From owner-freebsd-security  Fri Jul 31 10:06:50 1998
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id KAA20783
          for freebsd-security-outgoing; Fri, 31 Jul 1998 10:06:50 -0700 (PDT)
          (envelope-from owner-freebsd-security@FreeBSD.ORG)
Received: from cotdazr.org (cotdazr.org [205.228.248.205])
          by hub.freebsd.org (8.8.8/8.8.8) with SMTP id KAA20774
          for <security@FreeBSD.ORG>; Fri, 31 Jul 1998 10:06:45 -0700 (PDT)
          (envelope-from efb@cotdazr.org)
Received: (qmail 7709 invoked by uid 10); 31 Jul 1998 17:06:36 -0000
Message-ID: <19980731100635.33065@cotdazr.org>
Date: Fri, 31 Jul 1998 10:06:35 -0700
From: Everett F Batey <efb@cotdazr.org>
To: "Daniel O'Callaghan" <danny@hilink.com.au>
Subject: Re: PPP.3000.exposure
Reply-To: efb@cotdazr.org
References: <19980731000439.4580B7036A@spike.porcupine.org> <Pine.BSF.3.96.980731112116.27739F-100000@enya.hilink.com.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Mailer: Mutt 0.84
In-Reply-To: <Pine.BSF.3.96.980731112116.27739F-100000@enya.hilink.com.au>; from Daniel O'Callaghan on Fri, Jul 31, 1998 at 11:29:22AM +1000
X-Tele: +1 805 985.3146 / 805 340.6471 Pg 805 655.2017
X-URL: http://www.cotdazr.org
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Danny .. Problem is 205 is before the days when we could run ipfw ..

I have been told by others on the Free BSD team .. ???

Regretably my bigger problem is using BIND_8.1.2 cause last time I tried 
to build found from others that there are really a lot of diffs between
the Unix release and the FreeBSD post makefile mortum .. lots of patching
to compile unix code on fbsd .. bummer .. my bind is easy to put to 
sleep by a hacker attack .. 

/Ev/


On Fri, Jul 31, 1998 at 11:29:22AM +1000, Daniel O'Callaghan wrote:
> On Thu, 30 Jul 1998, Wietse Venema wrote:
> 
> > efb@cotdazr.org:
> > > 
> > > Had a random sweep and the question came up .. what and why does my
> > > port 3000 show to the world outside for .. can I block it .. should I
> > > sweat it .. the F.Bsd_205 box is the router as well as main server ..
> > > 
> > > Can I Wrap the 3000 at least so as not to kill iijppp and reduce my
> > > exposure and how ???
> > 
> > This is one feature of the ppp daemon that I didn't like at all.
> > To block, you'd need a kernel-based packet filter; or hack the
> > source and rip out the 
> 
> Brian will correct me if I am wrong, but I believe that for quite a while
> now ppp has not bound to 3000 if there is no password set for the machine. 
> Not perfect protection, of course, but something.  
> 
> It is not too hard to enable ipfw, either in-kernel or as lkm.  Just flick
> the switch in /etc/rc.conf (firewall="YES") and add the appropriate ipfw
> rules.
> 
> Danny

-- 
 + http://www.cotdazr.org  efb@cotdazr.org -- WA6CRE -- http://www.gitt.gov +
 + http://www.oxnardsd.org  [EFB15]  SunUG: http://halide.acs.uci.edu/GCSUG +
 + BSD Unix Sun Linux, Security, Cisco Routing, QMail Inn DNS & My Opinions +
 + Beep: 805.655.2017 Vmail: 805.340.6471+5, 800.545.6998 USN: 805.982.7180 +

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe security" in the body of the message