Slashdot Mirror

← Back to Users

User: zombieproc

zombieproc's activity in the archive.

Stories
0
Comments
2
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 2

  1. Re:telnetd NOT on "by default" in Solaris 10 on Solaris Telnet 0-day vulnerability · · Score: 1

    1. It seems to me that the best thing to do is make sure CONSOLE=/dev/console is in /etc/default/login and not commented out. Force all who need to login directly as root to do so via the system console. Otherwise do an "su" or install "sudo".

    2. Disable telnet. Use SSH. Make it a mandatory policy, no ifs ands or buts. Who in their right mind would run telnet on an Internet attached server? Believe it or not, my company's CorpSec would. So that when we need remote access when on-call we use an RSA keychain fob to authenticate. But everything we do in cleartext and they can read what we do. Which why they won't allow SSH through the firewall. --

  2. Solaris 10: Simple fix to this on Solaris Telnet 0-day vulnerability · · Score: 1

    There are simple ways to secure this:

    I have CONSOLE=/dev/console set in /etc/default/login.

    telnet -l"-froot" 10.24.47.9
    Trying 10.24.47.9...
    Connected to 10.24.47.9.
    Escape character is '^]'.
    Not on system console
    Connection closed by foreign host.


    And turn off telnet. Do: svcadm disable svc:/network/telnet:default as root.

    And yes! It is STILL BETTER THAN P.O.S. Windoze!!!
    --
    Zombie Proc