On 29 Jun 00, at 23:46, thus spake Atul Mehta:
> I have a doubt about the feasibility of running finger, telnet
> etc. on a web-server. I think that it can be risky since finger can be
> used to get info abt the users of the server and also telnet etc. has
> security problems unless ssh extensions are there..
> Am I right.. Please advice....
Most finger daemons around were removed - just because
spammers could easily finger users and harvest their e-mail
addresses that way. In fact, their repeated finger probes (several
thousand of them from aaaaa to zzzzz sort of - called "dictionary
attacks") often crashed servers.
Ditto with VRFY and EXPN on your mailserver. In sendmail, turn
that off by editing the o PrivacyWarnings (I think) line in sendmail.cf
where there will be two for VRFY and EXPN - delete those two
options.
Turn off telnet, rsh, rlogin etc - use ssh only on 24*7 connected
boxes.
-suresh
--
Suresh Ramasubramanian + [EMAIL PROTECTED]
My inner child is catatonic
-----------------------------------------------------------------------
The LIH mailing list archives are available at:
http://lists.linux-india.org/cgi-bin/wilma/linux-india-help
