[657] in bugtraq
Re: Sol2.x Mouse EXPLOIT info - CORRECTION
daemon@ATHENA.MIT.EDU (Christopher Klaus)
Tue Jan 17 22:51:28 1995
From: Christopher Klaus <cklaus@shadow.net>
To: jsz@ramon.bgu.ac.il (jsz)
Date: Tue, 17 Jan 1995 21:22:25 -0500 (EST)
Cc: cklaus@shadow.net, neil@legless.demon.co.uk, karl@bagpuss.demon.co.uk,
bugtraq@fc.net
In-Reply-To: <9501172015.AA04802@ramon.bgu.ac.il> from "jsz" at Jan 17, 95 10:15:27 pm
>
> Why ifconfig never shows up PROMISC flag on 2.X, even if it *is* in PROMISC
> mode ?
Sun has already acknowledged that their interface drivers do not support
a promisc flag and it will be awhile before it is incorporated (if ever?).
HP-UX is the only Unix vendor that I think that does not use a
promiscuous interface. If you are relying on ifconfig to test for
sniffers, many intruders already replace ifconfig. A decent solution
that more vendors should incorporate is S/key will stop much of the
compromising due to sniffed passwords.
>
> What's up with a "+" in /etc/hosts.equiv in Solaris 1.1.2 aka 4.1.4, or
Here is an example of a well known vulnerability that everyone has complained
about once and it still persists after How many years?
> Why DEC ships off Ultrix 4.X with a weirdo /.rhosts which contains --
> "# @(#).rhosts 8.1 Ultrix 9/18/92" (taken out of 4.4 ult)
The same problem exists where vendor has shipped or the admin has added #
comments to hosts.equiv. It's easy for an intruder to change the hostname
to # and then he is assumed coming from a trusted site.
> Why can't you make mountd on Ultrix 4.X reject mount requests from
> non-privileged ports? turning on "nfsportmon" in the kernel doesn't
> quite do the job properly. Things that make you go hmmm...
Install a good portmapper so that remote hosts can't easily find what port
mountd is on. A better solution is to make sure that your routers kill
all NFS packets from remote nets.
--
Christopher William Klaus Voice: (404)518-0099. Fax: (404)518-0030
Internet Security Systems, Inc. Computer Security Consulting
2209 Summit Place Drive, Atlanta, GA. 30350-2450.
