>I disabled most of the unused services in inetd.conf, including
>TFTP. I do have a few services which I am not familiar with, and am
>wondering if I can get away with removing the following lines from
>inetd.conf:
>discard stream tcp nowait root internal
>discard dgram udp wait root internal
>daytime stream tcp nowait root internal
>daytime dgram udp wait root internal
>time stream tcp nowait root internal
>time dgram udp wait root internal
anyone can access these by telnetting to your box,
(telnet localhost daytime)
they are not tcp-wrappable, but you can safely disable them. there
are few applications that need them, actually none that i can think
of, but i'm sure someone somewhere is using them.
not that they're really a security problem, but there is a
denial-of-service attack playing chargen and discard off of one
another. at any rate i disable them all except daytime which i
actually use to make sure xntpd is functioning properly.
>Furthermore, what else can I do to protect my system? And while I'm
>thinking about it, is there some way to avoid sending unencrypted
>passwords when retrieving mail from mail.utexas.edu? It doesn't appear
>as if SSH is running there, but is there a site between resnet and
>mail through which I can tunnel encrypted data?
as much as piglet can't be trusted, you could do it with an account
on piglet, or any other unix machine off of resnet. tunnelling
connections is fairly simple if you read the docs.
there is mention of a script that allows tunnelled pop connections in
the ssh faq
http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-4.html#ss4.8
but the link appears to be bad. and i think it might require you to
have a login account on the pop server, anyway.
anyone know if mail.utexas.edu supports APOP? i believe it is a
"secure" pop protocol.
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
