[CrackMonkey] [dmarti@zgp.org: Re: [svlug] FCEN doing illegal port scanning on your networks?]
Seth David Schoen
schoen at loyalty.org
Wed Apr 12 10:36:17 PDT 2000
----- Forwarded message from Don Marti <dmarti at zgp.org> -----
Date: Wed, 12 Apr 2000 10:13:27 -0700
From: Don Marti <dmarti at zgp.org>
Cc: svlug at svlug.org
Subject: Re: [svlug] FCEN doing illegal port scanning on your networks?
If you provide a service for the rest of the Internet (let's say DNS, so
people can look up hostnames in your domain) then you have to allow a
system on the outside -- let's say mail.svlug.org -- to connect to your
server running, let's say, BIND.
I used to think that you could either use a "firewall" to block access
to DNS on your system (so that you can ignore whether or not your BIND
is secure) OR leave access to DNS open, so that it actually works,
but you have to run a secure installation of BIND.
But now I've found out about the new "magic pixie dust mode" that
allows you to both ignore security and communicate with the rest of
the Internet. This is great! To turn it on, just
echo 1 > /proc/sys/net/firewall/magic-pixie-dust/security
and sell all your security books on eBay. Hooray!
--
Don Marti Join the Great American GAS OUT. Do not buy
dmarti at zgp.org any gas from April 7, 2000 to April 7, 2003
http://zgp.org/~dmarti/
whois DM683 Except gas for burning GIFs: http://burnallgifs.org/
--
echo "unsubscribe svlug" | mail majordomo at svlug.org
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ to unsubscribe
see http://www.svlug.org/mdstuff/lists.shtml for posting guidelines.
----- End forwarded message -----
--
Seth David Schoen <schoen at loyalty.org> | And do not say, I will study when I
Temp. http://www.loyalty.org/~schoen/ | have leisure; for perhaps you will
down: http://www.loyalty.org/ (CAF) | not have leisure. -- Pirke Avot 2:5
More information about the Crackmonkey
mailing list