Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 4 Nov 1997 20:20:43 -0700 (MST)
From:      Brandon Gillespie <brandon@roguetrader.com>
To:        freebsd-isp@freebsd.org
Subject:   Security problem/oversight with user PPP!
Message-ID:  <Pine.BSF.3.96.971104201200.2274C-100000@roguetrader.com>

next in thread | raw e-mail | index | archive | help
This isn't really a bug or anything--as it is just a standard feature of
how user PPP works.  You can just telnet to port '3000' on any machine
running user PPP and have full access to the ppp session--assuming they
havn't setup ppp.secret.  I really find this disconcerting, since the
manual just 'suggests' setting up ppp.secret.  Frankly, if there is no
ppp.secret it should NOT bind to port 3000!

I don't want to bother with passwords in my PPP config system, because
frankly, I dont care--I'm the only one using it.  But suddenly I find the
new PPP is allowing anybody in the world to diddle with my ppp and its
irritating!  (that doesn't sound good :)

Talk about a horrid default.

At the very least it should bind to port 3000 on LOCALHOST, why does there
need to be global access to it?

-Brandon Gillespie




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.971104201200.2274C-100000>