[Xymon] Xymon security concern raised
Novosielski, Ryan
novosirj at umdnj.edu
Wed Dec 5 21:38:40 CET 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
My understanding is that it's fairly easy to do, also. I don't know if
having a proxy in between helps at all or any of that, but my
understanding is that what's sent is fairly simple and plain text (I
believe there's info about the protocol in the manual).
That said, I'm not 100% sure what nefarious thing someone could do
with that information. I guess they could open the rlogin port or
something and then send a status message to indicate it's still closed?
On 12/05/2012 03:20 PM, Steve Holmes wrote:
> I believe the concern is that a student or other 'non-admin' could
> send a packet from an unconfigured workstation masquerading as a
> configured host. I think I need to do a little more research on the
> problem. Thanks! Steve
>
> On Wed, Dec 5, 2012 at 12:30 PM, Tim McCloskey <tm at freedom.com
> <mailto:tm at freedom.com>> wrote:
>
> Not sure that can be done in Xymon currently.
>
> So, is the concern that one of the configured hosts could pretend
> to be one of the other configured hosts? If not, a nice packet
> filter/firewall allowing tcp:1984 from only the Xymon hosts ->
> Xymon server would provide a possible fix for that.
>
> Regards, Tim ________________________________________ From:
> xymon-bounces at xymon.com <mailto:xymon-bounces at xymon.com>
> [xymon-bounces at xymon.com <mailto:xymon-bounces at xymon.com>] on
> behalf of Steve Holmes [sholmes42 at mac.com
> <mailto:sholmes42 at mac.com>] Sent: Wednesday, December 05, 2012 9:14
> AM To: xymon at xymon.com <mailto:xymon at xymon.com> Subject: [Xymon]
> Xymon security concern raised
>
> I have a customer who is concerned that anyone could send data
> messages to the xymon server with one of his host names and Xymon
> would accept it as real thus potentially masking an attack.
>
> Note that this is in a university environment, so even if data can
> come only from campus addresses we might not necessarily trust the
> data.
>
> Is there a way to get Xymon to check the IP address on incoming
> data packets to verify that it is coming from the host it claims to
> be?
>
> Thanks, Steve Holmes Purdue University
>
>
>
>
>
> -- If they give you ruled paper, write the other way. -Juan Ramon
> Jimenez, poet, Nobel Prize in literature (1881-1958)
>
> I prayed for freedom for twenty years, but received no answer until
> I prayed with my legs. -Frederick Douglass, Former slave,
> abolitionist, editor, and orator (1817-1895)
>
- --
- ---- _ _ _ _ ___ _ _ _
|Y#| | | |\/| | \ |\ | | |Ryan Novosielski - Sr. Systems Programmer
|$&| |__| | | |__/ | \| _| |novosirj at umdnj.edu - 973/972.0922 (2-0922)
\__/ Univ. of Med. and Dent.|IST/EI-Academic Svcs. - ADMC 450, Newark
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iEYEARECAAYFAlC/sNIACgkQmb+gadEcsb5FcgCfck8FSSTUeliU9HOmiN+FlFbA
3WEAnioFl9s0Y+08N6V6ox5f4tNH5F6G
=1fR8
-----END PGP SIGNATURE-----
More information about the Xymon
mailing list