home *** CD-ROM | disk | FTP | other *** search
- Newsgroups: comp.sys.novell
- Path: sparky!uunet!pmafire!mica.inel.gov!ux1!fcom.cc.utah.edu!park.uvcc.edu!ns.novell.com!jdsmith.Test.NPD.Provo.Novell.COM!jdsmith
- From: jdsmith@novell.com (Doug Smith)
- Subject: Re: Hack.exe
- Message-ID: <jdsmith.50.722206331@novell.com>
- Sender: usenet@Novell.COM (Usenet News)
- Nntp-Posting-Host: jdsmith.test.npd.provo.novell.com
- Organization: Novell NPD
- References: <1992Nov19.120307@is.morgan.com> <7168@news.duke.edu>
- Date: Thu, 19 Nov 1992 20:52:11 GMT
- Lines: 36
-
- In article <7168@news.duke.edu> low00001@bullnext.mc.duke.edu (Richard Low) writes:
- >From: low00001@bullnext.mc.duke.edu (Richard Low)
- >Subject: Re: Hack.exe
- >Date: 19 Nov 92 18:57:43 GMT
- >In article <1992Nov19.120307@is.morgan.com> mpiet@is.morgan.com (Mark
- >Pietrasanta) writes:
- >> I agree! I wrote one of the two NLM's that can be used to break into a
- >> Novell Server. There is no plug for this, other than securing your
- >> console so the NLM can't be loaded (via direct, RCONSOLE, or XCONSOLE).
- >>
- >> Want me to talk details? I provided source code to a lot of people on
- >> CompuServe a while ago. It's really quite simple.
- >>
- >> More to follow if requested...
- >> --
- >> Mark Pietrasanta - mpiet@is.morgan.com
- >> * * * * * * * * *
- >
- >The basic premise behind server security is physically securing the box.
- >Getting into a server by loading an NLM is pretty simple, you just have to
- >keep prying hands off your server. I mean, anybody can cause damage by
- >just pulling the plug!
- >
- >--
- >Richard Low
- >Duke University Medical Center
- >low00001@bullnext.mc.duke.edu
- >NeXT Mail welcome
-
- Also, you can secure the console (via a password). This restricts NLMs from
- being loaded from anywhere except SYS:SYSTEM. If your users don't have
- access to this subdirectory, such an NLM can't be used.
-
- Doug Smith
- Novell
- jdsmith@novell.com
-
