1. Re: security issues & LOCALHOST

isaac wrote:
>In fact, no matter
>the encryption sceme, if the attacker has access to
>the server source, he
>can break in.
nooooo.... :)
you may have missed my other post about this, or perhaps i could have
phrased it better...

if u r runnin on win9x, then it's entirely likely that
no one but you has access to your machine, directly,
unless you allow people via some sort of PCAnywhere clone.

Ignoring that situation for now, let's look instead at
a winNT type of setup, whereby your machine is not only
hosting a FTP/HTTP/whatever server with EUServ, but also
allows "shell" accounts as well.

In my prior post, I described how allowing a person designated
as a "coder" might be allowed to have access to the code, but
not be able to do anything about it.  To wit: if you run
the server as a "root" process, then the only way to shutdown
and restart the server is 1> internally with the reboot command
or the shutdown command, if you are trusted to IMPLEMENTOR level.
2> using the winNT equivalent of "kill" if you are logged into
the winNT machine as root.

So, the coder makes changes to the code, but unless he has root
priv on your machine, or is designated an IMPLEMENTOR within the
server itself, he cannot make those changes effective.

After this coder makes the changes, it would be up to
you to review the changes he made before restarting the
server to implement the changes.

I really do not see any benefit to having coders, that have
access to the code, with priv enough to *change* the code,
(after all, the priv on the code itself should NOT be set to
allow modification by 'world', only 'owner' and 'group') and
not have these people actually be trusted enough to be set
to IMPLEMENTOR level anyway... if you trust them enough to
give them a shell to your machine and enough to allow them
to change your code (by adding them to the 'group' that the
code priv is assigned), i cannot see you not trusting them
enough to be IMPLEMENTOR level anyway.... BUT!, the provision
and the technique is there if you dont trust them enough and
you still want their help coding...

hopefully, this rephrasing will explain things a wee better???

> I ran "telnet localhost 9000"
> telnet opened and told me "could not open a connection with localhost"
> what did I do wrong?
technically, nothing... technically, everything :)

there is a problem/quirk with win9x and localhost that was discovered
recently, and it basically doesn't work....
you can do one of two things:
1> replace the word localhost with the *name* of your machine.
   the name of your machine is found in (potentially) 2 places.
   one of these places takes precedence over the other...
   under control panel/networking choose the identification tab,
   and write down what it says your "Computer Name" is, unless
   it's blank.  then, click the configuration tab, and highlight
   the tcp-ip mapping to dialUpAdapter, then properties for that
   setting.  then, choose DNS configuration tab.  Irregardless
   of whether it says that DNS is Enabled or Disabled, just under
   the EnableDNS radio box/circle, you will see Host and Domain.
   write down what is entered where it says Host.  In theory,
   these two setting should be the same... continously hit the
   'cancel' button until you are out of control panel...

now, crank the server, and try the name you found listed under
Host (dns config) first: telnet {Host} 9000
if that doesnt work, try the name you found under Computer Name,
telnet {CompName} 9000....

if neither of these entries have anything in them, you could
place something in there that you would like your machine
to be named. place it into both locations, before you hit
any ok/cancel buttons, then hit 'ok' and it'll prolly gripe
that you need the win95 cd.  clear the modal window and
when it is showing you the file location/open dialog box,
(like d:\    browse) and you will likely be looking for
something with the word secur??.dll... if all that seems
like is what is happening, click CANCEL.... you do NOT
need to go find/replace secur??.dll... then after the
cancel is pressed, you will (should be) asked to reboot...

if you have anything running, close it all down, saving
as you go... then yes, reboot to have win9x snarf your
new machine name... after all that, if you followed me,
and my explanation via typing of this is prolly not as
good as it could be... when you retry telnet {newhostname} 9000
and you are NOT connected to the internet, it *should* work.

2>if you are connected to the internet, you can use telnet {yourIP}
9000...
(the ip that winipcfg likely gave you unless you are using a gateway
or firewall... a whole new concept...)


the method (#1) above worked for me, & worked well.  it also worked
for Blackdog and Isande.  furthermore, Isande and I have a multiple
machine intranet here, and the technique allows us to boot the
server on any machine within the lan and telnet {specificmachinename}
9000
and walk right on into the server...  even more fun, I have found
a method whereby you can host the EUserver **INSIDE** a gateway/lan,
as in **behind** a firewall, on a dedicated machine (if u desire) or
any machine of your choosing behind the gateway machine, and people
outside the local lan can telnet into the local lan and to the
proper machine within the lan and access the EUServer :)

its a bit of work tho :)

hope this helps all those that have been asking about localhost
issues...


    _/  _/   _/_/_/   _/  _/  _/  _/   _/_/_/ _/
   _/  _/   _/  _/   _/  _/  _/ _/    _/
  _/_/_/   _/_/_/   _/  _/  _/_/     _/_/
 _/  _/   _/  _/   _/_/_/  _/ _/    _/
_/  _/   _/  _/   _/_/_/  _/   _/  _/_/_/
({<=----------------------------------------=>})
({<=- http://members.xoom.com/Hawkes_Hovel> -=})
({<=----------------------------------------=>})

new topic     » topic index » view message » categorize

Search



Quick Links

User menu

Not signed in.

Misc Menu