From firewalls-gc Fri Jan 31 17:47:13 1997 From: Benedikt Stockebrand Date: Fri, 31 Jan 1997 17:47:13 +0000 To: firewalls-gc Subject: Re: Protecting local news from Suck X-MARC-Message: https://marc.info/?l=firewalls-gc&m=87619433410991 gvc@ocsystems.com (G. Vincent Castellano) writes: > We are in the process of configuring a firewall. We use > local newsgroups for discussions internally and want to be > able to see our 'private' news on the same newsreaders as > the World of Usenet. My fear is that someone will be able > to coerce our newsserver into broadcasting sensitive > internal newsgroups. > > I have heard that there is a tool called 'suck' which is > designed to do just this. Is there such a tool? If so, > how can I be sure I'm safe from it? AFAIK suck is a tool that provides a ``mini'' news spool with news from a remote NNTP server. If you don't want your local news to be available outside, either don't allow incoming NNTP access to your server or configure it so it won't allow incoming connections to retrieve your local news. At least nntpd seems to allow this (config file seems to be nntp_access). However, I've never used suck or tried to deal with this problem, so don't quote me on this. Ben -- Ben(edikt)? Stockebrand Runaway ping.de Admin---Never Ever Trust Old Friends My name and email address are not to be added to any list used for advertising purposes. Any sender of unsolicited advertisement e-mail to this address im- plicitly agrees to pay a DM 500 fee to the recipient for proofreading services.