Date: Mon, 27 Jul 1998 16:11:13 -0700 (PDT) From: "Jan B. Koum " <jkb@best.com> To: Brett Glass <brett@lariat.org> Cc: Greg Pavelcak <gpavelcak@philos.umass.edu>, Dag-Erling Coidan =?iso-8859-1?Q?Sm=F8rgrav?= <dag-erli@ifi.uio.no>, Dennis Reiter <mcneills@accessus.net>, chat@FreeBSD.ORG Subject: FreeBSD Security How-To (Was: QPopper exploit) Message-ID: <Pine.BSF.3.96.980727160713.8287A-100000@shell6.ba.best.com> In-Reply-To: <199807272300.RAA00688@lariat.lariat.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello all, Since the secret is out now on freebsd-security .. I have been working on FreeBSD Security How-To for the last few weeks. It is still in beta and I hope to get more comments from people on -security. It is currently at www.best.com/~jkb/howto.txt No kernel hacking -- just basic steps users can take to secure their workstations, server, etc. I'd like any comments, feedback or suggestions from -chat also. (yes, I'll soon have html also for those of you who can't stand ascii). -- Yan Jan Koum jkb@best.com | "Turn up the lights; I don't want www.FreeBSD.org -- The Power to Serve | to go home in the dark." "Write longer sentences - they are paying us a lot of money" On Mon, 27 Jul 1998, Brett Glass wrote: >At 06:14 PM 7/27/98 -0400, Greg Pavelcak wrote: > >>> If I were a cracker, the first thing I'd try would be to scan IP >>> ranges known to belong to large ISPs' dialup servers, precisely for >>> that reason (and also because there's a much higher chance of finding >>> machines run by inexperienced or careless people there than amongst >>> permanently connected hosts) >> >>Hmm, major universities for example? (He asks through his UMass >>PPP account.) > >Major universities often have LOTS of holes. Many haven't patched that >Annex server problem, and a few even have *wide open* PPP connections >that anyone can use if he or she knows some basic terminal server >commands. > >All dial-ins should be carefully firewalled against exploits. We use >SLiRP running on FreeBSD, which is highly effective as a protective layer. >(See, we're not such slouches on security, even if our mail server WAS hit >by the QPopper exploit.) > >--Brett > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-chat" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.96.980727160713.8287A-100000>