Date: 03 Nov 1999 18:07:04 +0200 From: Giorgos Keramidas <keramida@ceid.upatras.gr> To: freebsd-security@freebsd.org Subject: Re: hole(s) in default rc.firewall rules Message-ID: <86g0yn8spj.fsf@localhost.hell.gr> In-Reply-To: Adam Laurie's message of "Tue, 02 Nov 1999 20:33:49 %2B0000" References: <Pine.BSF.4.10.9911012224120.54551-100000@green.myip.org> <381F4AAD.1D8E6001@algroup.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
Adam Laurie <adam@algroup.co.uk> writes: > And for those that don't think this is a serious issue... > > Get a copy of netcat. Make sure syslogd is running in default mode (i.e. > without "-s" option) on the target "firewalled" server. Run the > following command on a machine outside the firewall: > > nc -u -p 53 -n [firewalled-server-ip] 514 > > and type some text in. Now go and tail /var/log/messages on the target > server, and you'll see the text that has just walked through your > firewall. I leave it as an exercise for the reader to exploit an NFS > mount in a similar fashion... I don't know how well this would work in a larger environment, but I have set up my private named to forward queries to a couple of "trusted" name servers outside the firewall. Then I added rules that accept only udp packets originating from these two hosts (port 53), and the usual "deny all from any to any" catches the rest. Someone might also have the IP addresses of root-dns servers be accepted as well. Oh, and another little bit. I have only recently brought up a small document that describes to the freebsd-newbies of my local area some parts of ipfw usage. I am a newbie in freebsd myself too, therefore I would be interested in any comments regarding this page, especially about things that are considered 'insecure' and are recommended there. The page is located at: <http://students.ceid.upatras.gr/~keramida/freebsd/ipfw.html> -- Giorgos Keramidas, <keramida@ceid.upatras.gr> "What we have to learn to do, we learn by doing." [Aristotle] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?86g0yn8spj.fsf>