4.1.2 Multiple Accounts with the Same UID There are two exceptions when having multiple usernames with the same UID is sensible. The first is for logins used for the UUCP system. In this case, it is desirable to have multiple UUCP logins with different passwords and usernames, but all with the same UID. This allows you to track logins from separate sites, but still allows each of them access to the shared files. Ways of securing the UUCP system are described in detail in Chapter 15, UUCP. The second exception to the rule about only one username per UID is when you have multiple people with access to a system account, including the superuser account, and you want to track their activities via the audit trail. By creating separate usernames with the same UID, and giving the users access to only one of these identities, you can do some monitoring of usage. You can also disable access for one person without disabling it for all. As an example, consider the case where you may have three people helping administer your Usenet news software and files. The password file entry for news is duplicated in the /etc/passwd file as follows: root:zPDeHbougaPpA:0:1:Operator:/:/bin/ksh nobody:*:60001:60001::/tmp: daemon:*:1:1::/tmp: ftp:*:3:3:FTP User:/usr/spool/ftp: news:*:6:6::/usr/spool/news:/bin/csh newsa:Wx3uoih3B.Aee:6:6:News co-admin Sabrina:/usr/spool/news:/bin/csh newsb:ABll2qmPi/fty:6:6:News co-admin Rachel:/usr/spool/news:/bin/sh newsc:x/qnr4sa70uQz:6:6:News co-admin Fred:/usr/spool/news:/bin/ksh Each of the three helpers has a unique password, so they can be shut out of the news account, if necessary, without denying access to the others. Also, the activities of each can now be tracked if the audit mechanisms record the account name instead of the UID (most do, as we describe in Chapter 10, Auditing and Logging). Because the first entry in the passwd file for UID 6 has the account name news, any listing of file ownership will show files belonging to user news, not to newsb or one of the other users. Also note that each user can pick his or her own command interpreter (shell) without inflicting that choice on the others. This approach should only be used for system-level accounts, not for personal accounts. Furthermore, you should institute rules in your organizations that require users (Sabrina, Rachel, and Fred) to log in to their own personal accounts first, then su to their news maintenance accounts - this provides another level of accountability and identity verification. (See the discussion of su later in this chapter.) Unfortunately, in most versions of UNIX, there is no way to enforce this requirement, except by preventing root from logging on to particular devices. 4.1.3 Groups and Group Identifiers (GIDs) Every UNIX user belongs to one or more groups. Like user accounts, groups have both a groupname and a group identification number (GID). GID values are also historically 16-bit integers. As the name implies, UNIX groups are used to group users together. As with usernames, groupnames and numbers are assigned by the system administrator when each user's account is created. Groups can be used by the system administrator to designate sets of users who are allowed to read, write, and/or execute specific files, directories, or devices. Each user belongs to a primary group that is stored in the /etc/passwd file. The GID of the user's primary [Chapter 4] Users, Groups, and the Superuser file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/ch04_01.htm (3 of 7) [2002-04-12 10:44:36] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com group follows the user's UID. Consider, again, our /etc/passwd example: rachel:eH5/.mj7NB3dx:181:100:Rachel Cohen:/u/rachel:/bin/ksh In this example, Rachel's primary GID is 100. Groups provide a handy mechanism for treating a number of users in a certain way. For example, you might want to set up a group for a team of students working on a project so that students in the group, but nobody else, can read and modify the team's files. Groups can also be used to restrict access to sensitive information or specially licensed applications to a particular set of users: for example, many UNIX computers are set up so that only users who belong to the kmem group can examine the operating system's kernel memory. The ingres group is commonly used to allow only registered users to execute the commercial Ingres database program. And a sources group might be limited to people who have signed nondisclosure forms so as to be able to view the source code for some software. NOTE: Some special versions of UNIX support MAC (Mandatory Access Controls), which have controls based on data labeling instead of, or in addition to, the traditional UNIX DAC (Discretionary Access Controls). MAC-based systems do not use traditional UNIX groups. Instead, the GID values and the /etc/group file may be used to specify security access control labeling or to point to capability lists. If you are using one of these systems, you should consult the vendor documentation to ascertain what the actual format and use of these values might be. 4.1.3.1 The /etc/group file The /etc/group file contains the database that lists every group on your computer and its corresponding GID. Its format is similar to the format used by the /etc/passwd file.