Warning
Unable to process data:
multipart/signed; micalg=pgp-sha1; protocol=application/pgp-signature; boundary==_ascension.dragonsdawn.net-5705-1016307859-0001-2
On 11:47 16 Mar 2002, Gordon Messmer [EMAIL PROTECTED] wrote:
| On Fri, 2002-03-15 at 09:43, Rick Warner wrote:
| On Fri, 15 Mar 2002, David Talkington wrote:
| Um ... Rick, you can turn that off. See the sshd man page for
| AllowTcpForwarding.
|
| Ummm, David, I can turn it off on
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cameron Simpson wrote:
Personally I would opt for the allow outbound ssh to a set of trusted
users approach if possible. At my workplace we're fairly fortunate; most
of our users are either category 1, and thus in the trusted class. Most
others are
On Sat, 2002-03-16 at 15:48, David Talkington wrote:
Cameron Simpson wrote:
Personally I would opt for the allow outbound ssh to a set of trusted
users approach if possible. At my workplace we're fairly fortunate; most
of our users are either category 1, and thus in the trusted class.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gordon Messmer wrote:
Right. That's why I suggested allowing outbound SSH only from a few
trusted hosts. 'Trusted' in this case means that they are controlled by
the network admins, and not their users. Anyone who needs to ssh out
gets an account
On Sat, 2002-03-16 at 16:18, David Talkington wrote:
That's a help, but are you similarly able (administratively speaking)
to restrict destination IPs on all other ports? Otherwise, any
workstation could do the same thing on a different port, of course.
Restricting 80 in this way would
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gordon Messmer wrote:
Well, if the contents of your network are terribly secret (say...
propietary source code), then you can get draconian:
Internet --- Firewall -- Proxies -- Firewall -- private net
The external firewall passes packets on
On Thu, 14 Mar 2002, Rick Warner wrote:
On Thu, 14 Mar 2002, David Talkington wrote:
Leaving aside for a moment the fact that the Sun admin needs his/her
head checked for having telnet open in the first place (it appears
that the telnet buffer overflow from last summer was patched
On Thu, 14 Mar 2002, David Talkington wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rick Warner wrote:
Leaving aside for a moment the fact that the Sun admin needs his/her
head checked for having telnet open in the first place (it appears
that the telnet buffer overflow
On Fri, 15 Mar 2002, Bill Crawford wrote:
On Thu, 14 Mar 2002, Rick Warner wrote:
The openssh issue was fixed by a one line patch, indeed a single
character change, which because of the open nature of the source
could be applied by anyone with a text editor and the ability to
type. The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rick Warner wrote:
I'm not sure I'd equate a 4-month-old remotely exploitable buffer
overflow with a locally-exploitable vulnerability (*) that was
patched in hours. But that's just my opinion.
Go back and read the reports.
The report to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rick Warner wrote:
There is one other major security issue with SSH - it allows users the
ability to circumvent other security. The fact that if you open up
SSH into your network then any user can tunnel any traffic he wants into
your network is a
On Fri, 15 Mar 2002, David Talkington wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rick Warner wrote:
There is one other major security issue with SSH - it allows users the
ability to circumvent other security. The fact that if you open up
SSH into your network then any user
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rick Warner wrote:
Scenario: dangerous user A, who knows enough to do harm but not enough to
know he is dangerous, decides that Company Z does not allow all the
protocols he wants to/from his home network. Company Z policy is that NO
in-bound
On Fri, 15 Mar 2002, David Talkington wrote:
The report to which I referred was from Marcus Friedl, and I have
attached it below.
Read all the reports, not just those from the fox in the hen house. More
objective reports are available.
Nobody's arguing that one should not assume the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rick Warner wrote:
telnetd is not owned or controlled by Sun.
True, but only Sun can patch the Solaris implementation. That's the
problem, and is why Sun admins are helpless in those situations.
In fact, telnetd was not the problem, login was
Hello all,
I have RH 7.2on my laptop and am trying to telnet to a SunOS box. I
have tried all the terminals and am having the following problem:
I type: telnet IP of server here and press Enter
I get:
SunOS 5.6
login:
After the login I type my username and press Enter, but the cursor just
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kevin Old wrote:
I have RH 7.2on my laptop and am trying to telnet to a SunOS box. I
have tried all the terminals and am having the following problem:
After the login I type my username and press Enter, but the cursor just
moves to the l of login
On Thu, 14 Mar 2002, David Talkington wrote:
Leaving aside for a moment the fact that the Sun admin needs his/her
head checked for having telnet open in the first place (it appears
that the telnet buffer overflow from last summer was patched ... in
_January_), you should probably try
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rick Warner wrote:
Leaving aside for a moment the fact that the Sun admin needs his/her
head checked for having telnet open in the first place (it appears
that the telnet buffer overflow from last summer was patched ... in
_January_), you should
20 matches
Mail list logo