"Kenneth E. Lussier" wrote:
> David L. Roberts wrote:
>
> > They took a look at me too:
> > Jul 3 19:43:32 ria in.ftpd[2785]: connect from 24.112.52.123
> >
> > But this is the ftp daemon right...? I guess I could shut ftp
> > off as well - I just find it useful to transfer "homework"
> > between my employer and home. I thought I had things set fairly
> > tight, but maybe I should set 'em tighter. Also, this is the
> > first real test of the system as it's usually running
> > Winblows95, but the wife-N-kids are off on vacation (and I'm
> > recovering from a little minor surgery) so I currently have no
> > need for any M$ products.
>
> Yes, it is the ftp daemon. I would recommend shutting it down and
> using SCP instead. Dispite the claims that ftp and telnet are
> only dangerous because of the clear-text passing of usernames and
> passwords, there are other dangers. Some telnet and ftp daemons
> have remote exploits, root-shell buffer overflows, etc. The
> commercial versions of SSH may or may not have security problems,
> but since 2.0 and up are closed source, it's harder to tell.
> Personally, I suggest OpenSSH (preferably downloaded from a
> NON-US site).
>
> > And yes, I know I should have a dedicated firewall, yada yada
> > yada, but I don't have the $$$ for the rest of the hardware to
> > build the system so I'm sitting here playing a little Russian
> > Roulette - hoping my Bastille installation will hold up until
> > I'm able to finish building my firewall before... =:|
> >
> Actually, since it's just a single machine and there is no
> network behind it, there really isn't a reason for a dedicated
> machine. Just use ipchains to set up a firewall on that machine.
> Bastille is definately a great first step, and during the
> installation, it will download and install SSH for you, as well
> as set up basic firewalling.
>
> Kenny
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
telnet is very easy to watch and exploit. using hunt 1.3-1.5 you can
intercept and capture a connection betwixt host and server. then watch
all data transfer like pysically watch what you are typeing, then rst
your connection and hijack your telnet session. ftp has serveral buffer
overflow flaws released every other day so you need to keep and eye on
the advisories. ssh is good but even some versions have buffer overflow
vulnerbilities, one older version that has not been exploited is
ssh-1.2.27-7i just as a note. for all new daily info for linux sploits
you can goto http://www.securityfocus.com or
http://packetstorm.securify.com
anyway, good luck
chris
[EMAIL PROTECTED]
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
