On Tue, 29 Oct 2002, Francois Sauterey wrote:
> HI,
>
> I'm looking for any craft to secure YP:
>
> I'm working around shadow password and yp.
>
> shadow passwords are stupid if "ypcat passwd" give the encripted passwords !
> Well, I use (in /etc/ypserv):
> * : passwd
On Mon, Oct 28, 2002 at 07:38:38PM -0600, Hanasaki JiJi wrote:
> Too bad there is no way to do a secure handshake w/ an id/password or
> even SecureID cards.
That's the idea behind PPPoE. Yuck.
-B
--
Brandon High [EMAIL PROTECTED]
'98 Kawi ZX-7R "Wasabi", '9
Quoting Andrew Sayers ([EMAIL PROTECTED]):
> In practice, even a very low security barrier will stop the 90% of
> clueless abusers - but (to drag this thread bag on-topic), that's no
> excuse for basing the security of your network on a fundamentally
> insecure way of identifying computers.
Right
Quoting Alvin Oga ([EMAIL PROTECTED]):
> i read all the talkbacks...
> - no definition of rootkit posted in the talkbacks
Look again.
Anyhow, a rootkit is not "anything that allows an un-educated user to
just run that tool to break into other peoples network and machines".
It's something
HI,
I'm looking for any craft to secure YP:
I'm working around shadow password and yp.
shadow passwords are stupid if "ypcat passwd" give the encripted passwords !
Well, I use (in /etc/ypserv):
* : passwd.byname: port : yes
* : passw
On Mon, Oct 28, 2002 at 06:46:47PM -0800, Rick Moen wrote:
>
> >> This confusion has also come up elsewhere, on LinuxToday:
> >> http://linuxtoday.com/news_story.php3?ltsn=2002-09-20-011-26-SC-SV
> >
> > tht just talks about arresting some poor soul ??
>
> Read the talkbacks, at the bottom.
Spe
hi ya rick
On Mon, 28 Oct 2002, Rick Moen wrote:
> Quoting Alvin Oga ([EMAIL PROTECTED]):
> >> Um, Alvin? You might want to look up the definition of "rootkit".
> >
> > my definition ... anything that allows an un-educated user to just
> > run that tool to break into other peoples network and
Quoting Andrew Sayers ([EMAIL PROTECTED]):
> In practice, even a very low security barrier will stop the 90% of
> clueless abusers - but (to drag this thread bag on-topic), that's no
> excuse for basing the security of your network on a fundamentally
> insecure way of identifying computers.
Right
Quoting Alvin Oga ([EMAIL PROTECTED]):
> i read all the talkbacks...
> - no definition of rootkit posted in the talkbacks
Look again.
Anyhow, a rootkit is not "anything that allows an un-educated user to
just run that tool to break into other peoples network and machines".
It's something
Quoting Alvin Oga ([EMAIL PROTECTED]):
>> Um, Alvin? You might want to look up the definition of "rootkit".
>
> my definition ... anything that allows an un-educated user to just
> run that tool to break into other peoples network and machines
> ( there's too many "rootkits" to count )
Tha
Jason Clarke wrote:
> Chuck,
>
> That sounds like a fantastic idea!
>
> Provide some sort of web interface where a student can use a library
> terminal or some such, plug in their MAC ADDR and their student
> number.
>
> I normally don't post a "Good on you jim!" message, but this one has
> set off
hi ya rick
On Mon, 28 Oct 2002, Rick Moen wrote:
> Quoting Alvin Oga ([EMAIL PROTECTED]):
>
> > i think you want at least one level of protection against dhcp
> > - prevent any tom, dick and harry from creating havoc
> > by running their rootkits by connecting their laptop to the
> >
On Mon, Oct 28, 2002 at 06:46:47PM -0800, Rick Moen wrote:
>
> >> This confusion has also come up elsewhere, on LinuxToday:
> >> http://linuxtoday.com/news_story.php3?ltsn=2002-09-20-011-26-SC-SV
> >
> > tht just talks about arresting some poor soul ??
>
> Read the talkbacks, at the bottom.
Spe
Chuck,
That sounds like a fantastic idea!
