Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > FreeBSD Security> 1999-q3

FreeBSD Security Archives: Re: hole(s) in default rc.firewall r

Re: hole(s) in default rc.firewall rules

Giorgos Keramidas (keramidaceid.upatras.gr)
03 Nov 1999 18:07:04 +0200

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Peter Jeremy: "Re: Examining FBSD set[ug]ids and their use"
Previous message: Michael Bryan: "Fwd: Sendmail 8.x.x - any user may rebuild aliases database"

Adam Laurie <adamalgroup.co.uk> writes:

> And for those that don't think this is a serious issue...
>
> Get a copy of netcat. Make sure syslogd is running in default mode (i.e.
> without "-s" option) on the target "firewalled" server. Run the
> following command on a machine outside the firewall:
>
> nc -u -p 53 -n [firewalled-server-ip] 514
>
> and type some text in. Now go and tail /var/log/messages on the target
> server, and you'll see the text that has just walked through your
> firewall. I leave it as an exercise for the reader to exploit an NFS
> mount in a similar fashion...

I don't know how well this would work in a larger environment, but I
have set up my private named to forward queries to a couple of "trusted"
name servers outside the firewall. Then I added rules that accept only
udp packets originating from these two hosts (port 53), and the usual
"deny all from any to any" catches the rest.

Someone might also have the IP addresses of root-dns servers be
accepted as well.

Oh, and another little bit. I have only recently brought up a small
document that describes to the freebsd-newbies of my local area some
parts of ipfw usage. I am a newbie in freebsd myself too, therefore I
would be interested in any comments regarding this page, especially
about things that are considered 'insecure' and are recommended there.

The page is located at:

<http://students.ceid.upatras.gr/~keramida/freebsd/ipfw.html>

-- Giorgos Keramidas, <keramida

ceid.upatras.gr> "What we have to learn to do, we learn by doing." [Aristotle]

To Unsubscribe: send mail to majordomoFreeBSD.org with "unsubscribe freebsd-security" in the body of the message

Next message: Peter Jeremy: "Re: Examining FBSD set[ug]ids and their use"
Previous message: Michael Bryan: "Fwd: Sendmail 8.x.x - any user may rebuild aliases database"

This archive was generated by hypermail 2.0b3 on Wed Nov 03 1999 - 15:30:17 CST