Thanks thats a help :) On Sat, 2003-03-15 at 10:20, David Mandala wrote: > See http://lwn.net/Articles/25578/ for a critical SAMBA bug. Can take > over the machine at the root level. Just released by the SAMBA team. > > The SAMBA team recommends immediate upgrade to avoid security problems. > > Cheers, > > Davidm > > On Sat, 2003-03-15 at 08:49, Entelin wrote: > > Well I dont want to give his name out :) Actually hes not completely a > > nutbar, apparently he is on security topics. He's actually very > > experienced with linux/unix, and has written a number of programs they > > use internaly. I think the issue is that hes a bit stuck in the past > > when it comes to his mentality on security topics. However he really did > > piss me off going behind my back like that he even said in his email to > > her to not to talk to me about this without talking to him first. > > > > On Sat, 2003-03-15 at 04:02, technomage wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > who is this "nutbar" who thinks they are totoally secure? I'd like to know so > > > that I can avoid meeting him unless I have reason to. > > > > > > totally secure = power supply isolated, non-networked machine behind 2 layers > > > of steel doors and lots of guards. > > > > > > anything else is debatable. > > > > > > Technomage > > > > > > On Saturday 15 March 2003 03:17 am, Entelin wrote: > > > > I have a client I am trying to convince to install a firewall, (eather > > > > iptables or preferably cisco PIX). They have practicly every service > > > > under the sun open, the only reason their tcp netbios ports are closed > > > > is because cox filters them. The only reason I am having to convince > > > > them of anything is because they have another linux tech working for > > > > them and he is somehow convinced that they are completely secure "at the > > > > deamon level" wrote a big email to my client saying they dident need to > > > > install a firewall, or even close totaly unused ports on their box! > > > > (they even had echo and chargen open before I at least convinced them to > > > > close those ie: forged packet between echo and chargen = storm). > > > > nevermind the two root exploits their sendmail is at risk for. and the > > > > password sniffing of their login,telnet etc.. god.. > > > > > > > > ANYWAY sorry for that rant. back on topic I was wondering if I could do > > > > anything with these udp ports in absence of the filtered tcp netbios > > > > ports. ? as in gain any kind of access or DoS. > > > > > > > > 137/udp open netbios-ns > > > > 138/udp open netbios-dgm > > > > 139/udp open netbios-ssn > > > > > > > > Thanks :) > > > > > > > > --------------------------------------------------- > > > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > > > To subscribe, unsubscribe, or to change you mail settings: > > > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > - -- > > > I will not be pushed, filed, stamped, indexed, briefed, debriefed, or > > > numbered! > > > My life is my own - No. 6 > > > -----BEGIN PGP SIGNATURE----- > > > Version: GnuPG v1.0.7 (GNU/Linux) > > > > > > iD8DBQE+cwhOn/usgigAaLcRAs79AJ9Tty91a3ZorlD3pgKL9dBRRJSSzACeKW4U > > > 6v2lRe90Uh6uuJYQKty5ihg= > > > =hUiC > > > -----END PGP SIGNATURE----- > > > > > > --------------------------------------------------- > > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > > To subscribe, unsubscribe, or to change you mail settings: > > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > > > > > > --------------------------------------------------- > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > > To subscribe, unsubscribe, or to change you mail settings: > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- > David IS Mandala > gpg fingerprint 8932 E7EF CCF5 1B8C 1B5C A92E C678 795E 45B2 D952 > Phoenix, AZ (480) 460-7545 HP, (602) 741-1363 CP > http://www.them.com/~davidm/ > > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change you mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss