Date: Wed, 3 Jul 1996 01:08:01 -0400 (EDT) From: Douglas Song <dugsong@monkey.org> To: "Pedro F. Giffuni S." <pgiffuni@biblioteca.campus.unal.edu.co> Cc: security@freebsd.org Subject: Re: Please, please... Message-ID: <Pine.BSI.3.94.960703010103.4738A-100000@naughty.monkey.org> In-Reply-To: <Pine.A32.3.91.960702230108.24908A-100000@biblioteca.campus.unal.edu.co>
next in thread | previous in thread | raw e-mail | index | archive | help
Get the latest version of BIND. This will help thwart DNS spoofing attacks, but DNS just doesn't have any real security to begin with, so keep that in mind. Check out the smap sendmail proxy from the TIS firewall toolkit (ftp://ftp.tis.com/pub/firewalls/toolkit, I believe). Sendmail does NOT need to be setuid root, and you don't want to run that beast out of inetd anyhow. Maybe FreeBSD could take a great step forward by incorporating smap and other security tools into the standard distribution? Hose the s-bit off all unnecessary binaries (suidperl and the mount_* commands come to mind ;) and consider a clean reinstall, if you haven't been running tripwire or something like it. Best of luck... --- Douglas Song dugsong@monkey.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSI.3.94.960703010103.4738A-100000>