From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from felloff.net ([199.191.58.38]) by pp; Thu May 21 15:24:31 EDT 2015
Message-ID: <85dab4ca7dcda1bed787c7c6d5c5c50c@felloff.net>
List-ID: <9front.9front.org>
X-Glyph: ➈
X-Bullshit: transactional secure realtime session-based metadata GPU locator
Date: Thu, 21 May 2015 21:24:12 +0200
From: cinap_lenrek@felloff.net
To: 9front@9front.org
Subject: Re: [9front] proposal: disable most of /rc/bin/services/tcp* by default
In-Reply-To: <CAFgOgC89T7k16ptFZL=f0KBid1=c=SQBqMz5LMZEiQXeVHtArg@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit

only the total number of connections that you accept matter,
not if you spread the connections over different services.

the only valid point is that you avoid the connection overhead
for automatic scans for common services that try to bruteforce
passwords (or try to send spam email over the open smtp service)
when you do not listen on these common ports.

but if someone want to exhaust your tcp connections they can do
that with any service that accepts connections.

anyway, i'm fine with less services listening by default if
that fixes the robot scanner problem for them.

--
cinap