[Xymon] Xymon security concern raised

Steve Holmes sholmes42 at mac.com
Wed Dec 5 21:20:12 CET 2012


I believe the concern is that a student or other 'non-admin' could send a
packet from an unconfigured workstation masquerading as a configured host.
I think I need to do a little more research on the problem.
Thanks!
Steve

On Wed, Dec 5, 2012 at 12:30 PM, Tim McCloskey <tm at freedom.com> wrote:

> Not sure that can be done in Xymon currently.
>
> So, is the concern that one of the configured hosts could pretend to be
> one of the other configured hosts?  If not, a nice packet filter/firewall
> allowing tcp:1984 from only the Xymon hosts -> Xymon server would provide a
> possible fix for that.
>
> Regards,
> Tim
> ________________________________________
> From: xymon-bounces at xymon.com [xymon-bounces at xymon.com] on behalf of
> Steve Holmes [sholmes42 at mac.com]
> Sent: Wednesday, December 05, 2012 9:14 AM
> To: xymon at xymon.com
> Subject: [Xymon] Xymon security concern raised
>
> I have a customer who is concerned that anyone could send data messages to
> the xymon server with one of his host names and Xymon would accept it as
> real thus potentially masking an attack.
>
> Note that this is in a university environment, so even if data can come
> only from campus addresses we might not necessarily trust the data.
>
> Is there a way to get Xymon to check the IP address on incoming data
> packets to verify that it is coming from the host it claims to be?
>
> Thanks,
> Steve Holmes
> Purdue University
>
>
>


-- 
If they give you ruled paper, write the other way. -Juan Ramon Jimenez,
poet, Nobel Prize in literature (1881-1958)

I prayed for freedom for twenty years, but received no answer until I
prayed with my legs. -Frederick Douglass, Former slave, abolitionist,
editor, and orator (1817-1895)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.xymon.com/pipermail/xymon/attachments/20121205/bde22394/attachment.html>


More information about the Xymon mailing list