[27309] in North American Network Operators' Group
Re: Cisco says attacks are due to operational practices
daemon@ATHENA.MIT.EDU (adrian@creative.net.au)
Fri Feb 11 14:17:17 2000
From: adrian@creative.net.au
Date: Sat, 12 Feb 2000 03:07:25 +0800
To: nanog@merit.edu
Message-ID: <20000212030724.E82000@ewok.creative.net.au>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
In-Reply-To: <38A45BC0.73084959@pluris.com>; from Bora Akyol on Fri, Feb 11, 2000 at 10:58:08AM -0800
Errors-To: owner-nanog-outgoing@merit.edu
On Fri, Feb 11, 2000, Bora Akyol wrote:
>
> Unfortunately, ssh on linux regularly assigns ports when ssh'ing out from a box
> below 1024, I think this is a bug, but make writing firewall commands annoying.
>
> Bora
Its not a bug, its a leftover from rsh days - if the connection originates
from a port below 1024, you could assume *cough* that the credentials the
connection supplies are authentic, since the process needs to be root to
bind to ports < 1024.
This isn't a "but thats flawed!" discussion seed, take that to bugtraq.
There's a flag to ssh somewhere to stop it doing that. Yup, -P .
Adrian
