Negating a test
Mike Diehl (Encrypted email preferred)
mdiehl at diehlnet.com
Sat Jun 26 00:10:25 CEST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Friday 25 June 2004 07:02 am, C. Bensend wrote:
> > If you're looking to stop wares-guys this approach is doomed to fail,
> > since they don't have to run the ftp-server on the standard ftp port
> > (and hardly ever do, since it'd be too easy to find them).
>
> The behavior he's asking about is also useful as a "sanity check," to
> make sure a service isn't re-enabled by accident, be it by administrative
> mistake or system upgrades/patches.
Exactly! I actually have a couple reasons for this function:
1. I sometime have to turn ftp on in order to transfer a file from a site
that doesn't support scp. I also sometimes forget to turn if off. This is a
critical failure IMHO given the volume of vulnerabilities that ftp seems to
have.
2. I have a WiFi link with a few well enumerated hosts. If any "additional"
hosts appear, I want to know about them.
Of course there are others, also.
It's been said that nagios is better suited for watching known services.
While this sounds reasonable, I think of a known vulnerability as a "service"
that I choose not to provide. <grin>
Thank you for your time and comments.
- --
Mike
gpg key: http://diehlnet.com/~mdiehl/mdiehl.asc
83AD D927 758D 4BFC A800 0277 4B26 75A4 F0D1 C7EB
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFA3KLVSyZ1pPDRx+sRAvfCAKDBQUi5bCRxTXZHMfn12MQxX9mq9wCggYzz
weXcZYuu4YyF4nO8sPYa74U=
=BqKL
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue.
::: Messages without supporting info will risk being sent to /dev/null
More information about the Users
mailing list