[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LIG] Re: How to identify a Unix machine....

Thanx very much Suresh / Amarendra,

I really appreciate the concern and I guess we should all be more aware of
these issues.

The machine I have mentioned (matrix) is NOT a server and is NOT
accessible from outside of the company network and that is the only reason
why I pasted the whole transcript without making any modifications to the
list. For the servers (SunOS etc, I had cut out the appropriate parts...).

Thanks once again for pointing it out to me / us.


On Fri, 15 Dec 2000, Suresh Ramasubramanian wrote:

Amarendra GODBOLE rearranged electrons thusly:

> Please do not use REAL names, or rather REAL transcripts of your FTP sessions.
> Might prove a major security hazard for your organisation. Also, check if
> your company's security policies allow you to represent real server names,
> user ids. etc..
 security by obscurity in short ;)  it's trivial to find out that
 tatainfotech.co.in has a host called matrix ... and that matrix is running an
 ftp server (try running nmap there)
 Oh btw, _dont_ run an ftp server (least of all, wu-ftpd from the redhat rpm)
 on a public IP, accessible to everybody.  There are several nasty holes in
 there.  Switch to proftpd (or better, remove ftp, telnet and switch to rsync
 and ssh)