Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 5 Nov 1997 17:10:59 -0800 (PST)
From:      Archie Cobbs <archie@whistle.com>
To:        dnelson@slip.net (Dru Nelson)
Cc:        brandon@roguetrader.com, freebsd-isp@FreeBSD.ORG
Subject:   Re: Security problem/oversight with user PPP!
Message-ID:  <199711060110.RAA18423@bubba.whistle.com>
In-Reply-To: <Pine.GSO.3.96.971105085432.3010D-100000@slip-3> from Dru Nelson at "Nov 5, 97 08:55:29 am"

next in thread | previous in thread | raw e-mail | index | archive | help

Dru Nelson writes:
> 
> > At the very least it should bind to port 3000 on LOCALHOST, why does there
> > need to be global access to it?
> 
>  I agreee, it shouldn't be on by default. It is good, though, when
>  you want to work on the PPP client on the far end when getting
>  things working.

Doesn't completely fill the hole... :-)

I can still take a UNIX machine on the same network as yours,
disable my loopback interface, and set a route to 127.0.0.1
via your machine, and then telnet to it.

-Archie

___________________________________________________________________________
Archie Cobbs   *   Whistle Communications, Inc.  *   http://www.whistle.com



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199711060110.RAA18423>