Bugtraq mailing list archives
Re: Livingston bugs...
From: angio () aros net (Dave Andersen)
Date: Tue, 12 Sep 1995 14:50:55 -0600
Lo and behold, Jay 'Whip' Grizzard once said:
I, personally, can't understand such a passive attitude on the part of Livingston -- I personally would call a bug where you can crash virtually anyone's network connection, from virtually anywhere in the world, to be a major bug. Maybe it's just me...
Because there's an easy solution to it which you've mentioned below:
ObBugTraq: Apparently (at least, under limited testing), putting up a filter to prevent folks from getting to your login port from the outside world will protect you -- Except I don't _want_ to have to start filtering things out, and in some circuimstances (backbone routers, etc), it's not exactly a viable option. Do YOU want to have the bandwith of several T1's all running through a filter before they get off the router? No, thanks...
Not necessarily. Setting up a really simple filter to disallow telnets to the portmaster itself is a very trivial option, and has been discussed at _great_ length with many examples on the portmaster-users mailing list. Something as simple as ----- Quote from Carl Rigney @ livingston ----- add filter notelnet.in set filter notelnet.in 1 permit 192.168.2.0/24 192.168.2.2/32 tcp dst eq 23 log set filter notelnet.in 2 deny 0.0.0.0/0 192.168.2.2/32 tcp dst eq 23 log set filter notelnet.in 3 permit set ether0 ifilter notelnet.in save all If you're having problems with your dial-in users doing this, you can block that too by adding the following RADIUS attribute: Framed-Filter-Id = "notelnet" ------- end quote ----------- will solve that problem and any other possible "telnetting to the portmaster and doing <blah blah blah>" problem. -Dave Andersen -- angio () aros net Complete virtual hosting and business-oriented system administration internet services. (WWW, FTP, email) http://www.aros.net/ http://www.aros.net/about/virtual/
Current thread:
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995, (continued)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Slava Kritov (Sep 05)
- Discovery: Gain access to root on Linux via NIS Ken Weaverling (Sep 05)
- Re: Discovery: Gain access to root on Linux via NIS Alan Hannan (Sep 07)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Neil Woods (Sep 04)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 11)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Neil Woods (Sep 12)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Karl Strickland (Sep 13)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 14)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 System Administrator (Sep 11)
- Livingston bugs... Jay 'Whip' Grizzard (Sep 12)
- Re: Livingston bugs... Phillip Moore (Sep 12)
- Re: Livingston bugs... Dave Andersen (Sep 12)
- Re: Livingston bugs... Mike A Lyons (Sep 12)
- LACC Julian Assange (Sep 13)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Charles Sumner (Sep 14)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Goetz von Escher (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Doug Hughes (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Scott Barman (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Karl Strickland (Sep 18)
- Netscape SSL implementation cracked! (fwd) sameer (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 Paul Ashton (Sep 18)
- Re: [8lgm]-Advisory-22.UNIX.syslog.2-Aug-1995 andy () btc uwe ac uk (Sep 19)