Re: canna port security

[John Seebach <jseebach@example.com>]

On Mon, May 21, 2001 at 10:02:23PM +0900, Joss Winn wrote:
> Hello,
> 
> I noticed that one of the ports listed as open on my machine is the
> canna port.  Is there any way to close this port to scannners like
> nmap and still have it function for me as a user on my home machine.
> I am not providing services to anyone but myself.


$ man cannaserver
$ man cshost

The easy answer is that /etc/hosts.canna ought to contain something
like this:

unix
localhost

I don't have another machine handy at the moment from which to
portscan this one, and since I allow this machine to connect to its
own cannaserver, I can't tell you how the port (5680, I belive) looks
to the outside world.

There was a security issue reported a while ago, involving a buffer
overflow that could allow remote users to get root by connecting to
the cannaserver. You might want to look into this if you're concerned
about this sort of thing. I'm using a debian package that claims to
have fixed this, but I haven't delved really closely into whether or
not this involved fixing the problem or simply changing the default
so that remote users weren't allowed to connect. Someone who knows
more than I will have to help you with that one.


-- 
john seebach           ~   "Suppose you were an idiot. And suppose you were
jseebach@example.com  ~   a member of Congress. But I repeat myself."
                       ~   -- Mark Twain
--