Date: Wed, 13 Dec 2000 13:26:27 -0500 From: Terry Zink <tzink@metrocon.com> To: freebsd-security@FreeBSD.ORG Subject: Re: 911 lockdown! Message-ID: <5.0.0.25.0.20001213132136.00a2c7b0@mail.metrocon.com> In-Reply-To: <4.3.2.7.2.20001213100839.0465c320@localhost> References: <Pine.BSF.4.21.0012131048420.489-100000@www.freebsdbox.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Rather easily. If the outsider cannot get into the proper services (ssh most likely) to log in, then he cant crack. Most crackers use telnet, or pop. But if he finds the pop pass he cant do much if telnet and ssh are closed to all but the internal network. My biggest problem with firewalls is you need to throw them behind a nat generally speaking to use them (If anyone can gimme a simple way to set the gateway to a bsd box and have the bsd box allow full access to the ip but blocking out ips from the source from getting to it .... .. lemme know) I know that last sentence made no sense, and im sorry. Long day, not a priority. Biggest problem I have with firewalling the servers at my job is... we're an ISP... Adding a firewall presents yet ANOTHER single point of failure.. Anyways that was my rant for the day, hope you all enjoyed :) At 10:09 AM 12/13/00 -0700, you wrote: >Pardon me if I'm missing something here, but how would a firewall >prevent someone from cracking a guessable password on a legitimate >user account? > >--Brett Glass > >At 09:18 AM 12/13/2000, Robert McCallum wrote: > > > >My DNS/MAIL/WEB server was hacked recently, I don't believe they 'rooted' > >the server 'yet'. But I do see that they have obtained access to a user > >account. It apears they cracked a users account which I found out that one > >of my users did not adhere to our security policy and set a password that > >was not in accordance to our password policy. > >.... > > >In conclusion, I need to setup a firewall on that particular host ASAP. > > > >"Were parties here divided merely by greediness for office..., >to take a part with either would be unworthy of a reasonable >or moral man." --Thomas Jefferson > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message Regards, Terry Zink Metrocon Communications Phone: (212) 661-6800 ext. 1554 Fax: (212) 661-1229 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5.0.0.25.0.20001213132136.00a2c7b0>