[3] [3] As with the password file, if your site is running NIS, NIS+, NetInfo, or DCE, the /etc/group file may be incomplete or missing. See the discussion in "The /etc/passwd File and Network Databases" in Chapter 3. Here is a sample /etc/group file that defines five groups: wheel, uucp, vision, startrek, and users: wheel:*:0:root,rachel uucp:*:10:uucp users:*:100: vision:*:101:keith,arlin,janice startrek:*:102:janice,karen,arlin The first line of this file defines the wheel group. The fields are explained in Table 4.1. Table 4.1: Wheel Group Fields Field Contents Description wheel The group name * The group's "password" (described below) 0 The group's GID root, rachel The list of the users who are in the group . [Chapter 4] Users, Groups, and the Superuser file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/ch04_01.htm (4 of 7) [2002-04-12 10:44:36] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Most versions of UNIX use the wheel group[4] as the list of all of the computer's system administrators (in this case, rachel and the root user are the only members). The second line of this file defines the uucp group. The only member in the uucp group is the uucp user. The third line defines the users group; the users group does not explicitly list any users; each user on this particular system is a member of the users group by virtue of their individual entries in the /etc/passwd file. [4] Not all versions of UNIX call this group wheel; this is group 0, regardless of what it is named. The remaining two lines define two groups of users. The vision group includes the users keith, arlin and janice. The startrek group contains the users janice, karen, and arlin. Notice that the order in which the usernames are listed on each line is not important. (This group is depicted graphically in Figure 4.1.) Remember, the users mentioned in the /etc/group file are in these groups in addition to the groups mentioned as their primary groups in the file /etc/passwd. For example, Rachel is in the users group even though she does not appear in that group in the file /etc/group because her primary group number is 100. On some versions of UNIX, you can issue the groups command or the id command to list which groups you are currently in. Groups are handled differently by versions of System V UNIX before Release 4 and by Berkeley UNIX; SVR4 incorporates the semantics of BSD groups. NOTE: It is not necessary for there to be an entry in the /etc/group file for a group to exist! As with UIDs and account names, UNIX actually uses only the integer part of the GID for all settings and permissions. The name in the /etc/group file is simply a convenience for the users - a means of associating a mnemonic with the GID value. Figure 4.1 illustrates how users can be included in multiple groups. Figure 4.1: Users and groups [Chapter 4] Users, Groups, and the Superuser file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/ch04_01.htm (5 of 7) [2002-04-12 10:44:36] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com 4.1.3.2 Groups and older AT&T UNIX Under versions of AT&T UNIX before SVR4, a user can occupy only a single group at a time. To change your current group, you must use the newgrp command. The newgrp command takes a single argument: the name of the group that you're attempting to change into. If the newgrp command succeeds, it execs a shell that has a different GID, but the same UID: $ newgrp news $ This is similar to the su command used to change UID. Usually, you'll want to change into only these groups in which you're already a member; that is, groups that have your username mentioned on their line in the /etc/group file. However, the newgrp command also allows you to change into a group of which you're not normally a member. For this purpose, UNIX uses the group password field of the /etc/group file. If you try to change into a group of which you're not a member, the newgrp command will prompt you for that group's password. If the password you type agrees with the password for the group stored in the /etc/group file, the newgrp command temporarily puts you into the group by spawning a subshell with that group: $ newgrp fiction password: rates34 $ You're now free to exercise all of the rights and privileges of the fiction group. The password in the /etc/group file is interpreted exactly like the passwords in the /etc/passwd file, including salts (described in Chapter 8, Defending Your Accounts). However, most systems do not have a program to [Chapter 4] Users, Groups, and the Superuser file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/ch04_01.htm (6 of 7) [2002-04-12 10:44:36] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com install or change the passwords in this file. To set a group password, you must first assign it to a user with the passwd command, then use a text editor to copy the encrypted password out of the /etc/passwd file and into the /etc/group file. Alternatively, you can encode the password using the /usr/lib/makekey program (if present) and edit the result into the /etc/group file in the appropriate place.[5] [5] We suspect that passwords have seldom been used in the group file. Otherwise, by now someone would have developed an easier, one-step method of updating the passwords. UNIX gurus tend to write tools for anything they have to do more than twice and that require more than a few simple steps. Updating passwords in the group file is an obvious candidate, but a corresponding tool has not been developed. Ergo, the operation must not be common. NOTE: Some versions of UNIX, such as AIX, do not support group passwords. 