unsuscribe
--
__
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Jean Christophe ANDRÉ [EMAIL PROTECTED] wrote:
You said what would try to connect to my system's port [...] 111
from within my own system. I would answer something that is
configured to do so?
Jussi Ekholm écrivait :
Yup, but what?
I suggest you to make a little program listening that
I was hoping someone could help me out here. Currently I am still on a
netowrk using static IP configurationon each machine, we are finally
moving towards DHCP. Are there any security considerations to be made to
ensure there is no gapping security hole. the various howto's I have seen
don;t seem
As far as I know there's not much to it, my dhcp server was very simple
to set up with very little security options. My only suggestion is just
make sure you have the latest version, and make sure you have the
security updates source in your sources.list file for your dists ie:
deb
u could set dhcp to give out a fixed address dependant on a mac address,
this would stop just anybody plugging a box into a network, if your network
is physically secure then thats not a worry. (a cat5 jack in reception or
some other public place is dodgy)
Otherwise dhcp makes life easier...its
I had the very same thoughts, being a university you can imagine what
physical security is like, plus management wants to give students the
ability to walk on campus and plugin, plus start wireless services too.
From what people have sent back from my question, I don;t think we will be
any worse
I'm not a huge expert on all of this, but here are a couple of
thoughts...
Unless you're monitoring IP/MAC addresses to try and detect
spoofing, knowing a machine's IP address is already useless from a
security POV. Even then, MAC addresses can be spoofed. Given that,
DHCP can't really make
hi andrew
i think you want at least one level of protection against dhcp
- prevent any tom, dick and harry from creating havoc
by running their rootkits by connecting their laptop to the
network
- it is bad to allow just anybody plug in their laptops
ik campus
ik
ik
so zilch physical security
you didnt say this in your earlier post, this has severe security
implications, in fact Id suggest you'd be a danger to the internet
I'd suggest a letter to the ppl that want this and tell them of the severe
secuity implications of
Well here at WPI, we have to register each and every MAC address that we
wish to use on campus. If your MAC address isn't registered, you get no
network. It works the same way with wireless. And to the best of my
knowledge, DHCP is used.
-
Chuck Haines
On 0, Jean Christophe ANDR? [EMAIL PROTECTED] wrote:
[snip]
You may do something like that (needs apt-get install netcat) :
- create a little script /root/spy.sh (just use netstat) :
#!/bin/sh
(
echo =
date
netstat -lnp
) /root/spy.txt
# yes, I
Too bad there is no way to do a secure handshake w/ an id/password or
even SecureID cards.
Any way to make the same host name resolve to your IP irreguardless of
what IP is allocted to your box by dhcp?
Haines, Charles Allen wrote:
Well here at WPI, we have to register each and every MAC
Actually, we have to create a host name when we register out MAC
addresses. This allows the same host name to be resolved to our IP.
-
Chuck Haines
GDC Systems Administrator
Infinity Complex Developer
WPILA Lab Manager
Quoting Alvin Oga ([EMAIL PROTECTED]):
i think you want at least one level of protection against dhcp
- prevent any tom, dick and harry from creating havoc
by running their rootkits by connecting their laptop to the
network
Um, Alvin? You might want to look up the
Chuck,
That sounds like a fantastic idea!
Provide some sort of web interface where a student can use a library
terminal or some such, plug in their MAC ADDR and their student number.
I normally don't post a Good on you jim! message, but this one has set off
ideas left right and centre.
J
-
hi ya rick
On Mon, 28 Oct 2002, Rick Moen wrote:
Quoting Alvin Oga ([EMAIL PROTECTED]):
i think you want at least one level of protection against dhcp
- prevent any tom, dick and harry from creating havoc
by running their rootkits by connecting their laptop to the
Jason Clarke wrote:
Chuck,
That sounds like a fantastic idea!
Provide some sort of web interface where a student can use a library
terminal or some such, plug in their MAC ADDR and their student
number.
