*BSD News Article 63127


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.anu.edu.au!newshost.telstra.net!act.news.telstra.net!psgrain!usenet.eel.ufl.edu!newsfeed.internetmci.com!info.ucla.edu!library.ucla.edu!agate!premise.CS.Berkeley.EDU!bmah
From: bmah@premise.CS.Berkeley.EDU (Bruce A. Mah)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: IMPORTANT PPP SECURITY ISSUE
Date: 7 Mar 1996 19:12:15 GMT
Organization: University of California, Berkeley
Lines: 37
Distribution: world
Message-ID: <4hncef$m5e@agate.berkeley.edu>
References: <4hkast$4u7@ns.hcsc.com>
Reply-To: bmah@CS.Berkeley.EDU
NNTP-Posting-Host: premise.cs.berkeley.edu
X-Newsreader: TIN [version 1.2 PL2]

Angel Ortiz (angelo@tawny.ssd.csd.harris.com) wrote:
> FreeBSD News Group:

> I wanted to point out some Security issues that you need to take into
> consideration when connected to your ISP.  

> ISSUES:
> When you are connected to your ISP and you are using Dynamic or Static 
> IP addressing your system is seen to the outside world.  For example, anyone
> who can determine your IP address will have the capability of logging into 
> your machine.  It will not matter what type of OS you are running.  As long as
> you are connected to the Internet your IP address is Public and hackers can 
> login into your system.

> COUNTER MEASURES:
> To guard against hackers telneting or ftping into your machine and 
> compromising the security of you system do the following:

[snip]

As at least one other person has pointed out, this isn't anything new...
a lot of it is common sense.  I really hope that if a person puts a 
FreeBSD/NetBSD/Linux/whatever machine on the net they'd be aware of this
(alas, this probably ain't so).

An alternate solution, assuming you don't expect *anyone* to
access your machine remotely, is just to turn off the entries for
rlogind, telnetd, ftpd, et al. in /etc/inetd.conf.  If a Bad Guy
can't connect to those daemons, well, that's one less thing to worry
about.

Bruce.

--
Bruce A. Mah		   Graduate Student	          bmah@CS.Berkeley.EDU
		Tenet Group, Computer Science Division
		 University of California at Berkeley