[Xymon] Xymon security concern raised
Roland Soderstrom
Rolands at logicaltech.com.au
Wed Dec 5 21:51:41 CET 2012
On a side note I actually do this on purpose in my environment.
I got a Solaris Cluster running cluster resources in zoneclusters.
Instead of running ext/scripts in the zone I run them in the globalzone and fake the delivery hostname to be the zoneclusters logicalhostname.
Eg. Xymon $XYMSRV "status <zoneclusterhostname>.clustertest $COLOR `date` $Message"
Works brilliantly.
I remember a while back there was a discussion on how to encrypt the message over the xymon port 1984,
that will surely prevent any false messages going through. (as false clients can't encrypt with the right key)
Can't remember the outcome of the discussion.
- Roland
-----Original Message-----
From: xymon-bounces at xymon.com [mailto:xymon-bounces at xymon.com] On Behalf Of Novosielski, Ryan
Sent: Thursday, 6 December 2012 7:39 AM
To: Steve Holmes
Cc: xymon at xymon.com
Subject: Re: [Xymon] Xymon security concern raised
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
My understanding is that it's fairly easy to do, also. I don't know if having a proxy in between helps at all or any of that, but my understanding is that what's sent is fairly simple and plain text (I believe there's info about the protocol in the manual).
That said, I'm not 100% sure what nefarious thing someone could do with that information. I guess they could open the rlogin port or something and then send a status message to indicate it's still closed?
On 12/05/2012 03:20 PM, Steve Holmes wrote:
> I believe the concern is that a student or other 'non-admin' could
> send a packet from an unconfigured workstation masquerading as a
> configured host. I think I need to do a little more research on the
> problem. Thanks! Steve
>
> On Wed, Dec 5, 2012 at 12:30 PM, Tim McCloskey <tm at freedom.com
> <mailto:tm at freedom.com>> wrote:
>
> Not sure that can be done in Xymon currently.
>
> So, is the concern that one of the configured hosts could pretend to
> be one of the other configured hosts? If not, a nice packet
> filter/firewall allowing tcp:1984 from only the Xymon hosts -> Xymon
> server would provide a possible fix for that.
>
> Regards, Tim ________________________________________ From:
> xymon-bounces at xymon.com <mailto:xymon-bounces at xymon.com>
> [xymon-bounces at xymon.com <mailto:xymon-bounces at xymon.com>] on behalf
> of Steve Holmes [sholmes42 at mac.com <mailto:sholmes42 at mac.com>] Sent:
> Wednesday, December 05, 2012 9:14 AM To: xymon at xymon.com
> <mailto:xymon at xymon.com> Subject: [Xymon] Xymon security concern
> raised
>
> I have a customer who is concerned that anyone could send data
> messages to the xymon server with one of his host names and Xymon
> would accept it as real thus potentially masking an attack.
>
> Note that this is in a university environment, so even if data can
> come only from campus addresses we might not necessarily trust the
> data.
>
> Is there a way to get Xymon to check the IP address on incoming data
> packets to verify that it is coming from the host it claims to be?
>
> Thanks, Steve Holmes Purdue University
>
>
>
>
>
> -- If they give you ruled paper, write the other way. -Juan Ramon
> Jimenez, poet, Nobel Prize in literature (1881-1958)
>
> I prayed for freedom for twenty years, but received no answer until I
> prayed with my legs. -Frederick Douglass, Former slave, abolitionist,
> editor, and orator (1817-1895)
>
- --
- ---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlC/sNIACgkQmb+gadEcsb5FcgCfck8FSSTUeliU9HOmiN+FlFbA
3WEAnioFl9s0Y+08N6V6ox5f4tNH5F6G
=1fR8
-----END PGP SIGNATURE-----
_______________________________________________
Xymon mailing list
Xymon at xymon.com
http://lists.xymon.com/mailman/listinfo/xymon
More information about the Xymon
mailing list