Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. conserver>
  3. users
Console server probes from outside
jrj at gandalf
Jun 20, 2002, 10:57 AM
Post #1 of 4 (717 views)
Permalink
My console server is TCP wrappered (duh) and I've noticed several of
these in the past couple of days (all from the same host):

conserver attempt from H-135-104-26-223.research.bell-labs.com

I don't know if it's just a port scan or if they are probing a potential
console server security hole.

Not to start a panic. Just a head's up in case something bad is floating
around out there.

Sigh.

John R. Jackson, Technical Software Specialist, jrj@purdue.edu
Re: Console server probes from outside [ In reply to ]
bryan at conserver
Jun 20, 2002, 12:33 PM
Post #2 of 4 (711 views)
Permalink
On Thu, Jun 20, 2002 at 12:57:01PM -0500, John R. Jackson wrote:
> I don't know if it's just a port scan or if they are probing a potential
> console server security hole.
>
> Not to start a panic. Just a head's up in case something bad is floating
> around out there.

figured i'd throw in my 2 cents...

i want to *strongly* suggest that if you have conserver accessible from
*any* non-trusted network (no matter how small that lack of trust is),
that you use tcp wrappers to protect yourself. yes, via the
conserver.cf file you can list access restrictions and it works just
fine, however, i can't promise that someone would not be able to break
that code or break the code before it and gain access (i really hope
that's not the case, but you have to be cautious). with tcp wrappers,
there's a much higher level of confidence since that package is the
front-line defense of so many things and it's code is always under
scrutiny.

i'm sure there are nasty holes in the code that would allow folks to do
bad things. where they are, i don't know, but it would be silly of me
to think that they didn't exist. if anyone gets the urge to check the
code for stuff like this, i'd suggest looking at the access restriction
stuff so that tcp wrappers weren't a requirement, but just a nice
integration into an existing environment.

Bryan
Re: Console server probes from outside [ In reply to ]
iainr at dcs
Jun 20, 2002, 12:39 PM
Post #3 of 4 (712 views)
Permalink
John R. Jackson wrote:
> My console server is TCP wrappered (duh) and I've noticed several of
> these in the past couple of days (all from the same host):
>
> conserver attempt from H-135-104-26-223.research.bell-labs.com
>
> I don't know if it's just a port scan or if they are probing a potential
> console server security hole.
>

I take it you've emailed whoevers in charge of security at bell-labs?

of course it could just be a badly configured conserver.cf but it's not
very friendly.





--
Iain Rae Tel:01316505202
Computing Officer JCMB:2148
Division of Informatics
The University of Edinburgh
Re: Console server probes from outside [ In reply to ]
jrj at gandalf
Jun 20, 2002, 1:15 PM
Post #4 of 4 (708 views)
Permalink
>I take it you've emailed whoevers in charge of security at bell-labs?

Nope. I wouldn't have the faintest idea who to contact.

>Iain Rae

John R. Jackson, Technical Software Specialist, jrj@purdue.edu

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal