[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-security] Should I be worried?
- Subject: RE: [cobalt-security] Should I be worried?
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Wed, 27 Jun 2001 06:31:56 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
On Wed, 27 Jun 2001, Drage, Nicholas wrote:
> > > We also get heavily probed by Wanadoo is there nothing we
> > > can do about it?
> >
> > block their networks... either at the router, ipchains or hosts.deny
> > (although the last one won't protect against dns, ssh, http
> > and everything outside inetd.conf...)
>
> Not quite true IIRC, OpenSSH as built by Cobalt does support use of
> tcp-wrappers, which is very useful and so worth noting.
>
> ( can't speak for RaQ4's, users are urged to test limiting SSH access by
> using tcpdcheck or a very open ruleset before they lock themselves out of
> their RaQs, I am not speaking on behalf of my employer, accept no liability,
> and so on )
>
> --
> Nick Drage - Security Architecture - Demon Internet - Thus PLC
> "A chieftain who asks the wrong questions always
> hears the wrong answers"
> Leadership Secrets of Attila the Hun
I meant the defaults... the general idea was that it doesn't entirely
block everything (and from all the list, ssh has the least chance to be a
problem, i think)
- shimi.