Re: Double hopping

From: Juha Laiho (Juha.Laiho_at_iki.fi)
Date: 10/11/05

  • Next message: PP: "Re: Double hopping"
    Date: Tue, 11 Oct 2005 15:02:54 +0000 (UTC)
    
    

    Adrian Casey <news@agcasey.com> said:
    >I'd like to be able to detect and prevent double hopping.
    >
    >For example, a user is logged into host-A. From host-A they log into
    >host-B. From host-B, they log into host-C. How do I detect this double
    >hopping and how can I prevent it?
    >
    >The user may use telnet or ssh. I don't want to install a wrapper for
    >telnet and ssh nor mess with syslog configuration.

    More or less: you don't detect it, and you can't prevent it.
    At least not with your requirements.

    Could you describe why this situation is a problem? If you see this as
    a security problem (people who are located in networks form which they
    should not be able to access C, access C through the chain A-B-C), then
    the security problem is that the network and system set-ups allow any
    sessions to be established from A to B (or B to C, depending on where
    the security perimeter is).

    -- 
    Wolf  a.k.a.  Juha Laiho     Espoo, Finland
    (GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
             PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
    "...cancel my subscription to the resurrection!" (Jim Morrison)
    

  • Next message: PP: "Re: Double hopping"

    Relevant Pages

    • Re: Double hopping
      ... Mark Broadbent wrote: ... >> I'd like to be able to detect and prevent double hopping. ... >> telnet and ssh nor mess with syslog configuration. ...
      (comp.os.linux.networking)
    • Re: Double hopping
      ... >>I'd like to be able to detect and prevent double hopping. ... >>telnet and ssh nor mess with syslog configuration. ... I have a network of systems which is sometimes maintained by outside ... even though they have a support account on host-B. ...
      (comp.security.unix)
    • Re: Double hopping
      ... In comp.os.linux.networking Adrian Casey: ... > I'd like to be able to detect and prevent double hopping. ... Use ssh only, telnet is insecure and depreciated. ...
      (comp.os.linux.networking)
    • Re: Your terminal, of type "ansi", is lacking functions needed to run pine.
      ... > I get this message running telnet on windows box. ... Telnet is enough of a security problem that many *NIX sysadmins remove it ... puTTY using SSH is much less of a hazard. ...
      (freebsd-questions)
    • Re: X refusing remote connections.
      ... For some reason I can't comprehend they seem to think that ssh ... > is a security problem, but running rsh or telnet isn't. ...
      (comp.os.linux.x)