Hi Kevin.
Kevin Chadwick <ma1l1ists () yahoo ! co ! uk>
> Why turn it off, Just hash everything in inetd.conf and your nmap
> fingerprint will be lower than without inetd running.
I used to hash the file back in the day until it became clear I was
never using it.
The few machines I run serve very few services and I'm happy for them
to be running 24x7 - although I'm in an opposite situation this still
seems apposite ...
FTPD(8):
This has lower overhead than starting ftpd from
inetd(8) and is thus useful on busy servers to reduce load.
POPA3D(8):
This has lower overhead than starting popa3d
from inetd(8) and is thus useful on busy servers to reduce load.
In this mode popa3d also does quite a few checks to significantly
reduce the impact of connection flood attacks.
... and so on.
Yes, I also see this:
INETD(8):
Essentially, inetd allows running one daemon
to invoke several others, reducing load on the system.
In my situation after many releases of hashing inetd.conf I decided to
stop playing chinese whispers.
As far as nmap goes, sure, but I don't care about port scans.
As a matter of principle I think knowledge of running services should
never be an issue.
If there's a failure there, it's either a flaw in the software which
I'd like to know about, or I've made an administration error. Right?
Frankly I'm happy to have people trying to break into these machines,
if only there was more of it ...
If I needed to do something a little more critical I would re-think my
service choices and probably still not care about port scans.
As it stands though I'm okay for these machines to be cracked wide
open and be off the air for a day or so if I can help squash a bug or
learn something.
The only associated issue that concerns me at all there is DoS and I
think other methods are more appropriate there (such as picking up the
phone).
The only thing I can think of off the top of my head is port scanning
and getting meaningful results through inetd is slower right?
If you could provide some reading material on that I'd probably read it.
Best wishes.
