Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Focus-Sun
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: SunScreen and Broadcasts

from [dpk] Network Security [Permanent Link]
Subject: Re: SunScreen and Broadcasts
Date: Mon, 11 Apr 2005 09:29:56 -0400 
Crist J. Clark wrote:
[snip]

Now I think that would be a pretty cool feature _iff_ there are
BIG RED FLASHING WARNINGS telling you about it AND there exist
a knob or knobs to turn this behavior off. I have been unable
to get this information yet, waiting for the days to weeks
turnaround from Sun support. Anyone know of workarounds besides
just avoiding "BROADCAST" services? I'm also trying to figure
out which service would allow port 9002/udp broadcasts. I think
it has something to do with "udp_datagram_fwd," but I'm not
sure how to correlate that to a SunScreen service.

The service * should be a big red flashing warning to you in the first place. Are you sure you really want to allow everything? You might try looking at the service "common", which is probably closer to what you really want. Even better, used a stripped down version of it by copying/modifying it to fit your needs.

I should also mention that I would like to do all administration
of this firewall from the CLI. Any advice on how to "correctly"
kill off the Apache server and other stuff that supports the
GUI?


/usr/lib/sunscreen/lib/run_httpd stop

You can permanently disable this by modifying the startup script /usr/lib/sunscreen/lib/ss_boot, commenting out the following line near the bottom:

#$LIB_DIR/run_httpd start

Note, you may have to re-do this modification following patch installs.

Hope this helps,
dpk

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  SunScreen and Broadcasts, Crist J. Clark
Next by Date:  (mis)using RBAC..., Jonathan Katz
Previous by Thread:  SunScreen and Broadcasts, Crist J. Clark
Next by Thread:  (mis)using RBAC..., Jonathan Katz
Indexes:  [Date] [Thread] [Top] [All Lists]