Re: information question
At 10:51 AM 9/5/00 -0500, [EMAIL PROTECTED] wrote: >sites of users that I have on the machine (i.e- ~debian-isp). I was >wondering how they are finding out which users that I have on the machine >and was wondering if I could be running services that pose a security >problem. I only have the following open: Probably they are people who come into contact with some of your customers and are making educated guesses about URL's. Like, if I got an email from [EMAIL PROTECTED], there's a good chance that www.foo.com/~joe.schmo exists, and if I think I'm clever, I might go to it to see what's there. Any user out on the internet who sees an email address of one of your people has enough info to try and find their ~userid. >PortState Protocol Service >113 opentcpauth >I had a question as to the function of 'auth'. >I am not quite sure what this does. If someone could give me a heads up. IIRC, classically identd. This daemon is useless except for people who do a lot of unix-box to unix-box work. IRC requires it but mIRC spoofs it rendering it's usefulness laughable. Save some RAM and remove it. +---+ | -=H E L L - J U S T D O N ' T V O T E F O R G O R E=- | |=- -=ANYBODY FOR PRESIDENT=- -=| | George W. Bush Alan Keyes Hey, Atleast They're Not Robots | |=-- http://www.Keyes2000.com. --=| ++ 0100
Re: information question
At 10:51 AM 9/5/00 -0500, [EMAIL PROTECTED] wrote: >sites of users that I have on the machine (i.e- ~debian-isp). I was >wondering how they are finding out which users that I have on the machine >and was wondering if I could be running services that pose a security >problem. I only have the following open: Probably they are people who come into contact with some of your customers and are making educated guesses about URL's. Like, if I got an email from [EMAIL PROTECTED], there's a good chance that www.foo.com/~joe.schmo exists, and if I think I'm clever, I might go to it to see what's there. Any user out on the internet who sees an email address of one of your people has enough info to try and find their ~userid. >PortState Protocol Service >113 opentcpauth >I had a question as to the function of 'auth'. >I am not quite sure what this does. If someone could give me a heads up. IIRC, classically identd. This daemon is useless except for people who do a lot of unix-box to unix-box work. IRC requires it but mIRC spoofs it rendering it's usefulness laughable. Save some RAM and remove it. +---+ | -=H E L L - J U S T D O N ' T V O T E F O R G O R E=- | |=- -=ANYBODY FOR PRESIDENT=- -=| | George W. Bush Alan Keyes Hey, Atleast They're Not Robots | |=-- http://www.Keyes2000.com. --=| ++ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: information question
> sites of users that I have on the machine (i.e- ~debian-isp). I was > wondering how they are finding out which users that I have on the machine > and was wondering if I could be running services that pose a security > problem. I only have the following open: > > PortState Protocol Service > 21 opentcpftp > 22 opentcpssh > 25 opentcpsmtp > 80 opentcphttp > 113 opentcpauth > 443 opentcphttps > 515 opentcpprinter > 3306opentcpmysql > 6000opentcpX11 > > I had a question as to the function of 'auth'. > I am not quite sure what this does. If someone could give me a heads up. > Any advice appriciated. Auth servers are used to determine the "owner" of a specific connection, more commonly known as identity servers, and essentially useless. Some IRC servers use them to make sure you're not IRC'ing as root. Some network scanners use ident to determine what services are running as root, to aid them in a system compromise. If you need to run identity/auth services at all, use one that can be configured to return useless information like (*shameless plug*) ident2 at http://netgraft.com/ You can probably safely disable it, though. -MB
Re: information question
> 113 opentcpauth > I had a question as to the function of 'auth'. > I am not quite sure what this does. If someone could give me a heads up. > Any advice appriciated. it allows identifying users on the other edn of tcp/ip connection, ie when irc server recives connection it then connect to auth port of source ip and sends port on which it received connection to identify user which connected . It is considered as security service as other admin can easily locate user that does sth for example nasty and tell you who you should punish. regards, Eyck
Re: information question
> sites of users that I have on the machine (i.e- ~debian-isp). I was > wondering how they are finding out which users that I have on the machine > and was wondering if I could be running services that pose a security > problem. I only have the following open: > > PortState Protocol Service > 21 opentcpftp > 22 opentcpssh > 25 opentcpsmtp > 80 opentcphttp > 113 opentcpauth > 443 opentcphttps > 515 opentcpprinter > 3306opentcpmysql > 6000opentcpX11 > > I had a question as to the function of 'auth'. > I am not quite sure what this does. If someone could give me a heads up. > Any advice appriciated. Auth servers are used to determine the "owner" of a specific connection, more commonly known as identity servers, and essentially useless. Some IRC servers use them to make sure you're not IRC'ing as root. Some network scanners use ident to determine what services are running as root, to aid them in a system compromise. If you need to run identity/auth services at all, use one that can be configured to return useless information like (*shameless plug*) ident2 at http://netgraft.com/ You can probably safely disable it, though. -MB -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
information question
Hello Debian ISPers, I have a question regarding something I noticed on a debian machine I use. I have a debian machine set up for internal ticketing (request tracker) and I was browsing through my httpd logs and noticed that some random users of the internet have been hitting the non existant sites of users that I have on the machine (i.e- ~debian-isp). I was wondering how they are finding out which users that I have on the machine and was wondering if I could be running services that pose a security problem. I only have the following open: PortState Protocol Service 21 opentcpftp 22 opentcpssh 25 opentcpsmtp 80 opentcphttp 113 opentcpauth 443 opentcphttps 515 opentcpprinter 3306opentcpmysql 6000opentcpX11 I had a question as to the function of 'auth'. I am not quite sure what this does. If someone could give me a heads up. Any advice appriciated. Thank you! D. Ghost 'space ghost with debian flavor'
Re: information question
> 113 opentcpauth > I had a question as to the function of 'auth'. > I am not quite sure what this does. If someone could give me a heads up. > Any advice appriciated. it allows identifying users on the other edn of tcp/ip connection, ie when irc server recives connection it then connect to auth port of source ip and sends port on which it received connection to identify user which connected . It is considered as security service as other admin can easily locate user that does sth for example nasty and tell you who you should punish. regards, Eyck -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
information question
Hello Debian ISPers, I have a question regarding something I noticed on a debian machine I use. I have a debian machine set up for internal ticketing (request tracker) and I was browsing through my httpd logs and noticed that some random users of the internet have been hitting the non existant sites of users that I have on the machine (i.e- ~debian-isp). I was wondering how they are finding out which users that I have on the machine and was wondering if I could be running services that pose a security problem. I only have the following open: PortState Protocol Service 21 opentcpftp 22 opentcpssh 25 opentcpsmtp 80 opentcphttp 113 opentcpauth 443 opentcphttps 515 opentcpprinter 3306opentcpmysql 6000opentcpX11 I had a question as to the function of 'auth'. I am not quite sure what this does. If someone could give me a heads up. Any advice appriciated. Thank you! D. Ghost 'space ghost with debian flavor' -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]