Common remote access attacks

• FTP: do not run anonymous FTP in the same server you have regular accounts and ftp with user authentication. Keep up to date with vulnerabilities (e.g. wu-ftpd, a popular ftp, had a vulnerability in exec). Better yet, only use ssh/scp.

• Sendmail: a very complex mail server (over 80,000 lines of code), which few understand. It is needed in almost all UNIX machines and in most cases should not be disabled. Qmail is a potential replacement.

• Remote Procedure Call: rpcinfo (as root) let us see the running rpc services. Best defense is to limit the use of RPC services to the minimum.

• NFS: do not export the file system to everyone, or enable NFS selectively (not active in the MISLab), files saved locally, not in the network.

• DNS: disable BIND in machines NOT used as DNS servers (type ps aux to see what processes are running, also look for /etc/name.boot). Discussing named is beyond the scope of this course (another difficult daemon to setup safely). Test for buffer overflow using dig @ipnumber version.bind chaos txt

• X Windows: use xhost to add, delete, names and hosts which can access X-Windows. Not a strong line of defense. Again, remove X-Windows from servers

Previous slide

Next slide

Back to first slide

View graphic version