Re: Antwort: Re: Antwort: Remote Admin of DMZ
From: gsodusta@rezayat.com.saDate: 11/27/01
- Previous message: Rafael 'Dido' Sevilla: "Re: Squirrel Mail - just how secure it is?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Message-Id: <TFSBFIGW@rezayat.com.sa> From: gsodusta@rezayat.com.sa Date: Tue, 27 Nov 2001 8:57:23 +0300 To: j.mickerts@gmx.net, focus-ms@securityfocus.com, security-basics@securityfocus.com Subject: Re: Antwort: Re: Antwort: Remote Admin of DMZ
Hi,
Actually I was using fport, I traced the application listening on 1088, and it was from sshd.exe. I checked the server now, and when I started it its not listening to port 1088 anymore but now port 1028, this is aside from the port 22.
regards,
Grefenp
j.mickerts@gmx.net on 11/27/2001 03:38:07 AM
To: Grefenp Berchmann C Sodusta/Rezayat
cc:
Subject: Antwort: Re: Antwort: Remote Admin of DMZ
Hi,
I cannot investigate this on my server before Friday. But you might you fport by Foundstone (http://www.foundstone.com) to determine which application is using the port. Just an Idea, SAP ITS uses ports from the range 1080-1089, so it might be a SAP ITS instance. I do not know a trojan listening on this port by default, but as we know this can be easily changed.
Kind regards,
Jens Mickerts
gsodusta@rezayat.com.sa
26.11.2001 13:13
An: Kopie: <j.mickerts@gmx.net>, <focus-ms@securityfocus.com>
Thema: Re: Antwort: Remote Admin of DMZ
Hi, I have installed OpenSSH (for NT), I leave the default listen port to 22, but I notice it was also listenning to port 1088. I think this must be a trojan or something. Anyone have any idea?
Grefenp
j.mickerts@gmx.net on 11/20/2001 04:14:12 PM
To: MLynch@imb.com.au @ INTERNET
cc: focus-ms@securityfocus.com @ INTERNET, security-basics@securityfocus.com @ INTERNET Subject: Antwort: Remote Admin of DMZ
Hi,
a combination I think is very nice is OpenSSH (there is a free NT Version here: http://www.networksimplicity.com) in combination with VNC or any other remote tool. For OpenSSH on NT uses NT accounts, you can set-up a policy that will lock the account used after x false logins making it quite secure. If your Remote Control then uses a second authentication different from the SSH one you should be fine given that you use a very low-priviledged account for SSH. Just another hint, you can set OpenSSH to listen on a different port than 22 so that it is more difficult to be recognised by Port-Scans.
Kind regards,
Jens Mickerts
Matt LYNCH <MLynch@imb.com.au>
19.11.2001 23:17
An: security-basics@securityfocus.com, focus-ms@securityfocus.com
Kopie: Thema: Remote Admin of DMZ
I have been given the task of administering a web server contained within a
DMZ. I am OK with the admin side of things but would prefer for time reasons
to be able to remotely administer this machine. I have always used
PCAnywhere, VNC and the MMC. But I now cannot use these due to the security
risk. Does anyone else remote admin inside a DMZ and if so how??
All machine are NT 4.0, I use a W2K desktop. (Free would be nice, but I am
also interested if there are commercial solutions available).
Thanks in advance
Matt
- Previous message: Rafael 'Dido' Sevilla: "Re: Squirrel Mail - just how secure it is?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