4.1.3.3 Groups and BSD or SVR4 UNIX One of the many enhancements that the Berkeley group made to the UNIX operating system was to allow users to reside in more than one group at a time. When a user logs in to a Berkeley UNIX system, the program /bin/login scans the entire /etc/group file and places the user into all of the groups in which that user is listed.[6] The user is also placed in the primary group listed in the user's /etc/passwd file entry. When the system needs to determine access rights to something based on the user's membership in a group, it checks all the current groups for the user to determine if that access should be granted (or denied). [6] If you are on a system that uses NIS, NIS+ or some other system for managing user accounts throughout a network, these network databases will be referenced as well. For more information, see Chapter 19, RPC, NIS, NIS+, and Kerberos. Thus, Berkeley and SVR4 UNIX have no obvious need for the newgrp command - indeed, many of the versions do not include it. However, there may be a need for it in some cases. If you have a group entry with no users listed but a valid password field, you might want to have some users run the newgrp program to enter that group. This action will be logged in the audit files, and can be used for accounting or activity tracking. However, situations where you might want to use this are likely to be rare. Note, however, that some systems, including AIX, do not support use of a password in the /etc/group file, although they may allow use of the newgrp command to change primary group. 3.8 Summary 4.2 Special Usernames [ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ] [Chapter 4] Users, Groups, and the Superuser file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/ch04_01.htm (7 of 7) [2002-04-12 10:44:36] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Chapter 16 TCP/IP Networks 16.2 IPv4: The Internet Protocol Version 4 The Internet Protocol is the glue that holds together modern computer networks. IP specifies the way that messages are sent from computer to computer; it essentially defines a common "language" that is spoken by every computer stationed on the Internet. This section describes IPv4, the fourth version of the Internet Protocol, which has been used on the Internet since 1982. As this book is going to press, work is continuing on IPv6, previously called "IP: The Next Generation," or IPng. (IPv5 was an experimental protocol that was never widely used.) We do not know when (or if) IPv6 will be widely used on the network. As we said earlier, at a very abstract level the Internet is similar to the phone network. However, as we look more closely at the underlying protocols, we find that it is quite different. On the telephone network, each conversation is assigned a circuit (either a pair of wires or a channel on a multiplexed connection) that it uses for the duration of the telephone call. Whether you talk or not, the channel remains open until you hang up the phone. On the Internet, the connections between computers are shared by all of the conversations. Data is sent in blocks of characters called datagrams, or more colloquially, packets. Each packet has a small block of bytes called the header, which identifies its sender and intended destination on each computer. The header is followed by another, usually larger, block of characters of data called the packet's contents. (See Figure 16.3.) After the packets reach their destination, they are often reassembled into a continuous stream of data; this fragmentation and reassembly process is usually invisible to the user. As there are often many different routes from one system to another, each packet may take a slightly different path from source to destination. Because the Internet switches packets, instead of circuits, it is called a packet-switching network. Figure 16.3: IP header and packet [Chapter 16] 16.2 IPv4: The Internet Protocol Version 4 file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/ch16_02.htm (1 of 15) [2002-04-12 10:44:38] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com We'll borrow an analogy from Vint Cerf, one of the original architects of the ARPANET: think of the IP protocol as sending a novel a page at a time, numbered and glued to the back of postcards. All the postcards from every user get thrown together and carried by the same trucks to their destinations, where they get sorted out. Sometimes, the postcards get delivered out of order. Sometimes, a postcard may not get delivered at all, but you can use the page numbers to request another copy. And, key for security, anyone in the postal service who handles the post cards can read the contents without the recipient or sender knowing about it. There are three distinct ways to directly connect two computers together using IP: The computers can all be connected to the same local area network. Two common LANS are Ethernet and token ring. Internet packets are then encapsulated within the packets used by the local area network.