[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: stopping outgoing services/



> removing or disabling these binaries is useless.  what's to stop a user
> from scp'ing over a telnet binary?  or writing a simple replacement
> using the local perl interprater?

I gave the user 3 options. I use option #1. I block using firewall 
rules.

But it stops most users. If the user wants to compile telnet or 
whatever, Im all for it, but alot of users wouldnt take the time to do 
this.

 
> the only way to stop outgoing services is to firewall the port (which
> doesn't do much to prevent someone from running it on a non-standard
> port) or flat out deny them access to your server.  what good is an
> account on your server if it cannot communicate with any other systems?

Which was what I said as my first choice.  Duhhhh

> joshua stein <jcs_(_at_)_rt_(_dot_)_fm>




end
###