Negating a test

Mike Diehl (Encrypted email preferred) mdiehl at diehlnet.com
Sat Jun 26 00:10:25 CEST 2004


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Friday 25 June 2004 07:02 am, C. Bensend wrote:
> > If you're looking to stop wares-guys this approach is doomed to fail,
> > since they don't have to run the ftp-server on the standard ftp port
> > (and hardly ever do, since it'd be too easy to find them).
>
> The behavior he's asking about is also useful as a "sanity check," to
> make sure a service isn't re-enabled by accident, be it by administrative
> mistake or system upgrades/patches.

Exactly!  I actually have a couple reasons for this function:

1.  I sometime have to turn ftp on in order to transfer a file from a site 
that doesn't support scp.  I also sometimes forget to turn if off.  This is a 
critical failure IMHO given the volume of vulnerabilities that ftp seems to 
have.

2.  I have a WiFi link with a few well enumerated hosts.  If any "additional" 
hosts appear, I want to know about them.

Of course there are others, also.

It's been said that nagios is better suited for watching known services.  
While this sounds reasonable, I think of a known vulnerability as a "service" 
that I choose not to provide. <grin>

Thank you for your time and comments.

- -- 
Mike
gpg key: http://diehlnet.com/~mdiehl/mdiehl.asc
83AD D927 758D 4BFC A800 0277 4B26 75A4 F0D1 C7EB

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFA3KLVSyZ1pPDRx+sRAvfCAKDBQUi5bCRxTXZHMfn12MQxX9mq9wCggYzz
weXcZYuu4YyF4nO8sPYa74U=
=BqKL
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - 
digital self defense, top technical experts, no vendor pitches, 
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null





More information about the Users mailing list