[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: stopping outgoing services/

The only real way to keep people from getting outside once they're
on your machine is just as Alex says--block the socket call from
working and then it doesn't matter what the user tries to do to
circumvent it--it won't work.

We've done that on Grex.  For more information, see


That's the way to do it.  With all the code being open here, it would
be lots easier than digging around SunOS binaries to accomplish it.

--STeve Andre'

At 12:26 AM 9/19/00 +0200, Alex de Joode wrote:
On Sun, Sep 17, 2000 at 11:23:35PM -0700, Dave wrote:
> Hey all...
> If I were to offer shell accounts to my server, how
> can i stop the user from using outgoing services?
> I would like to keep and allow ftp, ssh into the box,
> but when the user is in the shell I want to be able to
> keep them from telnetting to other servers, etc..
> Thanks
> dave

One of the free shell account providers has(had) a patch to OpenBSD that would allow only users of a specific group to open sockets.

ie: you could telnet in, but not out if you were not
in the 'telnet' group. (same for other services)

I believe it was http://www.hobbiton.org/, but as their
site seems to be down I can't verify this.

Exit! Stage Left!