[4] [4] LANs and token rings can also carry protocols other than IP (including Novell IPX and Appletalk), often at the same time as IP network traffic. ● Two computers can be directly connected to each other with a serial line. IP packets are then sent using either SLIP (Serial Line Internet Protocol), CSLIP (Compressed SLIP), or PPP (Point-to-Point Protocol). If both computers are each in turn connected to a local area network, the telephone link will bridge together the two LANS. (See Figure 16.4.) ● The IP packets can themselves be encapsulated within packets used by other network protocols. Today, many 56K "leased lines" are actually built by encapsulating IP packets within Frame Relay packets. Within a few years, IP may be commonly encapsulated within ATM (Asynchronous Transfer Mode) networks.[5] [5] If our use of all these network terms is causing your eyes to roll back into your head and a loud buzzing sound to fill your ears, take a break and several deep breaths. Then consult a book on IP and networks for a more complete explanation. We recommend the excellent Internetworking with TCP/IP by Doug Comer (Prentice Hall, 1991). ● Figure 16.4: Bridging two local area networks [Chapter 16] 16.2 IPv4: The Internet Protocol Version 4 file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/ch16_02.htm (2 of 15) [2002-04-12 10:44:38] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com IP is a scalable network protocol: it works as well with a small office network of ten workstations as it does with a university-sized network supporting a few hundred workstations, or with the national (and international) networks that support tens of thousands of computers. IP scales because it views these large networks merely as collections of smaller ones. Computers connected to a network are called hosts. Computers that are connected to two or more networks can be programmed to forward packets automatically from one network to another; today, these computers are called routers (originally they were called gateways). Routers use routing tables to determine where to send packets next. 16.2.1 Internet Addresses Every interface that a computer has on an IP network is assigned a unique 32-bit address. These addresses are often expressed as a set of four 8-bit numbers, called octets. A sample address is 18.70.0.224. Think of an IP address as if it were a telephone number: if you know a computer's IP address, you can connect to it and exchange information. Theoretically, the 32-bit IP address allows a maximum of 232 = 4,294,967,296 computers to be attached to the Internet at a given time. In practice, the total number of computers that can be connected is much less, because of the way that IP addresses are assigned. Organizations are usually assigned blocks of addresses, not all of which are used. This approach is similar to the method by which the phone company assigns area codes to a region. The approach has led to a problem with IP addresses similar to that faced by the telephone company: we're running out of numbers. Here are some more sample Internet addresses: 18.85.0.2 198.3.5.1 204.17.195.100 IP addresses are typically abbreviated ii.jj.kk.ll, where the numbers ii, jj, kk, and ll are between 0 and 255. Each decimal number represents an 8-bit octet. Together, they represent the 32-bit IP address. [Chapter 16] 16.2 IPv4: The Internet Protocol Version 4 file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/ch16_02.htm (3 of 15) [2002-04-12 10:44:38] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com 16.2.1.1 IP networks The Internet is a network of networks. Although most people think of these networks as major networks, such as those belonging to companies like AT&T, MCI, and Sprint, the networks that make up the Internet are actually local area networks, such as the network in your office building or the network in a small research laboratory. Each of these small networks is given its own network number. There are two methods of looking at network numbers. The "classical" network numbers were distinguished by a unique prefix of bits in the address of each host in the network. This approach partitioned the address space into a well-defined set of different size networks. However, several of these networks had large "holes" - sets of host addresses that were never used. With the explosion of sites on the Internet, a somewhat different interpretation of network addresses has been proposed, to result in some additional addresses that can be assigned to networks and hosts. This approach is the CIDR (Classless InterDomain Routing) scheme. We briefly describe both schemes below. The CIDR method may not be adequate to provide addresses for all the expected hosts on the network; therefore, as we've mentioned, a new protocol, IPv6, is being developed. This new protocol will provide a bigger address space for hosts and networks, and will provide some additional security features. Host addresses will be 128 bits long in IPv6. As this book goes to press, the features of IPv6 are not completely finalized, so we won't try to detail them here.[6] [6] But you can be sure we'll cover them in the next edition! 