[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Telnet - Access Denied Message

> <snippo>
> >You could also modify /etc/inetd.conf so that whenever someone
> >"telnets"
> >port 23 they automaticly get /bin/badsh but I don't reccomend it for
> >security reasons.
>
> Zeffie, would you please comment on the reasons that such actions
> represent a security risk?

Well it causes problems with the big plan... At leaset questions in my mind
that I have not determined the answers to.  Normally it is good to turn off
telnet which I belive coblat accomplishes by overwriting the file at
/etc/inetd.conf and at this time I'm not postive you could change from
telnet off to telnet on... which we need when ssh takes a dump on us.

As far as a security problem I see it this way.  If the port is shut off a
person would get nothing at all.  And by placing bad shell there you are
giving them
1. A connection to work with
2. A Program that previsoly only verified users on the system got.
3. The oppertunity to think about what they have as opposed to nothing.

Now if we did work to adjust the inetd.conf files I would perfer not to give
them a message but instead adjust the servers routing to "reject" them.  But
this is dangerous too.  You could reject yourself from your own box...
(Nothing new)

> I could see changing the "Cobalt Server" part, after all, why announce
> what could be the "keys to the castle" for Johnny Hacker.

Why say anything to johnny?  If he finds nothing he thinks it's nothing.
I think it's called "security by obscurity"

> Beyond that, I don't know enough to truly understand the implications
> from a security standpoint.
> Regards,
> -Colin
> --
> Colin J. Raven
>
>
> _______________________________________________
> cobalt-users mailing list
> cobalt-users@xxxxxxxxxxxxxxx
> To Subscribe or Unsubscribe, please go to:
> http://list.cobalt.com/mailman/listinfo/cobalt-users
>