Date: Sun, 22 Nov 1998 22:44:32 -0800 (PST) From: Marc Slemko <marcs@znep.com> To: Don Lewis <Don.Lewis@tsc.tdk.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: Would this make FreeBSD more secure? Message-ID: <Pine.BSF.4.05.9811222233240.19474-100000@alive.znep.com> In-Reply-To: <199811220523.VAA00366@salsa.gv.tsc.tdk.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 21 Nov 1998, Don Lewis wrote: > On Nov 17, 9:31am, Marc Slemko wrote: > } Subject: Re: Would this make FreeBSD more secure? > > } Say, for example, you have a MX record pointing to a server that does have > } privileged ports. That means that, even if the mail server does crash or > } stop listening on the port, any old user can't just bind to the port and > } steal mail. > > Even better would be to quickly make enough connections to tcp port 23 > (telnet) so that inetd decides this service is looping and shuts it down. > Then you can bind a socket to port 23 and harvest user names and passwords. Right, there are lots of ways to do this sort of thing. sendmail does it too, by default, if you push the load average too high, which is esay to do. Although you should note that a while ago, after I pointed out how easy this sort of thing is, Theo de Raadt implemented (after a few false starts I think) a change in OpenBSD inetd that doesn't close the socket, just starts accepting then dropping connections to it. I think this change was finished, although it may not have been. It is arguable if this is a good or bad thing. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.05.9811222233240.19474-100000>