mailing list archives
Re: Livingston bugs...
From: angio () aros net (Dave Andersen)
Date: Tue, 12 Sep 1995 14:50:55 -0600
Lo and behold, Jay 'Whip' Grizzard once said:
I, personally, can't understand such a passive attitude on the part of
Livingston -- I personally would call a bug where you can crash virtually
anyone's network connection, from virtually anywhere in the world, to be
a major bug. Maybe it's just me...
Because there's an easy solution to it which you've mentioned below:
ObBugTraq: Apparently (at least, under limited testing), putting up a filter
to prevent folks from getting to your login port from the outside world
will protect you -- Except I don't _want_ to have to start filtering things
out, and in some circuimstances (backbone routers, etc), it's not exactly
a viable option. Do YOU want to have the bandwith of several T1's all
running through a filter before they get off the router? No, thanks...
Not necessarily. Setting up a really simple filter to disallow
telnets to the portmaster itself is a very trivial option, and has been
discussed at _great_ length with many examples on the portmaster-users
mailing list. Something as simple as
----- Quote from Carl Rigney @ livingston -----
add filter notelnet.in
set filter notelnet.in 1 permit 192.168.2.0/24 192.168.2.2/32 tcp dst eq 23 log
set filter notelnet.in 2 deny 0.0.0.0/0 192.168.2.2/32 tcp dst eq 23 log
set filter notelnet.in 3 permit
set ether0 ifilter notelnet.in
If you're having problems with your dial-in users doing this, you can
block that too by adding the following RADIUS attribute:
Framed-Filter-Id = "notelnet"
------- end quote -----------
will solve that problem and any other possible "telnetting to the
portmaster and doing <blah blah blah>" problem.
angio () aros net Complete virtual hosting and business-oriented
system administration internet services. (WWW, FTP, email)