[techtalk] Tightening Security
James A. Sutherland
jas88 at cam.ac.uk
Wed Feb 21 17:23:06 EST 2001
On Wed, 21 Feb 2001, Raven Alder wrote:
> Heya --
>
> I accidentally killed the original message, but someone had made
> the point that /etc/services just dictates what port a given service is
> listening on, and that disabling that port binding hasn't a thing to do
> with whether the service is running at the time. That's inetd.
> Absolutely right.
>
> The reason that I had heard cited for commenting out the line in
> /etc/services as well as making sure the service wasn't being offered
> in inetd.conf (or rc.inet2 or wherever) was to ensure that in case of a
> partial system compromise, the hacker installing a new service would
> have to take the additional step of editing /etc/services to get any
> new program they install to have a port assignment, rather than the
> well-known port already working for it.
Oh dear... unlikely to work for most things. I know Apache defaults to
port 80 anyway, without ever touching /etc/services; I suspect other
daemons will be the same.
> I haven't ever actually had this happen personally, so I can't
> comment on how effective it is. Anyone else tried it? Did it do any
> good?
It's a waste of time. What it WILL achieve is that things like netstat
won't give you protocol names - instead of connections to/from "http"
you'll see connections to "80", for example.
James.
More information about the Techtalk
mailing list