I normally don't post a Good on you jim! message, but this one has
set off ideas left
Quoting Alvin Oga ([EMAIL PROTECTED]):
Um, Alvin? You might want to look up the definition of rootkit.
my definition ... anything that allows an un-educated user to just
run that tool to break into other peoples network and machines
( there's too many rootkits to count )
That's just
hi ya rick
On Mon, 28 Oct 2002, Rick Moen wrote:
Quoting Alvin Oga ([EMAIL PROTECTED]):
Um, Alvin? You might want to look up the definition of rootkit.
my definition ... anything that allows an un-educated user to just
run that tool to break into other peoples network and machines
On Mon, Oct 28, 2002 at 06:46:47PM -0800, Rick Moen wrote:
This confusion has also come up elsewhere, on LinuxToday:
http://linuxtoday.com/news_story.php3?ltsn=2002-09-20-011-26-SC-SV
tht just talks about arresting some poor soul ??
Read the talkbacks, at the bottom.
Specifically, I
Quoting Alvin Oga ([EMAIL PROTECTED]):
i read all the talkbacks...
- no definition of rootkit posted in the talkbacks
Look again.
Anyhow, a rootkit is not anything that allows an un-educated user to
just run that tool to break into other peoples network and machines.
It's something the
Quoting Andrew Sayers ([EMAIL PROTECTED]):
In practice, even a very low security barrier will stop the 90% of
clueless abusers - but (to drag this thread bag on-topic), that's no
excuse for basing the security of your network on a fundamentally
insecure way of identifying computers.
Right.
HI,
I'm looking for any craft to secure YP:
I'm working around shadow password and yp.
shadow passwords are stupid if ypcat passwd give the encripted passwords !
Well, I use (in /etc/ypserv):
* : passwd.byname: port : yes
* :
On Mon, Oct 28, 2002 at 07:38:38PM -0600, Hanasaki JiJi wrote:
Too bad there is no way to do a secure handshake w/ an id/password or
even SecureID cards.
That's the idea behind PPPoE. Yuck.
-B
--
Brandon High [EMAIL PROTECTED]
'98 Kawi ZX-7R Wasabi, '98
On Tue, 29 Oct 2002, Francois Sauterey wrote:
HI,
I'm looking for any craft to secure YP:
I'm working around shadow password and yp.
shadow passwords are stupid if ypcat passwd give the encripted passwords !
Well, I use (in /etc/ypserv):
* : passwd.byname
unsuscribe
--
__
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
Jean Christophe ANDRÉ [EMAIL PROTECTED] wrote:
You said what would try to connect to my system's port [...] 111
from within my own system. I would answer something that is
configured to do so?
Jussi Ekholm écrivait :
Yup, but what?
I suggest you to make a little program listening that
I was hoping someone could help me out here. Currently I am still on a
netowrk using static IP configurationon each machine, we are finally
moving towards DHCP. Are there any security considerations to be made to
ensure there is no gapping security hole. the various howto's I have seen
don;t seem
As far as I know there's not much to it, my dhcp server was very simple
to set up with very little security options. My only suggestion is just
make sure you have the latest version, and make sure you have the
security updates source in your sources.list file for your dists ie:
deb
u could set dhcp to give out a fixed address dependant on a mac address,
this would stop just anybody plugging a box into a network, if your network
is physically secure then thats not a worry. (a cat5 jack in reception or
some other public place is dodgy)
Otherwise dhcp makes life easier...its
I had the very same thoughts, being a university you can imagine what
physical security is like, plus management wants to give students the
ability to walk on campus and plugin, plus start wireless services too.
From what people have sent back from my question, I don;t think we will be
any worse
I'm not a huge expert on all of this, but here are a couple of
thoughts...
