[lug] I wish RH users would secure... (D. Stimits)

Nate Duehr nate at natetech.com
Fri Apr 20 13:20:46 MDT 2001

> Where is this label kept?  How do the script kiddies find it?  That is
> the question.

Well using a combination of queso and other tools, OS fingerprinting is
relatively easy to do.

> If you can't tell from the outside that a machine is running Red Hat,
> the probably Red Hat is unfairly getting the blame for security holes
> shared by many vendors.

Wasn't telnetd on in many releases of RedHat by default.  /etc/motd
nicely states... "RedHat Linux x.x"...

The real issue is -- all the commercial distros are trying to balance
usability with security, and they leave a lot of things on by default
that really shouldn't be on trying to avoid the support and training
mess that turning them off now on an unsuspecting user base would cause.

My personal opinion is that network services should be completely OFF by
default.  Just like my car.  When I was 13 I had to learn how to START
the car before I was allowed to DRIVE it.  :-)

Nate Duehr <nate at natetech.com>

GPG Key fingerprint = DCAF 2B9D CC9B 96FA 7A6D AAF4 2D61 77C5 7ECE C1D2
Public Key available upon request, or at wwwkeys.pgp.net and others.

More information about the LUG mailing list