Re: ramen worm

To: tlug@example.com
Subject: Re: ramen worm
From: "A.Sajjad Zaidi" <sajjad@example.com>
Date: Fri, 19 Jan 2001 12:32:23 +0900
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=iso-2022-jp
Organization: Vanguard K.K.
References: <200101190204.f0J24ZT12545@example.com>
Reply-To: tlug@example.com
Resent-From: tlug@example.com
Resent-Message-ID: <3o8fNC.A.22.LV7Z6@example.com>
Resent-Sender: tlug-request@example.com
Sender: sajjad

This is where I liked TurboLinux, although I wouldnt use it myself.

It had ssh already installed, but everything was disabled. No telnet, ftp,
ssh ....... Simply enabling these services in /etc/inetd.conf didnt help
since you also had to allow the service through tcp_wrappers.

RedHat should follow similar settings by default and have an option to
enable these during the install to make it easier for newbies. But with
RedHat I understand thats its not really the settings, but the
vulnerabilities in the packages they include that make it insecure.

I hate to say this, but even Windoze has telnet disabled by default while
on RedHat I have to install ssh and disable telnet everytime.


Joerg Winkelmann wrote:

> Usually, when there is a virus, a trojan or some other
> nasty beast going around, one reads: This affects only
> Windows systems.
> Now it is the other way around: One must read that
> the Ramen worm affects only Linux machines and that
> Microsoft Windows systems are secure . :-(
>
> Why is this Ramen worm possible?
> >From the information I could find, it seems that the
> Ramen worm attacks RedHat 6.2 and 7.0 systems which are running
> versions of rpc.statd and ftpd which are vulnerable.
> There will be always bugs and there will also be always
> many people using Linux on personal computers not bothering
> too much to install all security patches immediately.
> Therefore the default configurations of Linux distributions
> should be as secure as possible, and this is the point where,
> in my opinion, RedHat ( and other distributors) have failed.
> Why are these daemons (rpc.statd, ftpd) running at all in a
> default configuration?
> To use ftpd to provide an anonymous ftp server is probably
> not something the average RedHat user has in mind.
> Using ftpd for non-anonymous password-authorized file transfer
> should not be done anyway, one should use scp instead.
> Thus, while a Linux distribution should certainly contain ftpd,
> I can not see why ftpd should be running by default.
> The default, for all internet services not absolutely necessary
> should be not to be started unless explicitly requested.
> Whoever wants to start an ftp server (or Web server, or NFS server
> or ...) should be able to do so in a few number of easy steps,
> but the number of these steps should not be zero.
>
> Just my 0.02 $
>
> Joerg
> --
> e-mail: jwinkel@example.com
> Web: http://www.math.unibas.ch/~winkel/index.html
>
> Postal Adress (valid until Sep 2001):
>  Joerg Winkelmann
>  Graduate School of Mathematical Sciences
>  University of Tokyo
>  Komaba, Meguro, Tokyo 153-8914
>  Japan
>  Tel.: 00-81-3-5465-7030
>
> -----------------------------------------------------------------------
> Next Technical Meeting:  Sat, January 20 13:30- LinuxProbe Hall
> Next Nomikai Meeting:    Fri, February 16 19:30- Tengu Tokyo Eki Mae
> -----------------------------------------------------------------------
> more info: http://www.tlug.gr.jp           Sponsor: Global Online Japan

Follow-Ups:
- Re: ramen worm
  - From: "Stephen J. Turnbull" <turnbull@example.com>

References:
- Re: ramen worm
  - From: Joerg Winkelmann <jwinkel@example.com>

Prev by Date: Network problem: hard or soft?
Next by Date: Re: Wnn problem
Prev by thread: Re: ramen worm
Next by thread: Re: ramen worm
Index(es):
- Date
- Thread

Home | Main Index | Thread Index