Re: DNS Injection Problem

[Glenn Forbes Fleming Larratt <glratt () rice edu>]

On Mon, 5 May 2003, Danny wrote:

> > Proftpd 1.2.8 # no root or anonymous connections
> >
> > Here it goes a scanner showing my open ports.
> >
> > Port       State       Service
> > 21/tcp     open        ftp
> > 23/tcp     open        telnet
> > 25/tcp     open        smtp
> > 53/tcp     open        domain
> > 80/tcp     open        http
> > 110/tcp    open        pop-3
> > 113/tcp    open        auth
> > 143/tcp    open        imap2
        :
        :
> > In this server we do not allow telnet/rsh or any shell connection.
> >
> > Since I am a newbie, I would appreciate some advices and tips.
>
> Er, you say that you do not allow any telnet access to this server but
> you are running the telnet service, thats probably not a good idea, If
> you meant you don't allow any clients remote access to the server i'd
> suggest ditching telnet and using [Open]SSH... If *noone* has remote
> access to this server than you should disable the telnet service.

        Agreed. I would add ditching ftp, pop3, and imap in favor of
        scp, SSLpop and SSLimap (the former is part of openSSH, the
        latter two bind to ports 993 and 995, rather than 110 and 143).

                -g


----------------------------------------------------------------------------
Attend Black Hat Briefings & Training Europe, May 12-15 in Amsterdam, the 
world's premier event for IT and network security experts.  The two-day 
Training features 6 hand-on courses on May 12-13 taught by professionals.  
The two-day Briefings on May 14-15 features 24 top speakers with no vendor 
sales pitches.  Deadline for the best rates is April 25.  Register today to 
ensure your place. http://www.securityfocus.com/BlackHat-incidents 
----------------------------------------------------------------------------