[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Protecting local news from Suck
From:       Benedikt Stockebrand <benedikt () devnull ! ruhr ! de>
Date:       1997-01-31 17:47:13
[Download RAW message or body]

gvc@ocsystems.com (G. Vincent Castellano) writes:

> We are in the process of configuring a firewall.  We use
> local newsgroups for discussions internally and want to be
> able to see our 'private' news on the same newsreaders as
> the World of Usenet.  My fear is that someone will be able
> to coerce our newsserver into broadcasting sensitive
> internal newsgroups.
> 
> I have heard that there is a tool called 'suck' which is
> designed to do just this.  Is there such a tool?  If so,
> how can I be sure I'm safe from it?

AFAIK suck is a tool that provides a ``mini'' news spool with news
from a remote NNTP server.  If you don't want your local news to be
available outside, either don't allow incoming NNTP access to your
server or configure it so it won't allow incoming connections to
retrieve your local news.  At least nntpd seems to allow this (config
file seems to be nntp_access).

However, I've never used suck or tried to deal with this problem, so
don't quote me on this.


    Ben

-- 
Ben(edikt)? Stockebrand    Runaway ping.de Admin---Never Ever Trust Old Friends
My name and email address are not to be added to any list used for advertising
purposes.  Any sender of unsolicited advertisement e-mail to this address im-
plicitly agrees to pay a DM 500 fee to the recipient for proofreading services.

[prev in list] [next in list] [prev in thread] [next in thread]