Re: Internet Worm

• Messages sorted by: [ date ][ thread ][ subject ][ author ]
• Next message: Fred Kuhns: "Re: r commands"
• Previous message: Perry E. Metzger: "Re: r commands"
• In reply to: Steve Davis: "Re: Internet Worm"
• Next in thread: David Miller: "Re: Internet Worm"

Steve Davis writes:
> 
> Various methods of making users' and administrators' lives a pain
> deleted.
> 
> Brett Lymn writes:
> 
> > This should stop the user creating a .rhosts file as there is a
> > directory there with that name.  
> 
> Seems to me that we would all be better served by running daemons that
> don't trust the user to determine valid remote authentication.  Why not
> fix the r-daemons and login to ignore these files?  This is certainly
> possible if a) you have source, and b) you're a competant enough
> programmer to #ifdef the necessary bits of code into oblivion.
> 
> Unfortunatly, a) is rarely true.  It'd be nice if vendors would ship
> their products secure.

How about logdaemon by Wietse Venema, it has replacements for rlogind,
rshd, rexecd, ftpd and telnetd.  In addition to improved logging you can
disable the .rhosts files.  Plus he has added support for S/Key one-time
passwords. 

fred
-- 

• Next message: Fred Kuhns: "Re: r commands"
• Previous message: Perry E. Metzger: "Re: r commands"
• In reply to: Steve Davis: "Re: Internet Worm"
• Next in thread: David Miller: "Re: Internet Worm"