RSS
 Internet Firewall Protection: Listings |
 Listing 1: Using the process status command shows that we have stripped down our firewall system, leaving few servers.
relay% ps -ax
PID TT STAT TIME COMMAND
0 ? D 2:13 swapper
1 ? IW 0:29 /sbin/init -
2 ? D 0:02 pagedaemon
66 ? IW 16:26 syslogd
76 ? S 95:29 update
79 ? IW 0:58 cron
81 ? IW 2:58 inetd
11099 ? IW 15:00 in.named
3157 co S 0:00 -csh (csh)
3570 co R 0:00 ps -ax
relay%
Listing 2: An example
% cat /etc/inetd.conf telnet stream tcp nowait root /usr/local/etc/tn-gw authsrv stream tcp nowait root /usr/local/etc/authsrv authsrv % Listing 3A: An example authentication setup
for % grep tn-gw netperms-table tn-gw: welcome-msg /usr/local/etc/tn-welcome.txt tn-gw: permit-hosts 192.33.112.* tn-gw: permit-hosts * -auth % Listing 3B: An example authentication setup
for
otter-> telnet relay
Trying 192.94.214.100 ...
Connected to relay.tis.com.
Escape character is '^]'.
Trusted Information Systems, Inc.
This system is for authorized users only in accordance with TIS
Policies & Procedures Section I.A.4.e.
Valid commands are:
(c)onnect hostname [port]
(h)elp or ?
(q)uit or (e)xit
telnet> c some.other.machine
Trying 198.192.21.2 port 23...
SomeOS UNIX (some.other.machine)
login: mjr
Password:
Last login: Tue May 17 14:51:46 from 141.160.2.224
SomeOS Release 1.1 (SOMEBOX): Tue Jun 1 13:22:26 EDT 1993
TERM is vt100
some.machine% logout
Remote server has closed connection
Connection closed by foreign host.
otter->
Listing 3C: An example authentication setup
for
some.machine% telnet relay.tis.com
Trying 192.94.214.100 ...
Connected to relay.tis.com.
Escape character is '^]'.
Trusted Information Systems, Inc.
This system is for authorized users only in accordance with TIS
Policies & Procedures Section I.A.4.e.
Valid commands are:
(c)onnect hostname [port]
(h)elp or ?
(q)uit or (e)xit
Username: mjr
SNK Challenge "235673": 42330999
Login Accepted
telnet> c otter
Trying 192.33.112.117 port 23...
SunOS UNIX (otter)
login: mjr
Password:
Last login: Mon May 30 12:07:35 from fred.tis.com
SunOS Release 4.1.3_U1 (FNORD) #1: Wed Oct 13 17:48:35 PDT 1993
You have mail.
otter-> ^D
Remote server has closed connection
Connection closed by foreign host.
some.machine%
Listing 3D: An example authentication
setup for permit host=otter.tis.com destination=198.192.21.2 connected host=otter.tis.com destination=some.machine exit host=otter.tis.com dest=some.machine in=1027 out=103 user=unauth duration=43 permit host=some.machine use of gateway AUTHENTICATE mjr (tn-gw some.machine/198.192.21.2) authenticate user=mjr permit host=some.machine destination=192.33.112.117 connected host=some.machine destination=otter exit host=some.machine dest=otter in=222 out=34 user=mjr duration=26 Listing 4: The relay# authsrv authsrv# list Report for users in database user group longname status proto last ---- ----- -------- ------ ----- ---- mjr Glenwood Marcus Ranum y Snk Mon May 30 14:25:58 1994 dave Glenwood Dave Dalva y Snk Fri May 27 08:58:09 1994 avoliof Glenwood Fred Avolio y Skey Thu Apr 28 15:48:01 1994 . . . authsrv# adduser bdobbs "Robert Dobbs" ok - user added initially disabled authsrv# proto bdobbs ? Unknown protocol "?", use one of: none password Skey Snk authsrv# proto bdobbs snk changed authsrv# pass bdobbs '034 173 013 432 134 100 209 054' Secret key changed authsrv# enable bdobbs enabled authsrv# disp bdobbs Report for user bdobbs (Robert Dobbs) Authentication protocol: Snk Flags:none authsrv# group bdobbs demo ok authsrv# list Report for users in database user group longname status proto last ---- ----- -------- ------ ----- ---- mjr Glenwood Marcus Ranum y Snk Mon May 30 14:25:58 1994 dave Glenwood Dave Dalva y Snk Fri May 27 08:58:09 1994 bdobbs demo Robert Dobbs y Snk never avoliof Glenwood Fred Avolio y Skey Thu Apr 28 15:48:01 1994 . . . authsrv# ^D relay # |
 Print This Page Send as e-mail |
