Date: Tue, 4 Nov 1997 20:20:43 -0700 (MST) From: Brandon Gillespie <brandon@roguetrader.com> To: freebsd-isp@freebsd.org Subject: Security problem/oversight with user PPP! Message-ID: <Pine.BSF.3.96.971104201200.2274C-100000@roguetrader.com>
next in thread | raw e-mail | index | archive | help
This isn't really a bug or anything--as it is just a standard feature of how user PPP works. You can just telnet to port '3000' on any machine running user PPP and have full access to the ppp session--assuming they havn't setup ppp.secret. I really find this disconcerting, since the manual just 'suggests' setting up ppp.secret. Frankly, if there is no ppp.secret it should NOT bind to port 3000! I don't want to bother with passwords in my PPP config system, because frankly, I dont care--I'm the only one using it. But suddenly I find the new PPP is allowing anybody in the world to diddle with my ppp and its irritating! (that doesn't sound good :) Talk about a horrid default. At the very least it should bind to port 3000 on LOCALHOST, why does there need to be global access to it? -Brandon Gillespie
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971104201200.2274C-100000>