Hallo Leute, ich beabsichtige, in etwa zwei Tagen
in etwa den folgenden Brief an Datapipe zu schicken.
Wenn scih jemand anschliessen und mitunterschreiben
will, bitte, gerne.
Wenn jemand Anmerkungen oder Bedenken auessern will,
ebenfalls gerne.
Here we go:
Datapie's support person Bryan Spina writes:
> We have resolved your support request.
> Resolution:
> Michael,
> I'm sorry but this is something that we needed to do. A lot of our
> servers ( customers servers ) were at risk because of this. Unfortunately
> not all of our customers act responsibly in regards to security bulletins.
> In the email we explained that we would assist anyone who needs assistance
> free of charge ( obviously ) who wants it. SSH has the same functionality
> as telnet, but is fundamentally much more secure. The clients to SSH are
> also very easy to use, just as easy as the telnet clients. I am hoping that
> your customers would understand this situation, you are acting in their best
> assist them with the setup of the client. I believe Debian installs SSH
> default on the server, so there is no real setup for you. If this is not the
> case and you can't or don't want to install this I will do it for you.
> There have been multiple security bulletins regarding many operating systems
> and their telnet/teln!
> etd packages in the past few weeks. We would have been acting irresponsibly
> if we allowed this port open for incoming traffic. Please if you have any
> other questions please let me know.
> Thanks for your cooperation,
> Bryan Spina
> 888.749.5821 ext. 225
> -- end.
I am sorry to say - this is imho neither a solution nor can I
call it acceptable.
First to say that, also I recommend against telnet and suggest
that folks use ssh or some other kind of encrypting software;
no doubt I do not even allow access to certain internet based
services of mine without sufficient encryption so as to make
sure that certain information is not compromised in transit
on the net.
So this recommendation is not an issue for me.
What the heck is blocking access to port 25 good for?
(a) If it is meant as a means to block telnet, its futile.
Use another port for telnet, and you're done.
(b) Not only telnet but ftp, cvs-pserver, http, POP, smtp
protocols, to name only a few poular ones, transmit
unencrypted passwords and other potentially confidential
information. As a matter of fact, usually, they often use
the same passwords as telnet does, depending on system setup,
so there is hardly anything to gain.
(c) What about the machines that run another service on port 25 ?
Do don't _have_ _to_ have telnetd listen there, could be
named, or httpd as well, or even sshd :-)
As a matter of fact, what you do when you drop port 25 from your
routers or firewalls or whatever, you are crippling the internet
around your customers machines.
I don't know how you do it and what precisely you're doing on a
technical level. What I can easily tell is, that I cannot use
port 25 on my machine that I pay for, and I do not at all think
that it should be your business to tell me which port to use,
how to use it, and what to use it for.
Presently your action appears to me like stopping steel
production since steel is being used in weapon and weapon can
be used for illegally killing people. Or disallowing motorycles
on urban highways since there have been bad accidents with
motorcycles on them.
You are in a position comparable to the maintainer of a highway
system, thus your job should be to keep the highways usable.
It is not your job to care who uses them, what loads they ship,
etc.
If port 25 is being misused, this is of no concern to you,
unless someone asks you for help with his specific system.
Except that, it nice to warn your customers, which you do -
and I consider this an advantage over other service providers -
you are in an unfortunate situation with customers who do
not react to your warning, or disregard it. It is their choice
to leave their systems open for attack, then. Sorry, but such
is life.
If you stick to the (imho sick) policy of blocking part of the
normal internet traffic from your part of the net, I for one
shall be telling people not to use you, and why. (See above)
Also I recommend going elsewhere to those currently using you.
Forgive me, please, if my letter is based on slanted information
or misinformation. I admit, I do not have enough background
information. Also, I am not against anything (including blocking
of port 25) as a quick emergency measure, until a fix is found
for a certain problem. I certainly do not want you to stand by
and see your hosts, or your customers hosts, go down one after
the other due to a malicious attack, heroically holding the
All-Ports-Must-Remain-Open!! flagpole upright :-)
But this has the be a very temporary thing, then.
Thank you for listening.
Purodha Blissenbach - e-mail: <[EMAIL PROTECTED]>
_______________________________________________
Global mailing list
[EMAIL PROTECTED]
http://lists.hostsharing.net/mailman/listinfo/global
