Eighth Layer Newsletter February 2001

CONTENTS

Introduction
Eighth Layer News
        Postfix
Not in The Fine(?) Manual
        Most sendmail installations need updating
        DNS Servers under widespread attack
        CISCO release security warning
Industry News
        Google buys a Usenet Archive
Subscription Details

==========================================

Introduction

Hi,

this months quiz question is "who shortened February?" - no prizes
unless someone really wants my audio tape copy of 'The Road Ahead' by
Bill Gates?

I hope to bring you articles on both DNS and our early experiences with
OpenLDAP next month, but this month we have a short issue covering
mostly security issues.

Simon

==========================================

Eighth Layer News

Business continues - everone seems to want to know about DNS (or Domain
Name Service) - so I should be even busier in the days ahead

I've been experimenting with Postfix, which is a replacement for
sendmail written by the same guy who wrote TCP Wrapper,Wietse. It seems
ideal for large mail relay servers (such as an ISP might what to set up)
and can be used as a simple, and more secure, replacement for the Unix
sendmail program on any Unix system.

http://www.postfix.org/

==========================================

Not in the Fine(?) Manual

Most Sendmail installation need updating!

My experiments with Postfix led me to the qmail web site, and the
wonderful statistic that the majority of servers running sendmail are
using versions that have known security problems!

More than a quarter of all Internet mail servers thus have known
security issues.

Eric Allman's sendmail is still the most widely used MTA on the
Internet, but perhaps it is time you switched - it needn't be painful as
most of the replacements are easier to use (Exim, Qmail, Postfix), and
Eighth Layer can help.

******************************************

DNS Servers subject to widespread Attacks

ISC recently released a security fix to BIND. At the time I was writing
a paper on the various common problems with BIND installations. Whilst
the paper seems doomed never to be finished one finding is worth
pondering....

More than 35% of DNS servers were upgraded to a version of BIND free of
the problem within one week of the announcement.

CERT have just issued a security warning saying that attempts against
this weakness are widespread. Also a number of requests to the
BIND-USERS mailing list suggest that attacks against vulnerable versions
of BIND are now extremely widespread. I've never seem this much evidence
of subversive network activity on Usenet outside of alt.virus (and we
are only seeing those people who spot something happening).

If you haven't patched Internet facing DNS servers by now you could be
in big trouble. DO IT NOW.

http://www.isc.org

******************************************

CISCO Announce SNMP Problem

Less anyone is still feeling that their Internet servers are safe and
dandy - CISCO have just made public an SNMP problem with many of their
routers.

Basically some routers respond to SNMP requests for the community string
ILMI - this can be used to extract administrative information, modify
some information, and rather lamely cause DoS if people flood a router
with SNMP requests.

Most ISP's were informed privately of this problem over the last week.

http://www.cisco.com/warp/public/707/ios-snmp-ilmi-vuln-pub.shtml

==========================================

Industry News

Google buy the Usenet Archive

Remember www.deja.com, well the Internet search engine company Google
have bought the archive. The equivalent of the old 'Power Search' URL is
given below.

The archiving of Usenet is a valuable public service (undertaken by
several groups) and Google deserve credit for taking this task on.

Google had already replaced Altavista as my Internet Search Engine of
choice.

http://groups.google.com/advanced_group_search

==========================================

Subscription Details

Eighth Layer News subscription is still done the old fashion way by
hand.

The newsletter is free, and you are welcome to pass it on to colleagues,
but please do encourage them to subscribe, so I know who I'm writing
for.

To subscribe or unsubscribe e-mail
Simon.Waters@eighth-layer.com
Copyright Eighth Layer Limited 2001.
Archive copies are kept on the website
http://www.eighth-layer.com
--
Want to learn about Linux? Get it installed?
Devon and Cornwall LUG Event for UK Linux Day
Exeter University - Sunday April 29th 2001 10:00 to 17:00
www.linuxday.org.uk or join D&C LUG www.lug.termisoc.org