Re: CGI scans from Strauss.udel.edu -- They're back

[dr () DURSEC COM (Dragos Ruiu)]

Lemme see, knowledgeable syadmins run a secondary DNS server
for an entire university on a public access box, as well as trusting
e-mail to it.  Yikes, this sounds like a formula for trouble.  For everyone's
sake, get a grant or something, buy a $600 PC and isolate at least
a couple of those functions onto separate boxes. Hell, buy a couple
and put a firewall in front of those puppies... It will likely save you a lot
of grief (and time/resources) in the long run.  A lot of network
designers I respect use separate firewalls (yes, sometimes more
than one) just for their DNS servers because they are such a
center for mayhem and so vital to operations.

No offence, but this kind of network design doesn't sound like
something that should be coming out of somewhere bragging
about "being wired."

just my 2c,
--dr

On Mon, 17 Apr 2000, Elliot L. Tobin wrote:
> strauss.udel.edu is our main student programming server..  of course
> students can check their email on it too, but it's primary use is for
> students to use the compilers, run (x)maple, and numerous other
> applications.
>
> not sure how relevant this is, but it was just upgraded to Solaris 8 this
> past week.
>
>  -------------------------------------------------->
>  Elliot L. Tobin  -  UD/CiS '02  [elliot () udel edu]
>  Univ. of Delaware, Ranked #2 Wired Campus by Yahoo!
>  Computer and Information Sciences, Economics
>  Room : 302-837-8600  -  Work : 302-831-0640
>  Pager: 302-451-2149  -  Aolim: seinfeldeT

--
dursec.com / kyx.net - we're from the future                      http://www.dursec.com
learn kanga-foo from security experts: CanSecWest - May 10-12 Vancouver

Speakers: Ron Gula/NSW, Ken Williams/E&Y, Marty Roesch/Hiverworld,
    Fyodor/insecure.org, RainForestPuppy/wiretrip.net, Theo de Raadt/OpenBSD