16.2.1.2 Classical network addresses There are five primary kinds of IP addresses in the "classical" address scheme; the first few bits of the address (themost significant bits) define the class of network to which the address belongs. The remaining bits are divided into a network part and a host part: Class A addresses Hosts on Class A networks have addresses in the form N.a.b.c, where N is the network number and a.b.c is the host number; the most significant bit of N must be zero. There are not many Class A networks, as they are quite wasteful: unless your network has 16,777,216 separate hosts, you don't need a Class A network. Nevertheless, many early pioneers of the Internet, such as MIT and Bolt Beranek and Newman (BBN), have been assigned Class A networks. Of course, these organizations don't really put all of their computers on the same piece of network. Instead, most of them divide their internal networks as (effectively) Class B or Class C networks. This approach is known as subnetting. Class B addresses Hosts on Class B networks have addresses in the form N.M.a.b, where N.M is the network number and a.b is the host number; the most significant two bits of N must be 10. Class B networks are commonly found at large universities and major commercial organizations. Class C addresses Hosts on Class C networks have addresses in the form N.M.O.a, where N.M.O is the network number and a is the host number; the most significant three bits of N must be 110. These networks can only accommodate a maximum of 254 hosts. (Flaws and incompatibilities between various UNIX IP implementations make it unwise to assign IP addresses ending in 0 or 255.) Most organizations have one or more Class C networks. Class D addresses A Class D address is of the form N.M.O.a, where the most significant four bits of N are 1110. These addresses are not actually of networks, but of multicast groups - sets of hosts that listen on a common address to receive broadcast addresses. Class E addresses [Chapter 16] 16.2 IPv4: The Internet Protocol Version 4 file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/ch16_02.htm (4 of 15) [2002-04-12 10:44:38] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com A Class E address is of the form N.M.O.P, where the most significant four bits of N are 1111. These addresses are currently reserved for experimental use. 16.2.1.3 CIDR addresses In recent years, a new form of address assignment has been developed. This assignment is the CIDR, or Classless InterDomain Routing, method. As the name implies, there are no "classes" of addresses as in the classical scheme. Instead, networks are defined as being the most significant k bits of each address, with the remaining 32-k bits being used for the host part of the address. Thus, a service provider could be given a range of addresses whereby the first 12 bits of the address are fixed at a particular value (the network address), and the remaining 20 bits represent the host portion of the address. This method allows the service provider to allocate up to 220 distinct addresses to customers. In reality, the host portion of an address is further divided into subnets. This subdivision is done by fixing the first jbits of the host portion of the address to some set value, and using the remaining bits for host addresses. And those can be further divided into subnets, and so on. A CIDR-format address is of the form k.j.l.(m n), where each of the fields is of variable length. Thus, the fictional service-provider network address described above could be subdivided into 1024 subnets, one for each customer. Each customer would have 210 bits of host address, which they could further subdivide into local subnets. The CIDR scheme is compatible with the classical address format, with Class A addresses using an 8-bit network field, Class B networks using a 16-bit network address, and so on. CIDR is being adopted as this book goes to press. Combined with new developments in IP address rewriting, there is the potential to spread out the useful life of IPv4 for many years to come. 16.2.2 Routing Despite the complexity of the Internet and addressing, computers can easily send each other messages across the global network. To send a packet, most computers simply set the packet's destination address and then send the packet to a computer on their local network called a gateway. If the gateway makes a determination of where to send the packet next, the gateway is a router. The router takes care of sending the packet to its final destination by forwarding the packet on to a directly connected gateway that is one step closer to the destination host. Many organizations configure their internal networks as a large tree. At the root of the tree is the organization's connection to the Internet. When a gateway receives a packet, it decides whether to send it to one of its own subnetworks, or to direct it towards the root. Out on the Internet, major IP providers such as AT&T, BBN Planet, MCI, and Sprint have far more complicated networks with sophisticated routing algorithms. Many of these providers have redundant networks, so that if one link malfunctions other links can take over. Nevertheless, from the point of view of any computer on the Internet, routing is transparent, regardless of whether packets are being sent across the room or across the world. The only information that you need to know to make a connection to another computer on the Internet is the computer's 32-bit IP address - you do not need to know the route to the host, or on what type of network the host resides. You do not even need to know if the host is connected by a high-speed local area network, or if it is at the other end of a modem-based SLIP connection. All you need to know is its address, and