Security Incidents mailing list archives
Re: CGI scans from Strauss.udel.edu -- They're back
From: dr () DURSEC COM (Dragos Ruiu)
Date: Mon, 17 Apr 2000 23:35:21 -0700
Lemme see, knowledgeable syadmins run a secondary DNS server for an entire university on a public access box, as well as trusting e-mail to it. Yikes, this sounds like a formula for trouble. For everyone's sake, get a grant or something, buy a $600 PC and isolate at least a couple of those functions onto separate boxes. Hell, buy a couple and put a firewall in front of those puppies... It will likely save you a lot of grief (and time/resources) in the long run. A lot of network designers I respect use separate firewalls (yes, sometimes more than one) just for their DNS servers because they are such a center for mayhem and so vital to operations. No offence, but this kind of network design doesn't sound like something that should be coming out of somewhere bragging about "being wired." just my 2c, --dr On Mon, 17 Apr 2000, Elliot L. Tobin wrote:
strauss.udel.edu is our main student programming server.. of course students can check their email on it too, but it's primary use is for students to use the compilers, run (x)maple, and numerous other applications. not sure how relevant this is, but it was just upgraded to Solaris 8 this past week. --------------------------------------------------> Elliot L. Tobin - UD/CiS '02 [elliot () udel edu] Univ. of Delaware, Ranked #2 Wired Campus by Yahoo! Computer and Information Sciences, Economics Room : 302-837-8600 - Work : 302-831-0640 Pager: 302-451-2149 - Aolim: seinfeldeT
-- dursec.com / kyx.net - we're from the future http://www.dursec.com learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver Speakers: Ron Gula/NSW, Ken Williams/E&Y, Marty Roesch/Hiverworld, Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD
Current thread:
- CGI scans from Strauss.udel.edu -- They're back Jose Nazario (Apr 14)
- Re: CGI scans from Strauss.udel.edu -- They're back Tom Perrine (Apr 15)
- Re: CGI scans from Strauss.udel.edu -- They're back Matthew S. Hallacy (Apr 16)
- Re: CGI scans from Strauss.udel.edu -- They're back Omachonu Ogali (Apr 18)
- Rapid Web page harvesting, probably by marketing firm Brett Glass (Apr 18)
- Frontpage Exploits Keith McCammon (Apr 19)
- Re: CGI scans from Strauss.udel.edu -- They're back Elliot L. Tobin (Apr 17)
- Re: CGI scans from Strauss.udel.edu -- They're back Dragos Ruiu (Apr 17)
- Re: CGI scans from Strauss.udel.edu -- They're back Ryan Russell (Apr 18)
- Re: CGI scans from Strauss.udel.edu -- They're back Bryan Seitz (Apr 19)
- Re: CGI scans from Strauss.udel.edu -- They're back Marcelo Magnasco (Apr 18)
- Rooted through in.identd on Red Hat 6.0 Del Elson (Apr 18)
- Re: Rooted through in.identd on Red Hat 6.0 Sebastian (Apr 20)
- Re: Rooted through in.identd on Red Hat 6.0 Dmitry Alyabyev (Apr 20)
- RH6.1/IPChains box hacked J. J. Horner (Apr 20)
- Re: RH6.1/IPChains box hacked Jon Lewis (Apr 21)
- Re: RH6.1/IPChains box hacked mad () STUDENTS ZCU CZ (Apr 21)
- Re: RH6.1/IPChains box hacked Del Elson (Apr 24)