Re: question on network security

To: "James D. Freels" <fea@fea.rrd.ornl.gov>
Cc: Debian User List <debian-user@lists.debian.org>
Subject: Re: question on network security
From: dpk <dpk@egr.msu.edu>
Date: Wed, 10 Sep 1997 10:28:11 -0400 (EDT)
Message-id: <[🔎] Pine.GSO.3.96.970910102046.2541A-100000@recs>
In-reply-to: <[🔎] m0x8n5E-000JmzC@fea.rrd.ornl.gov>

The Unix workstations in your work environment are running what is called
"NIS".  This allows for machines to collectively share information between
one another, like password files, disks, etc.   I would ask around to see
if your machine is in 'netgroups'.  Netgroups is basically a list of
trusted machines on your NIS server, somewhat of a domain controller.  If
you are in that list, other machines will request information from yours.
I would not be weary over these 'attacks' as they are most likely not from
users, but just NIS broadcasts from related programs/daemons that run from
boot-up. Our Sun machines run NIS+, basically the same as NIS, but more
secure.  My linux box is not in netgroups and I don't get such broadcasts
to my machine.

Dennis

--
dpk <dpk@egr.msu.edu>, Systems/Network         |  work: 353.4844
Division of Enginnering Computing Services     |  page: 222.5875

On Wed, 10 Sep 1997, James D. Freels wrote:

> This is probably not the right forum for this question, but I am
> running on a Debian/GNU machine.  If there is a better mailing list
> or news group for the question, please let me know.
> 
> I am trying to setup my machine as a 'less open' in my corporate
> environment.  I have started by having the entry 'ALL: ALL' in my
> hosts.deny file.  Then I add individual entries in the hosts.allow
> file to gain access to my machine.  This all works as planned.
> 
> However, what I have found is a tremendous number of attempts to gain
> access to my machine that I was unaware of.  Some of them are what I
> was trying to prevent (in less than a day, about 10 www attempts when
> I'm not even set up as an httpd server for example).  But, the large
> majority of the attempts I don't know much about.  Attempts at access
> via daemons ypserv, mountd, 300004, and 300214 with most trying
> ypserv.  These appear to be from SGIs and SUNs which are themselves
> running some type of network protocol which periodically probes the
> network. 
> 
> I would like to eliminate these problems, but don't know where to
> start.  I can add back the problem machines to my hosts.allow file to
> remove the error messages from my log file.  This confirms that they
> are the problems, but doesn't fix the problem.
> 
> -- 
> /------------------------------------------------------------------\
> | James D. Freels, P.E._i, Ph.D.  | Phone:  (423)576-8645  |   | L |
> | Oak Ridge National Laboratory   | FAX:    (423)574-9172  | H | I |
> | Research Reactors Division      | work e-m: fea@ornl.gov | F | N |
> | P. O. Box 2008                  | home e-m: fea@icx.net  | I | U |
> | Oak Ridge, Tennessee 37831-6392 | world's best neutrons! | R | X |
> \------------------------------------------------------------------/
> 
> 
> --
> TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
> debian-user-request@lists.debian.org . 
> Trouble?  e-mail to templin@bucknell.edu .
> 
> 


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- question on network security
  - From: "James D. Freels" <fea@fea.rrd.ornl.gov>

Prev by Date: Re: How to set up packages?
Next by Date: Problem: smail doesn't transport mail
Previous by thread: question on network security
Next by thread: root and .rhosts file
Index(es):
- Date
- Thread