[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] another suggestion: security improvements

Subject: Re: [cobalt-security] another suggestion: security improvements
From: Chris Adams <cmadams@xxxxxxxxxx>
Date: Fri, 15 Sep 2000 15:55:48 -0500

Once upon a time, Florian Effenberger <florian.effenberger@xxxxxxxxxxxxx> said:
> I have another suggestion: more security improvements. The admin user
> should get a message (if he enables it), when a
> 
> * POP3
> * telnet
> * su
> * SMTP
> * IMAP
> * FTP
> * WEB/htaccess
> 
> failure logon occurs. Example: someone tries logging in as root/admin
> via telnet with the wrong password -> mail is being sent to the
> administrator.

That would be a _very_ bad idea, for several reasons.  If you did that,
I could have a very simple denial of service attack against your
network.  Simply try to connect in with a bogus username repeatedly, and
your mailbox (and mailserver) will overload.

Also, you realize that htaccess _always_ fails the first time; that is
how the web browser knows to ask for a password.
-- 
Chris Adams <cmadams@xxxxxxxxxx>
Systems and Network Administrator - HiWAAY Information Services
I don't speak for anybody but myself - that's enough trouble.

Follow-Ups:
- Re[2]: [cobalt-security] another suggestion: security improvements
  - From: Florian Effenberger

References:
- [cobalt-security] another suggestion: security improvements
  - From: Florian Effenberger

Prev by Date: RE: [cobalt-security] suggestion: chmod the files
Next by Date: Re[2]: [cobalt-security] another suggestion: security improvements
Previous by thread: [cobalt-security] another suggestion: security improvements
Next by thread: Re[2]: [cobalt-security] another suggestion: security improvements

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index