Re: [TCLUG:5528] security

To: tclug-list@listserv.real-time.com
Subject: Re: [TCLUG:5528] security
From: Nate Carlson <natecars@infiniteloop.com>
Date: Mon, 26 Apr 1999 17:43:13 -0500 (CDT)
In-Reply-To: <Pine.LNX.4.04.9904261401520.31292-100000@pclueyb>

Well, first of all, why do you need all of those services? I'd disable
gopher, finger, linuxconf, nfs, pop-2, sunrpc, imap (unless you use it),
login, and shell, personally.

Adding that line to hosts.deny does not actually deny connections; it just
does not allow the user to use it (sends a 'Service not available'
message.). To _really_ deny stuff, you need to add firewalling rules for
that port.

----
Nate Carlson
the infinite loop
natecars@infiniteloop.com

On Mon, 26 Apr 1999, Ben Luey wrote:

> Two security questions:
> 
> On a server, I have /etc/hosts.deny ALL:ALL and hosts.allow
> ALL: 192.168.1.0/255.255.255.0   --intranet has full access
> sshd: ALL      -- everyone has ssh
> 
> I ran nmap on this server from outside the intranet and it says lots of
> things are open:
> 
> Starting nmap V. 2.02 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
> Interesting ports on sf-usr4-21-149.dialup.slip.net (207.171.246.149):
> Port    State       Protocol  Service
> 21      open        tcp        ftp
> 22      open        tcp        unknown
> 23      open        tcp        telnet
> 25      open        tcp        smtp
> 37      open        tcp        time
> 53      open        tcp        domain
> 70      open        tcp        gopher
> 79      open        tcp        finger
> 80      open        tcp        http
> 98      open        tcp        linuxconf
> 109     open        tcp        pop-2
> 110     open        tcp        pop-3
> 111     open        tcp        sunrpc
> 113     open        tcp        auth
> 137     filtered    tcp        netbios-ns
> 138     filtered    tcp        netbios-dgm
> 139     filtered    tcp        netbios-ssn
> 143     open        tcp        imap
> 513     open        tcp        login
> 514     open        tcp        shell
> 895     open        tcp        unknown                                  
> 
> I can't use, say, imap from outside the normal way, but is it still a
> security liability, or now? (137-139 are filtered from ppp0). If it is,
> what should I do -- (this doesn't have to be very anal, because it is a
> dynamic ip dialup, but still -- I noticed someone trying my imap
> connection from outside ...) 
> 
> Also, how can I have ssh (or telnet) only let certain users login from
> ppp0? Some users have wussy passwords which is fine within the network,
> but I'd like to disable access to these accounts from the outside (ie
> ppp0).
> 
> Thanks,
> 
> Ben
> 
> 
> Ben Luey
> lueyb@carleton.edu
> ICQ: 19144397
> 
> Modern computerized word processing enables us, both as individuals and as a
> cohesive societal entity, to exponentially enhance and aggrandize the 
> parameters, both qualitative and quantitative, not to mention paradigmatic, of 
> out communicative conceptualizations because now we can spell great big words
> correctly without having a clue what they mean.  -- Dave Barry
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tclug-list-unsubscribe@listserv.real-time.com
> For additional commands, e-mail: tclug-list-help@listserv.real-time.com
> Try our website: http://tclug.real-time.com
>

References:
- security
  - From: Ben Luey <lueyb@carleton.edu>

Prev by Date: EQL & Masquerade...
Next by Date: Re: [TCLUG:5535] Video Card Selection and Mouse Wheel
Prev by thread: Re: [TCLUG:5528] security
Next by thread: Re: [TCLUG:5507] Hubs
Index(es):
- Date
- Thread