Re: ACC's 'Tigris' Access Terminal server security vunerability..

From: Patrik Backstrom (pbat_private)
Date: Sun Jan 03 1999 - 15:15:07 PST

Next message: Eivind Eklund: "Re: FreeBSD 2.2.5 Security problem"

Previous message: Jason Young: "Re: FreeBSD 2.2.5 Security problem"
Maybe in reply to: Robert Thomas: "ACC's 'Tigris' Access Terminal server security vunerability.."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Sun, 3 Jan 1999, Robert Thomas wrote:

I have almost daily contact with ACC's technicians, and i'll make sure
they receive the information, first thing tomorrow morning.

For now, a quick workaround is to restrict telnet access to only the hosts
(or networks) which should be allowed access. Also, it's a good idea to
restrict SNMP and HTTP access to the router.

Issue the following commands:

ADD ACCESS ENTRY <network> <netmask> 23 TELNET
ADD ACCESS ENTRY <network> <netmask> 80 HTTP
ADD ACCESS ENTRY <network> <netmask> 0 PUBLIC

Regarding source routing, it's only enabled if you have a source routing
entry for the physical port, like:

ADD SR PORT ENTRY ETHERNET 1 J7.1
SET SR PORT STATE 1 ENABLED

You can easily disable source routing for the port by typing

SET SR PORT STATE <num> DISABLED

To check if you have source routing configuration in the box, type:

SHOW SR

Hope this helps.

/pb

            [ Boycott Microsoft -- http://www.vcnet.com/bms ]

Next message: Eivind Eklund: "Re: FreeBSD 2.2.5 Security problem"
Previous message: Jason Young: "Re: FreeBSD 2.2.5 Security problem"
Maybe in reply to: Robert Thomas: "ACC's 'Tigris' Access Terminal server security vunerability.."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:27:11 PDT