Bugtraq mailing list archives
Yet more Rconsole.
From: jb () PRIMENET COM (JB)
Date: Fri, 9 Oct 1998 15:00:12 -0700
Ok, heres a very simple solution: Buy a switch. If an administrator is careless enough to rconsole to their server from a shared hub, where there might be someone sniffing them, then expect what you get. I can understand the "price" problem of buying a switch vs. a hub, however, IMO it's a small price to pay for not having to drive out to a remote site to access my server console. Also, here is the best way to setup (IPX/SPX) rconsole on Netware 4.x: At the server prompt: SERVER:load remote Enter a password for rconsole> <password> SERVER:load rspx SERVER:remote encrypt Enter a password to encrypt
<password>
To use this password use the command: Load REMOTE -E ABCDE12345 Would you like this command written to SYS:SYSTEM\LDREMOTE.NCF (y/n) <y> SERVER:load edit ldremote.ncf In the ldremote.ncf file, you will see the command line from above. Add the line "LOAD RSPX" underneath the Load REMOTE line. Save the file. SERVER:load edit autoexec.ncf Remove any previous references to remote.nlm. Add a line near the bottom (wherever is appropriate for you): "ldremote" (without the quotes of course). Save the file. That's it. Just make sure that in INETCFG, under Manage Configuration/Configure Remote Access To This Server, "Remote Access" is set to Disable. All of this will keep your encrypted password off the public wire, and warm and cozy in the SYS:SYSTEM directory, where it should be. Justin Bodlander Network Systems Engineer Mesa Public Schools, Mesa, AZ.
Current thread:
- Yet more Rconsole. JB (Oct 09)
- False security in switches and a little more Rconsole. Chris Zagar (Oct 12)
- Re: False security in switches and a little more Rconsole. Mark Boolootian (Oct 13)
- A wee caveat - the freeware WAR-ftp server (most versions) Mnemonix (Oct 12)
- Re: A wee caveat - the freeware WAR-ftp server (most versions) Jarle Aase (Oct 14)
- Cisco security notice: CSCdk43920 command history release security-alert () cisco com (Oct 14)
- <Possible follow-ups>
- Re: Yet more Rconsole. Serge Pimenov (Oct 13)
- False security in switches and a little more Rconsole. Chris Zagar (Oct 12)