Login | Register For Free | Help
Search for: (Advanced)

Mailing List Archive: conserver: users

Console server probes from outside

 

 

conserver users RSS feed   Index | Next | Previous | View Threaded


jrj at gandalf

Jun 20, 2002, 10:57 AM

Post #1 of 4 (270 views)
Permalink
Console server probes from outside

My console server is TCP wrappered (duh) and I've noticed several of
these in the past couple of days (all from the same host):

conserver attempt from H-135-104-26-223.research.bell-labs.com

I don't know if it's just a port scan or if they are probing a potential
console server security hole.

Not to start a panic. Just a head's up in case something bad is floating
around out there.

Sigh.

John R. Jackson, Technical Software Specialist, jrj [at] purdue


bryan at conserver

Jun 20, 2002, 12:33 PM

Post #2 of 4 (266 views)
Permalink
Re: Console server probes from outside [In reply to]

On Thu, Jun 20, 2002 at 12:57:01PM -0500, John R. Jackson wrote:
> I don't know if it's just a port scan or if they are probing a potential
> console server security hole.
>
> Not to start a panic. Just a head's up in case something bad is floating
> around out there.

figured i'd throw in my 2 cents...

i want to *strongly* suggest that if you have conserver accessible from
*any* non-trusted network (no matter how small that lack of trust is),
that you use tcp wrappers to protect yourself. yes, via the
conserver.cf file you can list access restrictions and it works just
fine, however, i can't promise that someone would not be able to break
that code or break the code before it and gain access (i really hope
that's not the case, but you have to be cautious). with tcp wrappers,
there's a much higher level of confidence since that package is the
front-line defense of so many things and it's code is always under
scrutiny.

i'm sure there are nasty holes in the code that would allow folks to do
bad things. where they are, i don't know, but it would be silly of me
to think that they didn't exist. if anyone gets the urge to check the
code for stuff like this, i'd suggest looking at the access restriction
stuff so that tcp wrappers weren't a requirement, but just a nice
integration into an existing environment.

Bryan


iainr at dcs

Jun 20, 2002, 12:39 PM

Post #3 of 4 (265 views)
Permalink
Re: Console server probes from outside [In reply to]

John R. Jackson wrote:
> My console server is TCP wrappered (duh) and I've noticed several of
> these in the past couple of days (all from the same host):
>
> conserver attempt from H-135-104-26-223.research.bell-labs.com
>
> I don't know if it's just a port scan or if they are probing a potential
> console server security hole.
>

I take it you've emailed whoevers in charge of security at bell-labs?

of course it could just be a badly configured conserver.cf but it's not
very friendly.





--
Iain Rae Tel:01316505202
Computing Officer JCMB:2148
Division of Informatics
The University of Edinburgh


jrj at gandalf

Jun 20, 2002, 1:15 PM

Post #4 of 4 (265 views)
Permalink
Re: Console server probes from outside [In reply to]

>I take it you've emailed whoevers in charge of security at bell-labs?

Nope. I wouldn't have the faintest idea who to contact.

>Iain Rae

John R. Jackson, Technical Software Specialist, jrj [at] purdue

conserver users RSS feed   Index | Next | Previous | View Threaded
 
 


Interested in having your list archived? Contact Gossamer Threads
 
  Web Applications & Managed Hosting Powered by Gossamer Threads Inc.