[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Re: cobalt-security digest, Vol 1 #259 - 7 msgs
- Subject: [cobalt-security] Re: cobalt-security digest, Vol 1 #259 - 7 msgs
- From: kcelik@xxxxxxxxxxxxxx
- Date: Sun, 4 Mar 2001 19:35:10 +1100
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Thanks For the comments,
In actuall fact we did do a Portscan and found several ports vulnarable.
These were identdresp,bindvrs all others were ok( We used ISS portsscan
tools)( should be ok )
what we also did was sniff the net witha scope and capture some traces.
Each time we managaed to get almost the start of the conversation and then
we lost the initating packet.
The worry hjere is that the Trin00 deamon can be activated via ICMP aswell
wich makes it even more fustrating as there are tonnes of the packs
floating at anyone time within the network. ARP's ICMP redirectand SNMP
all require ICMP for route determination.
The likely hood of a Sniffer program on our ethernet is minimal as it is
colocated and locked up to anybody but us. we have checked this and it is
impossible.
The bind version we are running is the latest patch from Cobalt. RaQ3-All-Security-4.0.2-9353.pkg. If this is incorrect than Cobalt have something to answer for!!!!!!!
Anyways It seems my only recourse is rebuild . This will take me a while .
So a Question to and for the learned of us. How do I turn off directed
Broadcasts on my Baynetworks ARN router to minimise the UDP traffic being
generated by the cobalt.
I have looked at blocking port 27444 and 27454 slave master ports via
filters on the router but is there more????
Regards KEN
____________________________________________________________________
Kenedi Celik Email: Kcelik@xxxxxxxxxxxxxx
Mob: 04 12 980 980