Stop using rsh is the correct answer. The r* utilities are, by design, insecure.
A better solution is to use ssh tools, which are available for both platforms. To add to that, you can also use public key authentication, which really rocks. ------------------------------------------------------ Roger D. Seielstad - MCSE Sr. Systems Administrator Inovis - Formerly Harbinger and Extricity Atlanta, GA > -----Original Message----- > From: Rangan, Govindaraj [mailto:govindr@;ti.com] > Sent: Wednesday, October 30, 2002 11:59 PM > To: NT 2000 Discussions > Subject: Access to well-known ports on Win2K > > > Hi All, > Greetings. > Do all users on Win2K have access to the > well-known ports? This > question arose when I was doing some security tests in a heterogeneous > environment with Windows and Solaris boxes. Solaris RSHD's > only security is > that before allowing access, it checks the source host and > source tcp port. > The host should be in hosts.equiv or .rhosts and the source > tcp port should > be one of well known ports (0-1023). The rsh client is a > setuid script and > starts as root. However on Windows 2000, it is possible for > any user (not > necessarily an admin user) to open a "well known port" to > connect to any > rshd. > Can we restrict access to well known ports to a > certain user or > group? If not, the secure way is that Solaris hosts shouldn't > trust Windows > hosts. Your help in resolving this is highly appreciated. > > Regards, > Govind. > > ------ > You are subscribed as [EMAIL PROTECTED] > Archives: http://www.swynk.com/sitesearch/search.asp > To unsubscribe send a blank email to %%email.unsub%% > ------ You are subscribed as [email protected] Archives: http://www.swynk.com/sitesearch/search.asp To unsubscribe send a blank email to [EMAIL PROTECTED]
