Mailinglist Archive: opensuse-security (260 mails)

< Previous Next >
ipchains or nessus bug ?
Hello, to all !

I have the following problem :
I defined the following ipchains rules on a firewall system :

ipchains -I input -j DENY -p UDP -s 0.0.0.0/0 -d xxx.xxx.xxx.xxx/xxx 161 -l
ipchains -I input -j DENY -p UDP -s 0.0.0.0/0 -d xxx.xxx.xxx.xxx/xxx 162 -l

I think that this two commands should block any SNMP querys from world.
I tested these rules from a remote host with mrtg.
The output was

input DENY eth1 PROTO=17 [remote ip]:[remote port] [destination ip]:161
L=141 S=0x00 I=25246 F=0x0000 T=53 (#7)

Thats ok, but when i start a security scan with nessus (Version 1.0.1), the
final report tells about a
security hole at SNMP and SNMP-TRAP ports.
The access is seems to be read, write, public.....
I do not think, that this is a correct predication

Next problem:
Nessus reports, that Sendmail (Version 8.9.3) is susceptible against a
redirection attack :

rcpt to : recipient@hostname1@localhostname
I think that sendmail is immun against such attacks (relaying, redirecting)
since version 8.9.X.
Sendmail is configured as Mail Relay. It forwards external mails to an
internal Mail Server (NAT Network).

HELP please.
Is the system not correctly configured ....?

Harald Scharf
Softpoint electronic
Netzwerksysteme / Firewalls
Windows NT/Windows 2000/Linux/Netware/Unix
mailto:h.scharf@xxxxxxxxxxxx
www.softpoint.at
www.simplex.at


< Previous Next >
Follow Ups