Dear André

Ignore this crap. Really.

We do 1-2 external security audits per year and I’ve seen incredible crap in those reports. My favorites are things like “Hostname mail.domain.com suggests this is a mail server. Consider changing it to something not so obvious.” and a few lines further down: “Detected open port 25 on server mail.domain.com. Attackers could abuse this knowledge. Consider changing the port to something else”, etc.. The worst I ever encountered was that in the report they were complaining, that there’s a firewall in place that blocks ports and/or certain ICMP types... :-O

During the last few years I’ve learned, that these things are more or less unchanged output copy/pastes from automated hacking tools. If an audit company does not filter out such crap, you might as well consider changing your provider.

One more: “Server with IP x.x.x.x with DNS name www.domain.com responds to Port 80” (not mentioning, that the only answer from Port 80 is a redirect to the respective https website).

If you need some recommendations, contact me off-list.

Kind regards,

Viktor

Dear fellow SwiNOGers,

in the last few months we had several security audits and all of them proposed to disable tcp timestamps. (i.e. on Linux net.ipv4.tcp_timestamps=0). AFAIK roundtrip time calculation in tcp relies on this and there might be implications for PAWS (tcp sequence number wrapping).

What do you guys think about this?


Regards
André