From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from u2.inri ([107.191.125.208]) by pp; Thu May 21 14:02:19 EDT 2015
Date: Thu, 21 May 2015 14:01:45 -0400
From: sl@9front.org
To: 9front@9front.org
Subject: Re: [9front] proposal: disable most of /rc/bin/services/tcp* by default
Message-ID: <7b856f22c569e9ce155bf441e4110d01@u2.sfldmibb.det.wayport.net>
List-ID: <9front.9front.org>
X-Glyph: ➈
X-Bullshit: realtime cache CMS manager
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit

> This is a cpu server, there will be at least *one* service listening (cpu).
> If your intend is to waste system resources, then you can as well use the
> cpu service for that, it makes no difference what port you use.

I let this one go by too easily.

We're not always dealing with an intelligent, determined attacker.
Most attacks are automated and opportunistic.

Skynet is big, dumb, slow, and stupid. It dials a lot of ports without
knowing in advance if they are going to be open. It works off a big list
of ports that it expects to be open.

It's worth considering that more ports open means more potential
connections. It's also worth pointing out that the robots who dial
a list of common ports are more frequently encountered than the
robots who portscan first, or who already know about Plan 9. The
result is that the cpu port is rarely accessed, while common
ports (such as the ones I suggested disabling) are constantly
accessed by random Internets.

sl