be safer--but how bad would that world
> suck for the technically dysfunctional you guys are talking about
> defending? They'd be safer, but their computers would be paperweights to them.
>
> <rant>
> The messenger service is *not* evil. Letting unfiltered Internet traffic
> hit your machine *is* stupid. And if you spill hot coffee on yourself,
> it's *your* fault you got burned, you clumsy dumb-ass.
> </rant>

I think one has to ask this question about the service in question and the
problems faced by yhe original poster:

1> is the service abusable remotely

2> is the service abusable internally

3> does the vendor provide a security mechnism to prevent the abuse of
the service and is that well documented

4> is the service required for systems to be functional on the corp or
home network

I think you answer that in your rant above about unfiltered traffic
hitting the inside machine<s>.

Additionally, considering most home networks consist of a single system,
shared by the family of in the kid's bedrooms, how functional is the
messaging service? But, considering the home/small office networks
consisting of more then one system; does the vendor in question actually
document how the service can be abused and provide information about how
to deal with and prevent such abuses? Not providing such a mechanism and
documentation might well be itself a primary lack of resonsibility as
pertains to their stance on security.

Thanks,

Ron DuFresne

<what you don't know, *can* hurt you> 

-- 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        admin & senior security consultant:  sysinfo.com
                        http://sysinfo.com
"Cutting the space budget really restores my faith in humanity.  It
eliminates dreams, goals, and ideals and lets us get straight to the
business of hate, debauchery, and self-annihilation."
                -- Johnny Hart
testing, only testing, and damn good at it too!
_______________________________________________
firewall-wizards mailing list
firewall-wizards_at_honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Received on Nov 01 2002
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos