RE: RE:restricting outbound access?

To: howlandc@kvh.co.jp, debian-security@lists.debian.org
Subject: RE: RE:restricting outbound access?
From: "Steve Meyer" <steve11523@hotmail.com>
Date: Wed, 15 May 2002 22:29:00 -0500
Message-id: <[🔎] F137SpCimt3rVvkmsus0001f7d5@hotmail.com>

That has been done already the only problem is people compile there ownexecutables. I run a server for kids at a local school and you know howsome kids can be. I have already had to ban several users for compilingscripts to launch attacks on other machines. I strictly enforce thereacceptable use agreement through the school but sometimes that just isn'tenough.

From: "Howland, Curtis" <howlandc@kvh.co.jp>
To: "Steve Meyer" <steve11523@hotmail.com>,<debian-security@lists.debian.org>
Subject: RE: restricting outbound access?
Date: Thu, 16 May 2002 11:59:05 +0900
MIME-Version: 1.0
Received: from [65.125.64.134] by hotmail.com (3.2) with ESMTP idMHotMailBEAC6C63003A40043197417D40860C4B0; Wed, 15 May 2002 20:03:01 -0700
Received: (qmail 624 invoked by uid 38); 16 May 2002 03:01:57 -0000
Received: (qmail 589 invoked from network); 16 May 2002 03:01:57 -0000
Received: from gw-jp101e.kvh.co.jp (61.120.193.20) by murphy.debian.orgwith SMTP; 16 May 2002 03:01:57 -0000Received: (from smtp@localhost)by gw-jp101e.kvh.co.jp (8.8.7/8.8.7) idMAA21397;Thu, 16 May 2002 12:01:28 +0900 (JST)Received: from jpkvhms1(192.168.0.210) by gw-jp101e via smap (V2.0)idxma021389; Thu, 16 May 02 12:01:23 +0900Received: from jpkvhms2.tel.kvh.co.jp ([192.168.0.211]) byjpkvhms1.tel.kvh.co.jp with Microsoft SMTPSVC(5.0.2195.4453); Thu, 16 May2002 12:01:33 +0900
From bounce-debian-security Wed, 15 May 2002 20:03:50 -0700
X-Envelope-Sender: howlandc@kvh.co.jp
content-class: urn:content-classes:message
X-MimeOLE: Produced By Microsoft Exchange V6.0.5762.3
Message-ID: <[🔎] FBBD2DD3FF1ECA42817E762126D2FB0E05CAE4@jpkvhms2.tel.kvh.co.jp>
Thread-Topic: restricting outbound access?
Thread-Index: AcH8hB0bx6zNtQf+T+OgiE0K7RywbQAAHQ9Q
X-OriginalArrivalTime: 16 May 2002 03:01:33.0254 (UTC)FILETIME=[FC0B6660:01C1FC85]
Resent-Message-ID: <zvJnNB.A.nJ.lEy48@murphy>
Resent-From: debian-security@lists.debian.org
X-Mailing-List: <debian-security@lists.debian.org> archive/latest/7287
X-Loop: debian-security@lists.debian.org
List-Post: <mailto:debian-security@lists.debian.org>
List-Help: <mailto:debian-security-request@lists.debian.org?subject=help>
List-Subscribe:<mailto:debian-security-request@lists.debian.org?subject=subscribe>List-Unsubscribe:<mailto:debian-security-request@lists.debian.org?subject=unsubscribe>
Precedence: list
Resent-Sender: debian-security-request@lists.debian.org

How about group access privileges on the offending executables?

Seems to me to be the natural method of restricting access to stuff.

Curt-

> I have a question.  Is there any way to restrict outbound
> access for all but
> a few users?  I know with iptables you can block outbound
> traffic completely
> but that wont work in my situation.  There are about 150
> users of my server
> and only 3 of them need outbound access so I am kind of in a sticky
> situation.  Any help would be greatly appreciated.
>
> Thanks in advance
>
> Steve Meyer


--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contactlistmaster@lists.debian.org


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.


--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Prev by Date: Re: restricting outbound access?
Next by Date: Re: restricting outbound access?
Previous by thread: RE: restricting outbound access?
Next by thread: strange log.
Index(es):
- Date
- Thread