Re: [LUG] Server intrusions

[alan <amd@xxxxxxxxx>]

On 2004.08.10 18:51 Simon Waters wrote:
> telnet is okay - plain text passwords are a possible source of 
> problems,
> but that isn't down to telnet (they are optional), and they seem to be
> mainly a problem once your systems are compromised.
The main issue with telnet, is that it is unencrypted ,so allowing 
outsiders to "read" your communication with the server, whether or not 
they get the login password. At least SSH2 is a decent level of 
encryption end to end during the whole exchange.

> We seem to be /dev/null'ing similar numbers - my philosophy on not
> /dev/null'ing email hasn't been permeated throughout the email system
> yet. For some reason a previous admin has a whole domain that exists
> purely to bitbucket email, I haven't worked out if there is some 
> subtle
> reason he doesn't just bounce them all.

From my experience, bouncing them is a waste of time, you just get 
them back because the "host does not exist" These are largely virus 
infected machines that are sending the spam, so they make up random 
"from/reply to addresses" and send them to anybody@xxxxxxxxxxxxx
It really made a marked difference in the spam levels getting through 
to my users, and even if the catch-all wasn't /dev/nulled , it could 
point to a dummy user, so the contents could be reveiwed periodically. 
I prefer not to fill the disk up that quickly though ;-)

I also use MailScanner with F-Prot and it hasn't let a virus through 
yet. Very happy with that.

alan

--
The Mailing List for the Devon & Cornwall LUG
Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the
message body to unsubscribe.