your packets are on their way. Of course, if you are the site administrator and you are configuring the routing on your system, you do need to be concerned with a little more than the IP number of a destination machine. You must know at least the addresses of gateways out of your network so you can configure your routing tables. We'll assume you know how to do that,[7] but we will point out that if your routes are fairly stable and simple, you would be safer by statically setting the routes rather than allowing them to be set dynamically with a mechanism such as the routed daemon. [7] If not, you should consult your vendor manual, or one of the references in Appendix D, Paper [Chapter 16] 16.2 IPv4: The Internet Protocol Version 4 file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/ch16_02.htm (5 of 15) [2002-04-12 10:44:38] Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com [...]... of day 53 domain Domain Name Service (DNS) 69 tftp Trivial File Transfer Protocol (TFTP) 111 sunrpc Sun Microsystem's Remote Procedure Call (RPC) portmapper 123 ntp Network Time Protocol (NTP) file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/ch16_02.htm (11 of 15) [2002-04-12 10:44:39] [Chapter 16] 16.2 IPv4: The Internet Protocol Version 4 161 51 2 51 3 51 4 51 7 51 8 52 0 53 3 2049... Signals C .5 Starting Up UNIX and Logging In [ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ] file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/appc_04.htm (2 of 2) [2002-04-12 10:44:40] [Chapter 15] 15. 7 Early Security Problems with UUCP Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com Chapter 15 UUCP 15. 7... 113 auth Authentication Service 119 nntp Network News Transfer Protocol (NNTP) (Usenet) 178 nsws NeXTSTEP Window Server 51 2 exec Executes commands on a remote UNIX host 51 3 login Logs in to a remote UNIX host 51 4 shell Retrieves a shell on a remote UNIX host 51 5 printer Remote printing 54 0 uucp Runs UUCP over TCP/IP (primarily used for transporting netnews) 2049 NFS NFS over TCP 6000+ X X Window System... about ISSA, contact: ISSA Headquarters 4 350 DiPaolo Center Suite C Glenview, IL 600 25- 5212 +1-708-699-6441 +1-708-699-6369 ISSA has a WWW page at: http://www.uhsa.uh.edu/issa F.1.6 The Internet Society The Internet Society sponsors many activities and events related to the Internet, including an annual symposium on network security For more information, contact the Internet Society: http://www.isoc.org... American Society for Industrial Security 1 655 North Fort Meyer Drive Suite 1200 Arlington, VA 22209 +1-703 -52 2 -58 00 F.1.3 Computer Security Institute (CSI) The Computer Security Institute was established in 1974 as a multiservice organization dedicated to helping its members safeguard their electronic data processing resources CSI sponsors workshops and conferences on security, publishes a research... mail 'prose!`/bin/touch /tmp/foo`' Subject: This is a mail bugtest #2 Another test ^D 15. 6 Additional Security Concerns 15. 8 UUCP Over Networks [ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ] file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/ch 15_ 07.htm (2 of 2) [2002-04-12 10:44:41] [Chapter 6] 6.4 Common Cryptographic Algorithms... the same port (51 3) Figure 16 .5: A few Internet connections with port numbers file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/ch16_02.htm (8 of 15) [2002-04-12 10:44:38] [Chapter 16] 16.2 IPv4: The Internet Protocol Version 4 Simpo PDF Merge and Split Unregistered Version - http://www.simpopdf.com The idea that the workstations are all connecting to port number 51 3 can be confusing... computer security, and serves as a clearinghouse for security information The Institute offers many other services to members and the community on a for-profit basis Of particular use is an annual Computer Security Buyer's Guide that lists sources of software, literature, and security consulting You may contact CSI at: Computer Security Institute 600 Harrison Street San Francisco, CA 94107 +1-4 15- 9 05- 2626... connect to port 25 (the SMTP port) to fake some mail without going through the normal mailer: % telnet control.mil 25 Trying 45. 1.12.2 Connected to hq.control.mil Escape character is '^]' 220-hq.control.mil Sendmail 8.6.10 ready at Tue, 17 Oct 19 95 20:00:09 - 050 0 220 ESMTP spoken here HELO kaos.org 250 hq.control.mil Hello kaos.org, pleased to meet you MAIL FROM: 250 Sender... systems must also use DNS to resolve hostnames outside the local organization 16.1 Networking 16.3 IP Security [ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ] file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/ch16_02.htm ( 15 of 15) [2002-04-12 10:44:39] [Appendix F] Organizations Simpo PDF Merge and Split Unregistered Version . 19 95 20:00:09 - 050 0 220 ESMTP spoken here HELO kaos.org 250 hq.control.mil Hello kaos.org, pleased to meet you MAIL FROM:<agent86@control.gov> 250 <agent86> Sender ok RCPT TO:<agent99@control.mil> 55 0. exec Executes commands on a remote UNIX host 51 3 login Logs in to a remote UNIX host 51 4 shell Retrieves a shell on a remote UNIX host 51 5 printer Remote printing 54 0 uucp Runs UUCP over TCP/IP (primarily. ok RCPT TO:<agent99@control.mil> 55 0 <agent99> Recipient ok DATA [Chapter 16] 16.2 IPv4: The Internet Protocol Version 4 file:///C|/Oreilly Unix etc/O'Reilly Reference Library/networking/puis/ch16_02.htm