On Mon, 8 Jul 2002 [EMAIL PROTECTED] wrote:
> "Martinez, Michael - CSREES/ISTM" <[EMAIL PROTECTED]> wrote ..
> > I recently had a network audit, which had the following to say about my
> > LInux machines. Wanted to get some feedback from the list. It seems rather
> > bogus. I never heard of this. Can somebody provide details. Is this
> > legimitate or no:
> >
> > "The linux system accepts the SLIST command from outside the agency to
> > display internal routing tables. This poses a serious security risk..."
>
>
> "slist" is I believe just an implementation of Novell's SLIST command
> for listing NetWare servers. Question, are you running a NetWare
> emulator on Linux or just doing slist on Linux to see NetWare servers
> you have in house? The slist on Linux is a part of the ncpfs-2.2.0.18-6
> package. You could just remove the slist command from most Linux boxes,
> or you could rename slist and make a script wrapper for the slist
> command so not everyone can use it, or you could change the execute
> permissions to root only, or contact its developer for other options.
>
> Peter
>
Ask the folks who did the network audit what ports SLIST uses on your
machine to access it. If, for example, they are 3200-3600, you can use
your firewall to block access to ports 3200-3600 from "outside the
agency". If your firewall is ipchains, for example, it might need
something like (I may well be making a mistake in syntax)
ipchains -A input -p tcp -y -s ! <your agency's IP range> --dport 3200:3600 -j DENY
or for iptables
iptables -A INPUT -p tcp --syn -s ! <your agency's IP range> --dport 3200:3600 -j DROP
If your "agency" has its own firewall, maybe they should be blocking
whatever are the risky ports themselves.
--
Steven Yellin
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
