Date: Fri, 6 Oct 1995 14:42:59 -0700 (MST) From: Terry Lambert <terry@lambert.org> To: chuckr@eng.umd.edu (Chuck Robey) Cc: terry@lambert.org, j@uriah.heep.sax.de, freebsd-hackers@FreeBSD.ORG Subject: Re: Fiskars UPS support... Message-ID: <199510062142.OAA02260@phaeton.artisoft.com> In-Reply-To: <Pine.SUN.3.91.951005231124.13859B-100000@espresso.eng.umd.edu> from "Chuck Robey" at Oct 5, 95 11:14:46 pm
next in thread | previous in thread | raw e-mail | index | archive | help
> > 2) Make a TCP connection to a priveledged port on that host. > > Retry at intervals if necessary. > > > > 3) It writes you on the connection you made when it wants to notify > > you of some event. > > I don't find 'privileged ports' in my trusty O'Reillly TCP/IP book, could > you give me a reference? I just don't see, right now, what would stop > someone with a packet sniffer, finding how I communicate, then spoofing > the remote. I know how to set up connections, I'm wondering about > security, and how much is enough, when I'm talking about something that > can shut down the machine. man rresvport A port in the range 1-1023 can only be allocated by root. That is, those ports can only be answered by a Trojan Horse if your monitoring system has been fully compromised. The spoofing is prevented because the systems that can be spoofed make the connection to the monitoring system. That means someone can not pretend to be the monitoring system and sending a failure warning and cause a shutdown because connections are not made in that direction. The worst that someone can do is register with the monitoring system and get powerfail notifications, and then only if you don't put restrictions on who is allowed to connect to the monitoring system in the first place (ie: it should be inside your firewall in any case). Terry Lambert terry@lambert.org --- Any opinions in this posting are my own and not those of my present or previous employers.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199510062142.OAA02260>