[bf1942] bf1942 exploit
Daniel Valois
ninzor at packet-kids.com
Wed Feb 26 16:54:43 EST 2003
----- Original Message -----
From: "Brad Davidson" <kiloman at oatmail.org>
To: <bf1942 at icculus.org>
Sent: Wednesday, February 26, 2003 3:43 PM
Subject: Re: [bf1942] bf1942 exploit
> Daniel Valois said:
> > http://archives.neohapsis.com/archives/bugtraq/2003-02/0342.html
> Would be nice if the SOB had tested with a modern version of BF. Rconsole
> on 1.2 sucked ass in general, I'm sure there's a lot more stuff that could
> kill it. Shit, I could kill it by using their actual rconsole tool
> occasionally.
>
> If you're worried about it right now, set up an IPFilter rule that only
> allows connections to the rconsole port from certain IPs that you trust,
> or use TCP Wrappers to do the same.
DONE :)
> Actually, this is probably a good idea in general, since there's nothing
> preventing anyone from brute-forcing the password over time.
>
> This is Linux. If you're running BF as a priviledged user and don't have
> any other security set up to prevent people from getting in to the system,
> you're not prepared to use Unix. Firewall rules, chroot jails, and
> nonpriviledged operation should be part of running ANY publically
> accessable service, especially closed-source ones whose code integrity
> cannot be verified.
YEAH. i got all that. and some other little safeguards as well.
just wanted to let everyone else know.
More information about the Bf1942
mailing list