[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]
Re: [LIG] Re: How to identify a Unix machine....
Thanx very much Suresh / Amarendra,
I really appreciate the concern and I guess we should all be more aware of
The machine I have mentioned (matrix) is NOT a server and is NOT
accessible from outside of the company network and that is the only reason
why I pasted the whole transcript without making any modifications to the
list. For the servers (SunOS etc, I had cut out the appropriate parts...).
Thanks once again for pointing it out to me / us.
On Fri, 15 Dec 2000, Suresh Ramasubramanian wrote:
Amarendra GODBOLE rearranged electrons thusly:
> Please do not use REAL names, or rather REAL transcripts of your FTP sessions.
> Might prove a major security hazard for your organisation. Also, check if
> your company's security policies allow you to represent real server names,
> user ids. etc..
security by obscurity in short ;) it's trivial to find out that
tatainfotech.co.in has a host called matrix ... and that matrix is running an
ftp server (try running nmap there)
Oh btw, _dont_ run an ftp server (least of all, wu-ftpd from the redhat rpm)
on a public IP, accessible to everybody. There are several nasty holes in
there. Switch to proftpd (or better, remove ftp, telnet and switch to rsync