Email address obfuscation in effect -- please
click here to turn it off.
[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
On Fri, 21 Mar 2008, Christian M. Cepel wrote:
The only reason the server mappings aren't being added for the new
server coe3.missouri.edu is because they are doing away with the ~
accounts... both are unacceptable. If I can figure out a solution that
satisfies the security gurus, then the DNS mappings would be maintained
(I see no reason why they wouldn't).
It seems to me that their problem is that the ~ gives away the username
and this attracts a lot of inappropriate attempts to connect via ftp or
ssh or telnet by scripts that are trying to guess passwords. If they
don't get rid of the old server name, they'll continue to see these
attempts even if the usernames don't exist. So I don't think their
problem can be solved without getting rid of the old server name
altogether.
If they did keep the old server name, they would have to change the names
of all users. If they did that, they could retain a mapping from the old
username to the new one and they could set up the web server to have it
direct the old /~whatever/ to something else.
I think there is another way -- they can keep a computer that does HTTP
redirects only and ignores attempts on all other ports. So point old DNS
records to
httpdirect.missouri.edu (which has many aliases)
When it sees an attempt to connect here...
http://whatever.missouri.edu/~user/blah/
...it redirects it to here:
http://coe3.missouri.edu/Xuser/blah/
Something like that.
Mike
_______________________________________________
members mailing list
EMAIL:PROTECTED
http://mlug.missouri.edu/mailman/listinfo/members
Home | FAQ | Server | Presentations | Mailing Lists/Archives | Member Tools | Links | Sponsors | Contact