RE: Access to well-known ports on Win2K
From: Raghu Chinthoju (chraghu@hyd.wilco-int.com)Date: 10/31/02
- Previous message: Laura A. Robinson: "RE: Priviledge escalation attack"
- Maybe in reply to: Rangan, Govindaraj: "RE: Access to well-known ports on Win2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Raghu Chinthoju <chraghu@hyd.wilco-int.com> To: "'Rangan, Govindaraj'" <govindr@ti.com>, "'focus-ms@securityfocus.com'" <focus-ms@securityfocus.com> Date: Fri, 1 Nov 2002 02:45:45 +0530
Not only on 2K, in all OS of M$, any user can open sockets using source
ports < 1024. In all the UX flavors (as far as I know), this kind of
security has been implemented since the primitive builds of the kernel.
I understand that your requirement is to allow only specific users on
windows machine to be able to rsh to the solaris hosts.. This you can
achieve by configuring hosts.equiv (or .rhosts) to allow only that specific
users on that particular host to rsh. For example, you want to allow "xuser"
on host "yhost" to rsh to a machine, then put "yhost xuser" in that
machine's hosts.equiv or .rhosts file. This should solve your problem?
Raghu.
-----Original Message-----
From: Rangan, Govindaraj [mailto:govindr@ti.com]
Sent: Thursday, October 31, 2002 10:29 AM
To: 'focus-ms@securityfocus.com'
Subject: RE: Access to well-known ports on Win2K
Hi All,
Greetings.
Do all users on Win2K have access to the well-known ports? This
question arose when I was doing some security tests in a heterogeneous
environment with Windows and Solaris boxes. Solaris RSHD's only security is
that before allowing access, it checks the source host and source tcp port.
The host should be in hosts.equiv or .rhosts and the source tcp port should
be one of well known ports (0-1023). The rsh client is a setuid script and
starts as root. However on Windows 2000, it is possible for any user (not
necessarily an admin user) to open a "well known port" to connect to any
rshd.
Can we restrict access to well known ports to a certain user or
group? If not, the secure way is that Solaris hosts shouldn't trust Windows
hosts. Your help in resolving this is highly appreciated.
Regards,
Govind
This message is confidential and may also be legally privileged. If you are not the intended recipient, please notify postmaster@wilco-int.com immediately. You should not copy it or use it for any purpose, nor disclose its contents to any other person. The views and opinions expressed in this e-mail message are the author's own and may not reflect the views and opinions of Wilco.
- Previous message: Laura A. Robinson: "RE: Priviledge escalation attack"
- Maybe in reply to: Rangan, Govindaraj: "RE: Access to well-known ports on Win2K"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