Unless you're monitoring IP/MAC addresses to try and detect
spoofing, knowing a machine's IP address is already useless from a
security POV. Even then, MAC addresses can be spoofed. Given that,
DHCP can't really make
hi andrew
i think you want at least one level of protection against dhcp
- prevent any tom, dick and harry from creating havoc
by running their rootkits by connecting their laptop to the
network
- it is bad to allow just anybody plug in their laptops
ik campus
ik
ik
so zilch physical security
you didnt say this in your earlier post, this has severe security
implications, in fact Id suggest you'd be a danger to the internet
I'd suggest a letter to the ppl that want this and tell them of the severe
secuity implications of
Well here at WPI, we have to register each and every MAC address that we
wish to use on campus. If your MAC address isn't registered, you get no
network. It works the same way with wireless. And to the best of my
knowledge, DHCP is used.
-
Chuck Haines
On 0, Jean Christophe ANDR? [EMAIL PROTECTED] wrote:
[snip]
You may do something like that (needs apt-get install netcat) :
- create a little script /root/spy.sh (just use netstat) :
#!/bin/sh
(
echo =
date
netstat -lnp
) /root/spy.txt
# yes, I
Too bad there is no way to do a secure handshake w/ an id/password or
even SecureID cards.
Any way to make the same host name resolve to your IP irreguardless of
what IP is allocted to your box by dhcp?
Haines, Charles Allen wrote:
Well here at WPI, we have to register each and every MAC
Actually, we have to create a host name when we register out MAC
addresses. This allows the same host name to be resolved to our IP.
-
Chuck Haines
GDC Systems Administrator
Infinity Complex Developer
WPILA Lab Manager
Quoting Alvin Oga ([EMAIL PROTECTED]):
i think you want at least one level of protection against dhcp
- prevent any tom, dick and harry from creating havoc
by running their rootkits by connecting their laptop to the
network
Um, Alvin? You might want to look up the
Chuck,
That sounds like a fantastic idea!
Provide some sort of web interface where a student can use a library
terminal or some such, plug in their MAC ADDR and their student number.
I normally don't post a Good on you jim! message, but this one has set off
ideas left right and centre.
J
-
hi ya rick
On Mon, 28 Oct 2002, Rick Moen wrote:
Quoting Alvin Oga ([EMAIL PROTECTED]):
i think you want at least one level of protection against dhcp
- prevent any tom, dick and harry from creating havoc
by running their rootkits by connecting their laptop to the
Jason Clarke wrote:
Chuck,
That sounds like a fantastic idea!
Provide some sort of web interface where a student can use a library
terminal or some such, plug in their MAC ADDR and their student
number.
I normally don't post a Good on you jim! message, but this one has
set off ideas left
Quoting Alvin Oga ([EMAIL PROTECTED]):
Um, Alvin? You might want to look up the definition of rootkit.
my definition ... anything that allows an un-educated user to just
run that tool to break into other peoples network and machines
( there's too many rootkits to count )
That's just
hi ya rick
On Mon, 28 Oct 2002, Rick Moen wrote:
Quoting Alvin Oga ([EMAIL PROTECTED]):
Um, Alvin? You might want to look up the definition of rootkit.
my definition ... anything that allows an un-educated user to just
run that tool to break into other peoples network and machines
On Mon, Oct 28, 2002 at 06:46:47PM -0800, Rick Moen wrote:
This confusion has also come up elsewhere, on LinuxToday:
http://linuxtoday.com/news_story.php3?ltsn=2002-09-20-011-26-SC-SV
tht just talks about arresting some poor soul ??
Read the talkbacks, at the bottom.
Specifically, I
Quoting Alvin Oga ([EMAIL PROTECTED]):
i read all the talkbacks...
- no definition of rootkit posted in the talkbacks
Look again.
Anyhow, a rootkit is not anything that allows an un-educated user to
just run that tool to break into other peoples network and machines.
It's something the
Quoting Andrew Sayers ([EMAIL PROTECTED]):
In practice, even a very low security barrier will stop the 90% of
clueless abusers - but (to drag this thread bag on-topic), that's no
excuse for basing the security of your network on a fundamentally
insecure way of identifying computers.
Right.
47 matches
Mail list logo