iptables on the xymon server could allow a list or range of IP addresses and/or block any address outside the segments that contain servers you want to allow. That can be implemented right now, outside xymon, to limit the risk.<div>
<br></div><div>Ralph Mitchell</div><div><br><br><div class="gmail_quote">On Fri, Dec 7, 2012 at 10:41 PM, Shawn Heisey <span dir="ltr"><<a href="mailto:hobbit@elyograg.org" target="_blank">hobbit@elyograg.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">On 12/5/2012 1:38 PM, Novosielski, Ryan wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
-----BEGIN PGP SIGNED MESSAGE-----<br>
Hash: SHA1<br>
<br>
My understanding is that it's fairly easy to do, also. I don't know if<br>
having a proxy in between helps at all or any of that, but my<br>
understanding is that what's sent is fairly simple and plain text (I<br>
believe there's info about the protocol in the manual).<br>
<br>
That said, I'm not 100% sure what nefarious thing someone could do<br>
with that information. I guess they could open the rlogin port or<br>
something and then send a status message to indicate it's still closed?<br>
</blockquote>
<br></div>
Nefarious users can create false alarms that must be investigated. They can "drop" your host entries and therefore wipe out incredible amounts of RRD graph history. If you have tests with delayed notification, it would be possible to prevent notifications on real alarm conditions. There are probably other nasty things I haven't thought of.<br>
<br>
Thanks,<br>
Shawn<div class="HOEnZb"><div class="h5"><br>
<br>
______________________________<u></u>_________________<br>
Xymon mailing list<br>
<a href="mailto:Xymon@xymon.com" target="_blank">Xymon@xymon.com</a><br>
<a href="http://lists.xymon.com/mailman/listinfo/xymon" target="_blank">http://lists.xymon.com/<u></u>mailman/listinfo/xymon</a><br>
</div></div></blockquote></div><br></div>