[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Another Exploit?!? (different than before)...

Subject: RE: [cobalt-users] Another Exploit?!? (different than before)...
From: "Sim Ayers" <sim@xxxxxxxxxxxx>
Date: Tue Dec 11 19:47:17 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> <sim>
> in.telnetd: ALL EXCEPT .com, .net
> in.proftpd: ALL EXCEPT .com, .net
> </sim>
>
> I think you will want to add "localhost" to these statements...otherwise
> active monitor will not be able to check ftp or telnet...
>
> that or would you add localhost to /etc/hosts.allow
>
> webbcite
>

Yes, your probably right about adding localhost. Didn't even think
about the active monitor with all the login attempts on our server.

The two lines above are suppose to deny any login host that resolves back to
a
hostname ending in one of the iso country codes.
examples:
0x3ef3b9cb.kd4nxx3.adsl-dhcp.tele.dk
ALimoges-101-1-2-216.abo.wanadoo.fr
CB284.DormC.nkfust.edu.tw

It doesn't stop the login host where the hostname doesn't resolve, but it's
a start.

Sim

References:
- RE: [cobalt-users] Another Exploit?!? (different than before)...
  - From: Scott w

Prev by Date: [cobalt-users] ProCPS, Net-tools, Util-Linux
Next by Date: Re: [cobalt-users] RaQ4 - Traffic is spiking!
Previous by thread: RE: [cobalt-users] Another Exploit?!? (different than before)...
Next by thread: RE: [cobalt-users] Another Exploit?!? (different than before)...

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index