Provide some sort of web interface where a student can use a library
terminal or some such, plug in their MAC ADDR and their student number.
I normally don't post a "Good on you jim!" message, but this one has set off
ideas left right and centre.
J
Quoting Alvin Oga ([EMAIL PROTECTED]):
> i think you want at least one level of protection against dhcp
> - prevent any tom, dick and harry from creating havoc
> by running their rootkits by connecting their laptop to the
> network
Um, Alvin? You might want to look up the defi
hi ya rick
On Mon, 28 Oct 2002, Rick Moen wrote:
> Quoting Alvin Oga ([EMAIL PROTECTED]):
> >> Um, Alvin? You might want to look up the definition of "rootkit".
> >
> > my definition ... anything that allows an un-educated user to just
> > run that tool to break into other peoples network and
Actually, we have to create a host name when we register out MAC
addresses. This allows the same host name to be resolved to our IP.
-
Chuck Haines
GDC Systems Administrator
Infinity Complex Developer
WPILA Lab Manager
Too bad there is no way to do a secure handshake w/ an id/password or
even SecureID cards.
Any way to make the same host name resolve to your IP irreguardless of
what IP is allocted to your box by dhcp?
Haines, Charles Allen wrote:
Well here at WPI, we have to register each and every MAC add
On 0, Jean Christophe ANDR? <[EMAIL PROTECTED]> wrote:
[snip]
> You may do something like that (needs apt-get install netcat) :
>
> - create a little script /root/spy.sh (just use netstat) :
> #!/bin/sh
> (
> echo "="
> date
> netstat -lnp
> ) >> /root/spy.txt
>
Well here at WPI, we have to register each and every MAC address that we
wish to use on campus. If your MAC address isn't registered, you get no
network. It works the same way with wireless. And to the best of my
knowledge, DHCP is used.
-
Chuck Haines
ik campus
ik
ik
so zilch physical security
you didnt say this in your earlier post, this has severe security
implications, in fact Id suggest you'd be a danger to the internet
I'd suggest a letter to the ppl that want this and tell them of the severe
secuity implications of wha
hi andrew
i think you want at least one level of protection against dhcp
- prevent any tom, dick and harry from creating havoc
by running their rootkits by connecting their laptop to the
network
- it is bad to allow just anybody plug in their laptops
with
Quoting Alvin Oga ([EMAIL PROTECTED]):
>> Um, Alvin? You might want to look up the definition of "rootkit".
>
> my definition ... anything that allows an un-educated user to just
> run that tool to break into other peoples network and machines
> ( there's too many "rootkits" to count )
Tha
I'm not a huge expert on all of this, but here are a couple of
thoughts...
Unless you're monitoring IP/MAC addresses to try and detect
spoofing, knowing a machine's IP address is already useless from a
security POV. Even then, MAC addresses can be spoofed. Given that,
DHCP can't really make thin
Jason Clarke wrote:
> Chuck,
>
> That sounds like a fantastic idea!
>
> Provide some sort of web interface where a student can use a library
> terminal or some such, plug in their MAC ADDR and their student
> number.
>
> I normally don't post a "Good on you jim!" message, but this one has
> set off
hi ya rick
On Mon, 28 Oct 2002, Rick Moen wrote:
> Quoting Alvin Oga ([EMAIL PROTECTED]):
>
> > i think you want at least one level of protection against dhcp
> > - prevent any tom, dick and harry from creating havoc
> > by running their rootkits by connecting their laptop to the
> >
I had the very same thoughts, being a university you can imagine what
physical security is like, plus management wants to give students the
ability to walk on campus and plugin, plus start wireless services too.
>From what people have sent back from my question, I don;t think we will be
any worse
Chuck,
That sounds like a fantastic idea!
Provide some sort of web interface where a student can use a library
terminal or some such, plug in their MAC ADDR and their student number.
I normally don't post a "Good on you jim!" message, but this one has set off
ideas left right and centre.
J
Quoting Alvin Oga ([EMAIL PROTECTED]):
> i think you want at least one level of protection against dhcp
> - prevent any tom, dick and harry from creating havoc
> by running their rootkits by connecting their laptop to the
> network
Um, Alvin? You might want to look up the defi
Actually, we have to create a host name when we register out MAC
addresses. This allows the same host name to be resolved to our IP.
