[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: stopping outgoing services/

To: misc_(_at_)_openbsd_(_dot_)_org
Subject: Re: stopping outgoing services/
From: "STeve Andre'" <andres_(_at_)_msu_(_dot_)_edu>
Date: Mon, 18 Sep 2000 18:42:16 -0400

The only real way to keep people from getting outside once they're
on your machine is just as Alex says--block the socket call from
working and then it doesn't matter what the user tries to do to
circumvent it--it won't work.

We've done that on Grex.  For more information, see

    http://www.cyberspace.org/staffnote/blocks.html

That's the way to do it.  With all the code being open here, it would
be lots easier than digging around SunOS binaries to accomplish it.

--STeve Andre'

At 12:26 AM 9/19/00 +0200, Alex de Joode wrote:

On Sun, Sep 17, 2000 at 11:23:35PM -0700, Dave wrote:
> Hey all...
> If I were to offer shell accounts to my server, how
> can i stop the user from using outgoing services?
> I would like to keep and allow ftp, ssh into the box,
> but when the user is in the shell I want to be able to
> keep them from telnetting to other servers, etc..
> Thanks
> dave


One of the free shell account providers has(had) a
patch to OpenBSD that would allow only users of a
specific group to open sockets.

ie: you could telnet in, but not out if you were not
in the 'telnet' group. (same for other services)

I believe it was http://www.hobbiton.org/, but as their
site seems to be down I can't verify this.

--
Exit! Stage Left!

Prev by Date: Re: what do you do with a Windows virus ?
Next by Date: Re: stopping outgoing services/
Previous by thread: Re: stopping outgoing services/
Next by thread: Re: stopping outgoing services/
Index(es):
- Date
- Thread

Visit your host, monkey.org