From owner-freebsd-security Wed Dec 13 10:25:33 2000 From owner-freebsd-security@FreeBSD.ORG Wed Dec 13 10:25:30 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from metrocon.com (metrocon.com [198.143.64.100]) by hub.freebsd.org (Postfix) with ESMTP id 267AF37B400 for ; Wed, 13 Dec 2000 10:25:29 -0800 (PST) Received: from office2.metrocon.com ([198.143.64.239]) by metrocon.com (8.9.3/8.9.3) with ESMTP id NAA34108 for ; Wed, 13 Dec 2000 13:25:19 -0500 (EST) (envelope-from tzink@metrocon.com) Message-Id: <5.0.0.25.0.20001213132136.00a2c7b0@mail.metrocon.com> X-Sender: tzink@mail.metrocon.com X-Mailer: QUALCOMM Windows Eudora Version 5.0 Date: Wed, 13 Dec 2000 13:26:27 -0500 To: freebsd-security@FreeBSD.ORG From: Terry Zink Subject: Re: 911 lockdown! In-Reply-To: <4.3.2.7.2.20001213100839.0465c320@localhost> References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii"; format=flowed Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Rather easily. If the outsider cannot get into the proper services (ssh most likely) to log in, then he cant crack. Most crackers use telnet, or pop. But if he finds the pop pass he cant do much if telnet and ssh are closed to all but the internal network. My biggest problem with firewalls is you need to throw them behind a nat generally speaking to use them (If anyone can gimme a simple way to set the gateway to a bsd box and have the bsd box allow full access to the ip but blocking out ips from the source from getting to it .... .. lemme know) I know that last sentence made no sense, and im sorry. Long day, not a priority. Biggest problem I have with firewalling the servers at my job is... we're an ISP... Adding a firewall presents yet ANOTHER single point of failure.. Anyways that was my rant for the day, hope you all enjoyed :) At 10:09 AM 12/13/00 -0700, you wrote: >Pardon me if I'm missing something here, but how would a firewall >prevent someone from cracking a guessable password on a legitimate >user account? > >--Brett Glass > >At 09:18 AM 12/13/2000, Robert McCallum wrote: > > > >My DNS/MAIL/WEB server was hacked recently, I don't believe they 'rooted' > >the server 'yet'. But I do see that they have obtained access to a user > >account. It apears they cracked a users account which I found out that one > >of my users did not adhere to our security policy and set a password that > >was not in accordance to our password policy. > >.... > > >In conclusion, I need to setup a firewall on that particular host ASAP. > > > >"Were parties here divided merely by greediness for office..., >to take a part with either would be unworthy of a reasonable >or moral man." --Thomas Jefferson > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message Regards, Terry Zink Metrocon Communications Phone: (212) 661-6800 ext. 1554 Fax: (212) 661-1229 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message