From owner-freebsd-security Thu Oct 7 15:52:44 1999 Delivered-To: freebsd-security@freebsd.org Received: from flash.naxs.net (flash.naxs.net [216.98.64.5]) by hub.freebsd.org (Postfix) with ESMTP id BF0031546A for ; Thu, 7 Oct 1999 15:52:25 -0700 (PDT) (envelope-from dsimsik@vt.edu) Received: from data2 ([151.199.74.221]) by flash.naxs.net (8.9.3/8.8.7) with SMTP id RAA32532 for ; Thu, 7 Oct 1999 17:55:46 -0400 From: "David Simsik" To: "security@freebsd.org" Subject: Programming Contest Date: Thu, 7 Oct 1999 18:55:25 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300 Importance: Normal Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hello all I was recently hired to help run a regional Programming contest that takes place every year. My job is to set up some low level security so that the contestants cannot get in contact with each other and/or someone on the outside world. To explain the structure of our site we will have two FreeBSD servers running (one on a pent200 machine and one on a pent75 machine) which will run parts of the judging software. Both servers are Ver 3.3-Release. The clients which will run the client side of the judging software will be borrowed from one of our labs. to my knowledge they are using an older version of FreeBSD running on Gateway P5-200s. The Network will be set up within the lab and the structure of the Ethernet cannot be changed. Also I do not have access to their gateway or their servers. My original plan was to set up one of the servers (P75) as a gateway/site server. This server would authenticate the users on the client machines and then would control the packets going outbound. The problem is that while using this gateway by defining it in the Client machines and a firewall on the gateway I can control what machines the clients can send packets to but cannot control the inbound packets. With this said I have two questions. : 1. If the Gateway on the client machines is my machine is there any way for the clients to get around the gateway and if there is then is there a way I can stop that? (send packets in a way so they don't go through the gateway server) 2. what daemons would you recommend I shut off so that the contestants cannot get in contact with each other. (telnetd, ftpd,...) Any recommendations for solutions are welcome. Thank you David Simsik Regional Systems Team Leader tech@midatl.cs.vt.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message