MOO-cows Mailing List Archive


Re: security threats (was stupid newbie question)

At 08:53 PM 8/02/96 PST, Ian Macintosh wrote:
>At 08:37 PM 08/02/96 PST, you wrote:

>>she's worried about breakins... and says MOOs are notorious
>>among sysops as security nightmares.

>She's talking urban folklore.

There is one thing worth knowing about.  In most
cases it doesn't constitute a threat.  I hope if I make any
mistakes here someone will be kind enough to correct me...

If you enable outbound network connections, which is necessary
to have passwords for new accounts mailed to 
users, then Wizards can open outbound network connections
from the host computer.

This usually isn't a big problem.  It might allow nefarious use
of services that were intended for use only by local users, like
the use of a nntp daemon or http proxy server that has
an IP mask limiting access to local users only.  People could
spoof a news or mail post and pretty well hide their tracks.

It is worth considering this before you enable outbound network
connections.  In most cases it doesn't really introduce any
serious threat.

But give the dog a bone - tell them about this, and ask them to
help identify any risks that would be created.  If they find something
serious, then don't enable outbound network connections.  If
they don't find any, thank them for their interest :-)

Good luck,
Guy Carpenter - Clearwater Technical Services
Tel: (070) 953309                  Fax: (070) 953007

Home | Subject Index | Thread Index