Full Disclosure mailing list archives
RE: Re: Re: open telnet port
From: "Robert Moss" <Robert.Moss () psinet telstra co uk>
Date: Fri, 10 Sep 2004 10:23:41 +0100
Hi Peoples, I've been following this thread, and there are some really good examples of how to set up secure backup access.. Here is a way that I have used in the past: Usually I would use a Cisco console server (2511 with 16 async serial ports, 2600 with AS32 async serial ports), which provides reverse telnet (this has already been covered). Alternatively, you could set up a simple unix server with a multiport serial board and connect that up to each servers' serial/console port. Lastly, in the case of a small server network of say 6 or less servers, you can attatch null modem cables between each pair of servers, and fire up mgetty/getty on the serial port for the server(s) that you are working on. This provides a reasonably secure backup method of connecting. Keeping in mind that serial ports can be sniffed just as easily as a telnet session, but with the provision that someone needs physical access to the server(s) or a shell with priveledges for connecting to the serial port device. There are some things that I consider reasonably obvious that I will omit here, ask for more details Cheers Robert Moss. -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of Andrew Haninger Sent: 09 September 2004 21:46 To: Gary E. Miller Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Re: Re: open telnet port
Yo Andrew!
... Right.
Then you update OpenSSL and it crashes all the ssh processes at the same time. Been, there, done that.
Thanks a lot. After your suggestion that it couldn't be done, I tried it. While it took thinking, I could have done it had I not killall'ed my sshd's without changing the paths in my "restart-sshd" cron job to reflect the new location of sshd. :-/ Well, on the bright side, this will encourage me to make my script such that it restarts sshd from either location. (/usr/sbin, where Slackware puts it, or /usr/local/sbin, where the OpenSSH "make install" script puts it). Anyway, this would also be a solution. I have a shell script that checks for ssh to be running on a couple ports*. If it isn't running, the script starts it. I then placed this script into /etc/cron.hourly. So, if I had it scripted correctly, I could install a new version of libssl, install a new version of sshd, kill all running sshd's and then wait about an hour for my system to start them back up. *Actually, it runs nmap on, say, port 22. If there's no response, it considers sshd not to be running. Someone could fool it by running some other program on that port, but this is sufficient for me on a NAT'ed machine at home on a cable connection. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: open telnet port, (continued)
- Re: open telnet port harry (Sep 07)
- Re: open telnet port cel0x (Sep 07)
- Re: open telnet port A.J. (Sep 07)
- Re: open telnet port David Huecking (Sep 07)
- Re: open telnet port Kenneth Ng (Sep 07)
- Re: open telnet port Riccardo Pizzi (Sep 07)
- Re: Re: Re: open telnet port Dries Robberechts (Sep 09)
- RE: Re: Re: open telnet port Todd Towles (Sep 09)
- RE: Re: open telnet port Yaakov Yehudi (Sep 09)
- RE: Re: Re: open telnet port Todd Towles (Sep 09)
- RE: Re: Re: open telnet port Robert Moss (Sep 10)