-
Chuck Haines
GDC Systems Administrator
Infinity Complex Developer
WPILA Lab Manager
Too bad there is no way to do a secure handshake w/ an id/password or
even SecureID cards.
Any way to make the same host name resolve to your IP irreguardless of
what IP is allocted to your box by dhcp?
Haines, Charles Allen wrote:
Well here at WPI, we have to register each and every MAC addres
On 0, Jean Christophe ANDR? <[EMAIL PROTECTED]> wrote:
[snip]
> You may do something like that (needs apt-get install netcat) :
>
> - create a little script /root/spy.sh (just use netstat) :
> #!/bin/sh
> (
> echo "="
> date
> netstat -lnp
> ) >> /root/spy.txt
>
Well here at WPI, we have to register each and every MAC address that we
wish to use on campus. If your MAC address isn't registered, you get no
network. It works the same way with wireless. And to the best of my
knowledge, DHCP is used.
-
Chuck Haines
u could set dhcp to give out a fixed address dependant on a mac address,
this would stop just anybody plugging a box into a network, if your network
is physically secure then thats not a worry. (a cat5 jack in reception or
some other public place is dodgy)
Otherwise dhcp makes life easier...its th
ik campus
ik
ik
so zilch physical security
you didnt say this in your earlier post, this has severe security
implications, in fact Id suggest you'd be a danger to the internet
I'd suggest a letter to the ppl that want this and tell them of the severe
secuity implications of wha
As far as I know there's not much to it, my dhcp server was very simple
to set up with very little security options. My only suggestion is just
make sure you have the latest version, and make sure you have the
security updates source in your sources.list file for your dists ie:
deb http://securit
I was hoping someone could help me out here. Currently I am still on a
netowrk using static IP configurationon each machine, we are finally
moving towards DHCP. Are there any security considerations to be made to
ensure there is no gapping security hole. the various howto's I have seen
don;t seem
hi andrew
i think you want at least one level of protection against dhcp
- prevent any tom, dick and harry from creating havoc
by running their rootkits by connecting their laptop to the
network
- it is bad to allow just anybody plug in their laptops
with
I'm not a huge expert on all of this, but here are a couple of
thoughts...
Unless you're monitoring IP/MAC addresses to try and detect
spoofing, knowing a machine's IP address is already useless from a
security POV. Even then, MAC addresses can be spoofed. Given that,
DHCP can't really make thin
I had the very same thoughts, being a university you can imagine what
physical security is like, plus management wants to give students the
ability to walk on campus and plugin, plus start wireless services too.
>From what people have sent back from my question, I don;t think we will be
any worse
u could set dhcp to give out a fixed address dependant on a mac address,
this would stop just anybody plugging a box into a network, if your network
is physically secure then thats not a worry. (a cat5 jack in reception or
some other public place is dodgy)
Otherwise dhcp makes life easier...its th
As far as I know there's not much to it, my dhcp server was very simple
to set up with very little security options. My only suggestion is just
make sure you have the latest version, and make sure you have the
security updates source in your sources.list file for your dists ie:
deb http://securit
I was hoping someone could help me out here. Currently I am still on a
netowrk using static IP configurationon each machine, we are finally
moving towards DHCP. Are there any security considerations to be made to
ensure there is no gapping security hole. the various howto's I have seen
don;t seem
> Jean Christophe ANDRÉ <[EMAIL PROTECTED]> wrote:
> > You said "what would try to connect to my system's port [...] 111
> > from within my own system". I would answer "something that is
> > configured to do so"?
Jussi Ekholm écrivait :
> Yup, but what?
I suggest you to make a little program list
> Jean Christophe ANDRÉ <[EMAIL PROTECTED]> wrote:
> > You said "what would try to connect to my system's port [...] 111
> > from within my own system". I would answer "something that is
> > configured to do so"?
Jussi Ekholm écrivait :
> Yup, but what?
I suggest you to make a little program list
unsuscribe
--
__
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
unsuscribe
--
__
Sign-up for your own FREE Personalized E-mail at Mail.com
http://www.mail.com/?sr=signup
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
47 matches
Mail list logo
