[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LIG] Re: How to identify a Unix machine....

Amarendra GODBOLE rearranged electrons thusly:

> Please do not use REAL names, or rather REAL transcripts of your FTP sessions.
> Might prove a major security hazard for your organisation. Also, check if
> your company's security policies allow you to represent real server names,
> user ids. etc..
 security by obscurity in short ;)  it's trivial to find out that
 tatainfotech.co.in has a host called matrix ... and that matrix is running an
 ftp server (try running nmap there)
 Oh btw, _dont_ run an ftp server (least of all, wu-ftpd from the redhat rpm)
 on a public IP, accessible to everybody.  There are several nasty holes in
 there.  Switch to proftpd (or better, remove ftp, telnet and switch to rsync
 and ssh)
Suresh Ramasubramanian + mallet<@>efn.org
  You spamma my mailbox, I nukea da ass