PDA

View Full Version : Shield Up : Fedora installation had many problems

yeehi
8th June 2004, 11:39 PM
I included Telnet in my installation. Checking out my system at Shields Up port 22 is open.
I don't know why people have telnet at all if it is risky. There must be some good point to it... But anyway, what should i do sort out this issue?


Secure Shell provides a secure-connection version of the Telnet remote console service with additional features. Unfortunately, the SSH services and their security add-on packages have a long history of many widely exploited buffer overflow vulnerabilities. If your system has this port exposed to the outside world you should be vigilant in keeping your SSH service updated.

I also had a problem with solicited TCP packets:

Solicited TCP Packets: RECEIVED (FAILED) — As detailed in the port report below, one or more of your system's ports actively responded to our deliberate attempts to establish a connection. It is generally possible to increase your system's security by hiding it from the probes of potentially hostile hackers. Please see the details presented by the specific port links below, as well as the various resources on this site, and in our extremely helpful and active

Port 22 ssh remote login protocol was open.
kbradl1
9th June 2004, 02:12 AM
If you need to connect remotely to the box then I would keep it on. You can use iptables or gnome-lokkit to block access to port 22 from the internet.

If you don't need ssh, then you can turn it off:

chkconfig --level 345 sshd off
/sbin/services sshd stop
Jman
9th June 2004, 10:11 AM

If you're comparing telnet and ssh, ssh encrypts traffic, while telnet just sends it over the network. I would much rather take the chance at some buffer expoit than sending my password that way. I keep updated anyway.

And the responding behavior is expected of a running server.
everest
9th July 2004, 01:50 PM
yeehi if you are going to be remotely logging into a shell I really stress that you use ssh. (its miles safer and better then telnet) Head over to openssh.org and download the latest openssh-portable package (3.8.1-p1) and install that (it may require some tweeking of system files to run it at boot time, or just add it to /etc/rc.local) and make sure you have the latest openssl package (0.9.7d) installed as well. Tweak it so it only accepts ssh v2 connections and you will have a solid system provided you don’t have other exploitable services running.

-E