[unisog] sendmail vulnerability / impact

Arnold, Jamie harnold at binghamton.edu
Fri Mar 7 15:49:59 GMT 2003


If you're going to block 25, what about the more secure methods of sending
mail?  SSLSMTP, etc?  Do you block those ports as well?

I'm interested in this as we wonder if restricting servers in the dorms
would be a good thing (for us) or if it would cause a huge problem
politically.

J

-----Original Message-----
From: Robin Anderson [mailto:robin at umbc.edu] 
Sent: Friday, March 07, 2003 9:32 AM
To: unisog at sans.org
Subject: [unisog] sendmail vulnerability / impact



In response to the most recently published sendmail vulnerability, we were
given permission to block inbound port 25 traffic at our ResNet border. To
date, we've only received one complaint about this action, but our CIO wants
us to ask other university security folks about what they have done.

So here goes:

1) Has anyone else summarily blocked port 25 traffic (in or out) for
   their ResNet?

  a) If you have NOT blocked port 25, have you had problems/incidents
     relating to the sendmail vulnerability?  Do you have a generally
     laissez-faire approach to ResNet, or do you try to alert them to new
     vulnerabilities, fixes, etc?

  b) If you HAVE blocked port 25, do you have any data to support it as a
     good decision?  (I know it's hard to prove a negative and that "we
     haven't been hacked, so it must be working" is sometimes the best we
     can offer.)  Any complaints?


2) Has anyone seen evidence of the exploit (successful or not) at their
   site?

Basically, our CIO is considering lifting the port 25 ban if no one has seen
activity related to the sendmail hole.  Even evidence of a couple
compromised systems or broad probes for the hole across multiple sites might
keep the lockdown in place.  Thanks in advance!

---
Robin Anderson				Unix SysAdmin, Specialist / Security
Office of Information Technology	Univ. of MD, Baltimore County (UMBC)

PGP fingerprint: (resumbc99) 1024/5B5A87A
DA F3 7F 1E D3 75 28 9F  75 7D 6A 0C 10 8D CE 35

"Pulvis et umbra sumus." (We are but dust and shadow.)  --  Horace




More information about the unisog mailing list