Re: Restricting Access to TCP/IP and DECnet

On Jan 30, 2:25 pm, JF Mezei <jfmezei.spam...@xxxxxxxxxxxxx> wrote:
FrankS wrote:
Removing NETMBX should do the trick, with the caveat that other
functionality may be impacted as well.

You can always grant those applications NETMBX privilege so that users
without netmbx can still use that one application.

If you are concerned about remote users downloading files from the
secure system to their system, you also need to worry about programs
such as kermit that don't need netmbx because they use the existing
"serial line" link back to the remote user. So a user could
theoretically download files to/from with a serial connection file
transfer. And there is extremely little you can do to prevent this,
short of preventing creation of files on the system. (thus preventing
them from downloading a stub that allows them to download the kermit
executable).

It really depends on how paranoid you want to be.

-> If you are concerned about remote users downloading files from the
-> secure system to their system,

You can always download/upload a file to your host via cut/paste -
binary files uuencoded previously -
.