[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: security holes

To: Tomas Kraus <kratz@xxxxxxxxxxx>
Subject: Re: security holes
From: Krome Plasma <krome@xxxxxxxxxxxxxx>
Date: Thu, 20 Jan 2000 11:59:43 +0100
Cc: Tom Kwong <tkwong@xxxxxxxxx>, ircd-users@xxxxxxx
Delivered-to: ircd-users-out@irc.org
Delivered-to: ircd-users@irc.org
In-reply-to: <XFMail.000120112713.kratz@internet.cz>; from kratz@internet.cz on Thu, Jan 20, 2000 at 11:27:13AM +0100
References: <38855F0C.BE0B5994@2link.net> <XFMail.000120112713.kratz@internet.cz>

On Thu, Jan 20, 2000 at 11:27:13AM +0100, Tomas Kraus wrote:
> Well ... :)
> Many of us run ircd on i386 (Linux, FreeBSD, ...) and i haven't seen hacked
> i386 servers using some security hole in ircd.
> My computer was hacked few months ago because of holes in HP-UX so I moved to
> FreeBSD with only ssh+libwrap, sendmail+libwrap, icmp/pop3+libwrap and only few
> IPs in hosts.allow ...and with ircd without libwrap opened for *.cz,*.sk,*.at
> Hackers are still trying to get in ...but seems they still don't know how to
> do it. :)
> So ...comment out what you can (and also what you can not :) in inetd.conf
> ...or better to use xinetd as i do?, add tcp wrappers, add libwrap into
> everything you can and belive only to few ident@IPs. 
> 
>                                              Kratz
> 
> 
> On 19-Jan-00 Tom Kwong wrote:
> > Hi!
> > 
> > I am trying to get ircd running on my linux box.  Some people told me
> > that ircd has many security holes.  Is that true?  And, if so, where can
> > I find the details about that?  Thanks!
> > 
> > Tom
> 
> ----------------------------------
> E-Mail: Tomas Kraus <kratz@xxxxxxxxxxx>
> Date: 20-Jan-00
> Time: 11:15:42
> 
> This message was sent by XFMail
> ----------------------------------
> 

Hmm.. I foundout that best way to secure it is to just put up a damn firewall or directly on router.
You can run anything you want then, with good firewall. Tho we should have some sort of security team
That's checking irc servers periodically. Anyway open ports on ircd should be only: ssh/irc/ident and
maybe some mailer. But that's all there should be, not that I try to force anyone but its safe for all
of us. Last time I saw *.hr server linked it had like 20 ports open, I think that that's really stupid.
Admins who cannot take atleast time to do: netstat -a |less shouldn't be running one on our net. But
that's just my humble opinion.

cya
-- 

PGP Public Keys:
	- (finger://fusion.unit.cc/krome)
	- (hkp://horowitz.surfnet.nl/krome@xxxxxxx)

Krome Plasma [krome@xxxxxxx]

References:
- security holes
  - From: Tom Kwong
- RE: security holes
  - From: Tomas Kraus

Prev by Date: RE: security holes
Next by Date: ircd administration
Previous by thread: RE: security holes
Next by thread: ircd administration
Index(es):
- Date
- Thread