*BSD News Article 86122


Return to BSD News archive

Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!lucy.swin.edu.au!news.rmit.EDU.AU!news.unimelb.EDU.AU!munnari.OZ.AU!news.ecn.uoknor.edu!news.wildstar.net!newsfeed.direct.ca!portc01.blue.aol.com!newsxfer3.itd.umich.edu!howland.erols.net!news.mathworks.com!fu-berlin.de!irz401!orion.sax.de!uriah.heep!news
From: j@uriah.heep.sax.de (J Wunsch)
Newsgroups: comp.unix.bsd.freebsd.misc
Subject: Re: PPP Dial-in security questions
Date: 2 Jan 1997 22:19:59 GMT
Organization: Private BSD site, Dresden
Lines: 20
Message-ID: <5ahcaf$aqp@uriah.heep.sax.de>
References: <32cbc02b.84472863@news.duke.edu>
Reply-To: joerg_wunsch@uriah.heep.sax.de (Joerg Wunsch)
NNTP-Posting-Host: localhost.heep.sax.de
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Newsreader: knews 0.9.6
X-Phone: +49-351-2012 669
X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F  93 21 E0 7D F9 12 D6 4E
Xref: euryale.cc.adfa.oz.au comp.unix.bsd.freebsd.misc:33551

reese@chem.duke.edu (Charles Reese) wrote:

> I am using (user) ppp to provide dial-in support.  The current scheme
> has the user login using a regular getty Name,Password sequence with
> the users 'shell' being ppp-dialin which is a link to ppp-shell etc.
> When the ppp program starts up it gives a warning messages saying
> there is no security etc. because I am not using PAP or CHAP.

That's not because you are not using PAP/CHAP, but because you don't
have the ppp.secrets file.  So if you were starting it in -auto or
-ddial (daemon) mode, anybody could connect to port 3000 via telnet,
and manipulate that session.  I think you don't risk anything if you
never run these modes.

-- 
cheers, J"org

joerg_wunsch@uriah.heep.sax.de -- http://www.sax.de/~joerg/ -- NIC: JW11-RIPE
Never trust an operating system you don't have sources for. ;-)