nanog mailing list archives
Re: Cisco says attacks are due to operational practices
From: Adam McKenna <adam () flounder net>
Date: Fri, 11 Feb 2000 14:56:51 -0500
Also, I believe ssh won't do this if you remove the suid bit (which is probably a good idea anyway). --Adam On Sat, Feb 12, 2000 at 03:07:25AM +0800, adrian () creative net au wrote:
Its not a bug, its a leftover from rsh days - if the connection originates from a port below 1024, you could assume *cough* that the credentials the connection supplies are authentic, since the process needs to be root to bind to ports < 1024. This isn't a "but thats flawed!" discussion seed, take that to bugtraq. There's a flag to ssh somewhere to stop it doing that. Yup, -P . Adrian
Current thread:
- Re: Cisco says attacks are due to operational practices, (continued)
- Re: Cisco says attacks are due to operational practices John M. Brown (Feb 10)
- Re: Cisco says attacks are due to operational practices Majdi S. Abbas (Feb 10)
- Re: Cisco says attacks are due to operational practices Jared Mauch (Feb 10)
- Re: Cisco says attacks are due to operational practices Paul Ferguson (Feb 10)
- Re: Cisco says attacks are due to operational practices Chris Cappuccio (Feb 10)
- Re: Cisco says attacks are due to operational practices Paul Ferguson (Feb 10)
- Re: Cisco says attacks are due to operational practices Chris Cappuccio (Feb 10)
- Re: Cisco says attacks are due to operational practices John M. Brown (Feb 10)
- Re: Cisco says attacks are due to operational practices Bora Akyol (Feb 11)
- Re: Cisco says attacks are due to operational practices adrian (Feb 11)
- Re: Cisco says attacks are due to operational practices Adam McKenna (Feb 11)
- Re: Cisco says attacks are due to operational practices Stephen Sprunk (Feb 11)
- Re: Cisco says attacks are due to operational practices Paul Ferguson (Feb 11)
- Re: Cisco says attacks are due to operational practices Vijay Gill (Feb 10)
- Re: Cisco says attacks are due to operational practices John M. Brown (Feb 10)
- Re: Cisco says attacks are due to operational practices Wayne Bouchard (Feb 10)
- Re: Cisco says attacks are due to operational practices Richard Steenbergen (Feb 10)
- Re: Cisco says attacks are due to operational practices Marc Slemko (Feb 10)
- Re: Cisco says attacks are due to operational practices John M. Brown (Feb 10)