[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: RE:restricting outbound access?



That has been done already the only problem is people compile there own executables. I run a server for kids at a local school and you know how some kids can be. I have already had to ban several users for compiling scripts to launch attacks on other machines. I strictly enforce there acceptable use agreement through the school but sometimes that just isn't enough.


From: "Howland, Curtis" <howlandc@kvh.co.jp>
To: "Steve Meyer" <steve11523@hotmail.com>, <debian-security@lists.debian.org>
Subject: RE: restricting outbound access?
Date: Thu, 16 May 2002 11:59:05 +0900
MIME-Version: 1.0
Received: from [65.125.64.134] by hotmail.com (3.2) with ESMTP id MHotMailBEAC6C63003A40043197417D40860C4B0; Wed, 15 May 2002 20:03:01 -0700
Received: (qmail 624 invoked by uid 38); 16 May 2002 03:01:57 -0000
Received: (qmail 589 invoked from network); 16 May 2002 03:01:57 -0000
Received: from gw-jp101e.kvh.co.jp (61.120.193.20) by murphy.debian.org with SMTP; 16 May 2002 03:01:57 -0000 Received: (from smtp@localhost)by gw-jp101e.kvh.co.jp (8.8.7/8.8.7) id MAA21397;Thu, 16 May 2002 12:01:28 +0900 (JST) Received: from jpkvhms1(192.168.0.210) by gw-jp101e via smap (V2.0)id xma021389; Thu, 16 May 02 12:01:23 +0900 Received: from jpkvhms2.tel.kvh.co.jp ([192.168.0.211]) by jpkvhms1.tel.kvh.co.jp with Microsoft SMTPSVC(5.0.2195.4453); Thu, 16 May 2002 12:01:33 +0900
From bounce-debian-security Wed, 15 May 2002 20:03:50 -0700
X-Envelope-Sender: howlandc@kvh.co.jp
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Message-ID: <FBBD2DD3FF1ECA42817E762126D2FB0E05CAE4@jpkvhms2.tel.kvh.co.jp>
Thread-Topic: restricting outbound access?
Thread-Index: AcH8hB0bx6zNtQf+T+OgiE0K7RywbQAAHQ9Q
X-OriginalArrivalTime: 16 May 2002 03:01:33.0254 (UTC) FILETIME=[FC0B6660:01C1FC85]
Resent-Message-ID: <zvJnNB.A.nJ.lEy48@murphy>
Resent-From: debian-security@lists.debian.org
X-Mailing-List: <debian-security@lists.debian.org> archive/latest/7287
X-Loop: debian-security@lists.debian.org
List-Post: <mailto:debian-security@lists.debian.org>
List-Help: <mailto:debian-security-request@lists.debian.org?subject=help>
List-Subscribe: <mailto:debian-security-request@lists.debian.org?subject=subscribe> List-Unsubscribe: <mailto:debian-security-request@lists.debian.org?subject=unsubscribe>
Precedence: list
Resent-Sender: debian-security-request@lists.debian.org

How about group access privileges on the offending executables?

Seems to me to be the natural method of restricting access to stuff.

Curt-

> I have a question.  Is there any way to restrict outbound
> access for all but
> a few users?  I know with iptables you can block outbound
> traffic completely
> but that wont work in my situation.  There are about 150
> users of my server
> and only 3 of them need outbound access so I am kind of in a sticky
> situation.  Any help would be greatly appreciated.
>
> Thanks in advance
>
> Steve Meyer


--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.


--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org



Reply to: