Dial-in mgetty line security

To: debian-isp@lists.debian.org, debian-security@lists.debian.org
Subject: Dial-in mgetty line security
From: "Michael W. Shaffer" <mwshaffer@yahoo.com>
Date: Sun, 14 Nov 1999 17:47:28 -0800 (PST)
Message-id: <[🔎] 19991115014728.2018.rocketmail@web213.mail.yahoo.com>

I have recently installed a Linux machine at a remote customer
site to serve as a masquerading firewall/router and various other
things such as SMTP/POP3 spool, DNS cache, etc. I installed two
modems, one for dial-out only to the local ISP and the other which
has a simple mgetty listening on it for remote admin. Since I may 
need to dial in to this machine at unpredictable hours and from
unknown places, I can't really use callback verification or time
limitations to restrict dial-in access. What I have done is create
an /etc/mgetty/login.config file with only the following two lines:

adminname   -   -   /bin/login @
*           -   -   /bin/false

I have set a long and (hopefully) secure password on the 
'adminname' account.

My questions are:

<> Is this adequate to protect from random dialers who might 
stumble on the modem tone and try logging in to this machine?

<> Are there any other routine actions like this I should take
to protect modem lines like this used only for occasional remote
admin?


__________________________________________________
Do You Yahoo!?
Bid and sell for free at http://auctions.yahoo.com

Reply to:

Follow-Ups:
- Re: Dial-in mgetty line security
  - From: Roland Gerlach <roland@rkga.com.au>

Prev by Date: Re: potential DoS of tcplogd in package iplogger
Next by Date: Re: Dial-in mgetty line security
Previous by thread: bind / named
Next by thread: Re: Dial-in mgetty line security
Index(es):
- Date
- Thread