RE: [suse-security] Fwd: DOS against SuSE's identd
>> SuSE seems not to be interested in this bug becaus they did not >> answer any of my mails. > >Now THIS is a HUGE security problem. SuSE what's going on? This is NOT a huge security problem. There are several identd packages out there and some of those are susceptible to DoS attacks as well. You can either change the timeout, switch to a more secure identd, or just don't use identd at all. I'm sure SuSE will address this issue in future releases. Also, we shouldn't jump to conclusions about SuSE not answering his email, the post on Bugtraq seems to have an anti-SuSE tone to it. -Dan
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 17 Aug 1999, Shinton, Daniel J. wrote:
Now THIS is a HUGE security problem. SuSE what's going on?
This is NOT a huge security problem. There are several identd packages out there and some of those are susceptible to DoS attacks as well.
So. Other programs have the same problem, does that mean it isn't a problem?
You can either change the timeout, switch to a more secure identd, or just don't use identd at all. I'm sure SuSE will address this issue in future releases.
I've got 5.2, it's there, I read it's present in 6.0; doesn't seem to have been fixed.
Also, we shouldn't jump to conclusions about SuSE not answering his email, the post on Bugtraq seems to have an anti-SuSE tone to it.
So we shoould jump to the conclusion that the poster dislikes SuSE? Maybe the poster is annoyed that someone would stupidly ship a distribution that is 'in slut mode' (and most distros are). Why aren't distributions packaged to be as secure as easily possibly, then if the user want's to open their box, they can, typically people making use of such services will know enough about what they're doing to start the program running, or they'll know enough to know where to learn what to do. This seems to be a problem with all Linux distributions and is, IMNSFHO, something which need addressing. SuSE if the idea of releasing a secure distribution doesn't seem appealing, how about when I say that I'd consider buying a SuSE release if it was more secure than other distros, and you could release the normal 'slut mode' one, then tweak the install to make an other release of the same distribution more secure. cog - -- ,------------------------------, ,====================| S H U N A N T I O N L I N E |===================, | David M. Webster '------------------------------' (aka cogNiTioN) | |=======================================================================| | cognition@bigfoot.com |=============| cognite.net will be online RSN. | '====== I use Linux everyday to up my productivity - so up yours! ======' -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQA/AwUBN7m2QA3SzTtF+sKDEQKhVwCfcPeBgNoUF1jAUqxCVw0uqr/NHOoAmQEW NhXDDDlRixT+KQcB6ghK80tN =wIwp -----END PGP SIGNATURE-----
* cogNiTioN <cognition@bigfoot.com> writes:
Now THIS is a HUGE security problem. SuSE what's going on?
This is NOT a huge security problem. There are several identd packages out there and some of those are susceptible to DoS attacks as well.
So. Other programs have the same problem, does that mean it isn't a problem?
"THIS" addresses SuSE not responding to the problem. I think that is a serious problem. I don't know, if he sent his e-mail to security@suse.de but I believe him (e.g., this list isn't managed well, what can I expect from security@suse.de?).
Why aren't distributions packaged to be as secure as easily possibly,
Guess it's more convenient for the user. Everything runs "autmatically". At least as long as his system doesn't get compromised by crackers. -- Mark Lutz Accept German and English
participants (3)
-
cogNiTioN -
Mark Lutz -
Shinton, Daniel J.