[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SGI security problem with telnetd. TAKE IMMEDIATE ACTION!! (fwd)
This archive contains answers to questions sent to Unidata support through mid-2025. Note that the archive is no longer being updated. We provide the archive for reference; many of the answers presented here remain technically correct, even if somewhat outdated. For the most up-to-date information on the use of NSF Unidata software and data services, please consult the Software Documentation first.
- Subject: Re: SGI security problem with telnetd. TAKE IMMEDIATE ACTION!! (fwd)
- Date: Tue, 15 Aug 2000 16:36:35 -0600 (MDT)
=============================================================================== Robb Kambic Unidata Program Center Software Engineer III Univ. Corp for Atmospheric Research address@hidden WWW: http://www.unidata.ucar.edu/ =============================================================================== ---------- Forwarded message ---------- Date: Tue, 15 Aug 2000 15:46:53 -0500 (CDT) From: David B. Bukowski <address@hidden> To: Pete Pokrandt <address@hidden> address@hidden Subject: Re: SGI security problem with telnetd. TAKE IMMEDIATE ACTION!! (fwd) But besides using telnet, too insecure, sniffers could pick up passwords as in telnet they are sent in plain text. (I haven't played with the SSL version of telnet yet) But a preferreed method which I am starting to enforce around here is use SSH (info on this product can be found at http://www.ssh.org/) Then besides using TCP wrappers you could use some type of ipfiltering capabilities... Linux supports IP chains in kernel version 2.2.16 and Sun I think has a ipfilter program or equivalent. Not sure on that so don't take my word on it, but I am almost positive it does. Windows computers heave a program that is a client to connect to ssh clients. Some of these are SecureCRT and another is teraterm. Just my 2 cents worth on security issues. -dave > > Of course, after doing that, you can no longer telnet into your > machines, which is a hassle, but it's better than getting hacked > into. I personally run the telnet daemon, but use tcp wrappers > to restrict what remote IPs can connect to it. It is not totally > secure, but eliminates a good portion of the risk associated > with the telnet daemon bug, without removing telnet access for > legitimate users. > > Anyways... Back to the inetd.conf's on my other 20+ SGIs... > > Pete > > -- > +>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>+<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<+ > ^ Pete Pokrandt V 1447 AOSS Bldg 1225 W Dayton St^ > ^ Systems Programmer V Madison, WI 53706 ^ > ^ V address@hidden ^ > ^ Dept of Atmos & Oceanic Sciences V (608) 262-3086 (Phone/voicemail) ^ > ^ University of Wisconsin-Madison V 262-0166 (Fax) ^ > <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<+>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>+ > ------------------------------------------------------------------------------- David B. Bukowski |email (work): address@hidden Network Analyst |email (personal): address@hidden College of Dupage |pager: (630) 266-7775 Glen Ellyn, Illinois |work phone: (630) 942-2591 -------------------------------------------------------------------------------
- Prev by Date: Re: SGI security problem with telnetd. TAKE IMMEDIATE ACTION!! (fwd)
- Next by Date: RE: request for upstream feed
- Previous by thread: Re: SGI security problem with telnetd. TAKE IMMEDIATE ACTION!! (fwd)
- Next by thread: Re: 20000809: Main Feed Change request
- Index(es):