On Wed, 12 Aug 1998, Gediminas Grigas wrote:
Hello there,
I feel erroneusly (?) secure after .host.denyed in.telnetd and in.sshd from everywhere except one pc, which is denying all exept keyboard. I belive that if i can keep hosts.deny and hosts.allow files safe, and from time to time patch most actual security holes i`ll be conditionaly safe. Em i wrong? Probably I do.
I just cant imaginate how system can be cracked in lower stage, so that is my problem. I heard that inetd is very insecure, and some peoples using tcpd (or soundlike).
It may be ok for a fellow beginner to answer a little from my recent experience. The professionals on the list may find your question too open for them to answer. I had tight hosts.allow files and until a few days ago I thought I was pretty secure. I was not cracked, but I found out I was wrong. hosts.deny and hosts.allow are part of tcpd so you are probably running tcpd already If you have an entry like telnet stream tcp nowait root /usr/sbin/tcpd in.telnetd in your inetd.conf then telnet connections go through tcpd If you test this from a machine that is hosts.deny'd then you will see that you make a connection and then are thrown off. Some people say this is bad as a stranger will suspect you use intd/tcpd/telnet and when a vulnerability is found they will come back and attack you. They say better to deny the packets with a firewall so they have to guess more and maybe leave you alone. Filtering other services through tcpd may be a good idea. To motivate me to do some real learning and testing, I scanned my PC using the ShieldsUp tool on http://www.grc.com/ which a Windows user recommended to me. When I tested from this other machine and found out that httpd was open (I only started it local for susehilf/htdig) I just shut it down.
do else. I should keep folowing services open: httpd; smptd; pop3d; ftpd; snmpd; named; inetd; sshd; nscd. So if you know how to keep them at minimal risk, or know some holes at those, i would be very gratefull for any info and/or tips. I dont ask to do work for me - link to good manual would be nice too. By the way i have SuSE 6.3 (2.2.13).
I like Chapter 18 of the SuSE manual and http://www.securityportal.com/ Did you read the recent thread warning about sysadmins using ftp and telnet? It might affect you. You need to do much more learning than I have done yet :-) dproc