[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Should I be worried?

Subject: RE: [cobalt-security] Should I be worried?
From: "Drage, Nicholas" <nickd@xxxxxxxxx>
Date: Tue, 26 Jun 2001 11:56:43 +0100
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> > I have  installed IPChains, Portsentry, Logcheck on my Raq 
> > 4 server. I am no genious when it comes to security! Today I received
the 
> > following with Logcheck. I have no customers etc. in Belgium(be)!

> > Unusual System Events
> > =-=-=-=-=-=-=-=-=-=-=
> > Jun 25 11:56:21 ns proftpd[14227]: 212.67.197.38
> > (212.68.195.60.brutele.be[212.68.195.60]) - FTP session opened.
> > Jun 25 11:56:22 ns proftpd[14228]: ns.achieve-it.com
> > (212.68.195.60.brutele.be[212.68.195.60]) - FTP session opened.
> 
> if it still concerns you you can ipchain them to denied land....

Note that on the RaQ3 you can control access to ProFTPD using tcp wrappers,
if you want to use that as a simply method of firewalling off access to the
daemon than IPChains, or if you want strength in depth, which is always a
good idea.  I would presume the RaQ4 is the same....

-- 
Nick Drage - Security Architecture - Demon Internet - Thus PLC

Prev by Date: RE: [cobalt-security] Advanced warning
Next by Date: [cobalt-security] It's nice
Previous by thread: Re: [cobalt-security] Should I be worried?
Next by thread: [cobalt-security] Should I be worried?

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index