Bugtraq mailing list archives
Re: Internet Worm
From: Fred_Kuhns () npg wustl edu (Fred Kuhns)
Date: Tue, 18 Oct 1994 08:39:17 -0500 (CDT)
Steve Davis writes:
Various methods of making users' and administrators' lives a pain deleted. Brett Lymn writes:This should stop the user creating a .rhosts file as there is a directory there with that name.Seems to me that we would all be better served by running daemons that don't trust the user to determine valid remote authentication. Why not fix the r-daemons and login to ignore these files? This is certainly possible if a) you have source, and b) you're a competant enough programmer to #ifdef the necessary bits of code into oblivion. Unfortunatly, a) is rarely true. It'd be nice if vendors would ship their products secure.
How about logdaemon by Wietse Venema, it has replacements for rlogind, rshd, rexecd, ftpd and telnetd. In addition to improved logging you can disable the .rhosts files. Plus he has added support for S/Key one-time passwords. fred --
Current thread:
- Re: r commands, (continued)
- Re: r commands Perry E. Metzger (Oct 18)
- Re: r commands Fred Kuhns (Oct 18)
- Re: Internet Worm Bennett Todd (Oct 17)
- PLEASE UNSUBSCRIBE Cpt Danger (Aug 20)
- PLEASE UNSUBSCRIBE ME Mike Roemmich x71633 - ESO (Oct 18)
- Re: Internet Worm Julian Assange (Oct 18)
- PLEASE UNSUBSCRIBE ME Mark McPherson (Oct 17)
- Re: Internet Worm Pat Myrto (Oct 17)
- Re: Internet Worm David Miller (Oct 17)
- PLEASE UNSUBSCRIBE Vatsal P. Sonecha (Oct 17)
- Re: Internet Worm Fred Kuhns (Oct 18)
- Internet Worm Source Code Michael S. Hines (Oct 17)
- rhosts (+ REQUEST SNMP bug) James Seng (Oct 17)
- Re: Internet Worm George Hodson (Oct 17)
- Re: Internet Worm Mark W. Eichin (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
- Re: Internet Worm Icarus Sparry (Oct 18)
- Re: Internet Worm F. L. Charles Seeger III (Oct 18)
- Re: Internet Worm jim () Tadpole COM (Oct 18)
- Re: Internet Worm F. L. Charles Seeger III (Oct 19)
- Re: Internet Worm Darragh Nagle (Oct 19)