From owner-freebsd-security Thu Jul 30 17:04:55 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA28015 for freebsd-security-outgoing; Thu, 30 Jul 1998 17:04:55 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from spike.porcupine.org (umbilical.porcupine.org [168.100.189.1]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA28001 for ; Thu, 30 Jul 1998 17:04:43 -0700 (PDT) (envelope-from wietse@porcupine.org) Received: by spike.porcupine.org (VMailer, from userid 100) id 4580B7036A; Thu, 30 Jul 1998 20:04:39 -0400 (EDT) Subject: Re: PPP.3000.exposure To: efb@cotdazr.org Date: Thu, 30 Jul 1998 20:04:39 -0400 (EDT) Cc: security@FreeBSD.ORG In-Reply-To: <19980730213629.6026.qmail@cotdazr.org> from "efb@cotdazr.org" at "Jul 30, 98 09:36:29 pm" Organization: Wietse Venema, White Plains, NY, USA X-Time-Zone: USA EST, 6 hours behind central European time X-Mailer: ELM [version 2.4ME+ PL15 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Message-Id: <19980731000439.4580B7036A@spike.porcupine.org> From: wietse@porcupine.org (Wietse Venema) Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org efb@cotdazr.org: > > Had a random sweep and the question came up .. what and why does my > port 3000 show to the world outside for .. can I block it .. should I > sweat it .. the F.Bsd_205 box is the router as well as main server .. > > Can I Wrap the 3000 at least so as not to kill iijppp and reduce my > exposure and how ??? This is one feature of the ppp daemon that I didn't like at all. To block, you'd need a kernel-based packet filter; or hack the source and rip out the if (server > 0) FD_SET(server, &rfds); line. Beware, this is untested advice. Wietse To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe security" in the body of the message