From owner-FreeBSD-users-jp@jp.FreeBSD.org Sat Feb 15 23:16:07 2003
Received: (from daemon@localhost)
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) id h1FEG7941538;
	Sat, 15 Feb 2003 23:16:07 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from neutron.pharm.tohoku.ac.jp (neutron.pharm.tohoku.ac.jp [130.34.222.180])
	by castle.jp.FreeBSD.org (8.11.6+3.4W/8.11.3) with ESMTP/inet id h1FEG6J41533
	for <FreeBSD-users-jp@jp.freebsd.org>; Sat, 15 Feb 2003 23:16:06 +0900 (JST)
	(envelope-from okubo@neutron.pharm.tohoku.ac.jp)
Received: from [10.0.1.11] ([133.30.103.209])
	by neutron.pharm.tohoku.ac.jp (8.12.6/8.12.6/T.Hoshi_021211) with SMTP id h1FEG6cV027640
	for <FreeBSD-users-jp@jp.freebsd.org>; Sat, 15 Feb 2003 23:16:06 +0900 (JST)
Message-Id: <200302151416.h1FEG6cV027640@neutron.pharm.tohoku.ac.jp>
To: FreeBSD-users-jp@jp.FreeBSD.org
From: okubo@neutron.pharm.tohoku.ac.jp (Susumu Okubo)
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-2022-jp
X-Mailer: Eudora-J(1.3.8.8r6-J16)
Reply-To: FreeBSD-users-jp@jp.FreeBSD.org
Precedence: list
Date: Sat, 15 Feb 2003 23:16:07 +0900
X-Sequence: FreeBSD-users-jp 73449
Subject: [FreeBSD-users-jp 73449] Re: security setting SSH, netatalk
Errors-To: owner-FreeBSD-users-jp@jp.FreeBSD.org
Sender: owner-FreeBSD-users-jp@jp.FreeBSD.org
X-Originator: okubo@neutron.pharm.tohoku.ac.jp
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+030107

$BBg5WJ]$G$9!#(B
$BCY1d%l%9$G$9$$$^$;$s!#(B

At 9:38 PM 2003.2.12 +0900, Masafumi Otsune wrote:
>$B$*$*$D$M$G$9!#(B
>
>On 2003.2.12, at 21:12 Asia/Tokyo, Susumu Okubo wrote:
>> $B$7$+$7!"$$$/$D$+LdBj$,$^$@;D$C$F$$$^$7$F!"(B
>>
>> $B$=$H$+$i(B netatalk$B$N(B ip talk$B$G%"%/%;%92DG=$K$J$C$?!#(B
>> in house$B$N(Bwin2K$B$+$i(Bsamba$B6&M-$O$G$-$k!#(B
>>
>> in house$B$N(BMac$B$+$i(B ssh $B$G%"%/%;%9=PMh$J$$(B
>> $B30$+$i(B windows$B$G$N6&M-$O$G$-$J$$(B

$B$3$N>u67$G$9$,!"(B/etc/rc.conf $B$N(B default gateway$B$N@_Dj$,(B
$B4V0c$C$F$$$F!"(Bfirewall$B$K$J$C$F$$$?$N$,860x$@$C$?$h$&$G$9!#(B
in house, $B30$H$b$K(Bssh$B$N%"%/%;%9$,$G$-$^$7$?!#(B
$B$7$+$7!"30$+$i$N!J(Bsubnet$B$r$^$?$$$@!K(B windwos$B$+$i$N%"%/%;%9(B
$B$,$G$-$^$;$s(B

>>
>> $B<j$J6q9g$J$N$G$9!#(B
>
>netstat -an
>netstat -rn
>lsof
>sockstat
>$B$"$?$j$G(B548/afpovertcp$B$H$+(B22$B$H$+(B137-139$B$,$I$&$J$C$F$$$k$+!#(B
>$B>e5-$N=PNO$r(Bafpd$B$d(Bnmbd,smbd$B$H$$$&L>A0$G(Bgrep$B$7$F$_$k$HJ,$+$j$d$9$$$H;W$$$^$9!#(B


> netstat -an | grep afpd
> netstat -an | grep nmbd
> netstat -an | grep smbd
> netstat -rn | grep afpd
> netstat -rn | grep nmbd
> netstat -rn | grep smbd
> lsof
lsof: Command not found.
> sockstat | grep afpd
kyokugen afpd       502    0 tcp4   10.0.1.210:548        10.0.1.10:49182
kyokugen afpd       458    0 tcp4   10.0.1.210:548        10.0.1.19:49154
root     afpd       121    2 tcp4   *:548                 *:*
kyokugen afpd       502    3 dgram  syslogd[76]:3
kyokugen afpd       458    3 dgram  syslogd[76]:3
root     afpd       121    3 dgram  syslogd[76]:3
> sockstat | grep nmbd
root     nmbd       126    6 udp4   *:137                 *:*
root     nmbd       126    7 udp4   *:138                 *:*
root     nmbd       126    8 udp4   10.0.1.210:137        *:*
root     nmbd       126    9 udp4   10.0.1.210:138        *:*
root     nmbd       126   10 udp4   133.30.xxx.xxx:137    *:*
root     nmbd       126   11 udp4   133.30.xxx.xxx:138    *:*
> sockstat | grep smbd
root     smbd       128    9 tcp4   *:139                 *:*


133.30.xxx.xxx$B$O30B&$N(Bhost adapter$B$N(BIP address$B$H$J$C$F$$$^$9!#(B

>$B$"$H(B/etc/rc.conf$B$K(B
> > ifconfig_rl0="inet 123.456.890..203  netmask 255.255.255.0"
>$B$H$$$&5-=R$,M-$j$^$7$?$,!"(B
>ifconfig
>$B$9$k$H$I$s$J(BIP$B$,$U$i$l$F$$$^$9$+!)(B

rl0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        inet 133.30.xxx.xxx netmask 0xffffff00 broadcast 133.30.xxx.255

$B$H$$$&6q9g$G!"30B&$N(Bhost adapter$B$N(BIP address$B$H$J$C$F$$$^$9!#(B

>$B$"$H$O(B
>/etc/hosts.allow
>$B$H$+!#(B
>$B$3$N$"$?$j$r%A%'%C%/$7$F$_$F$O!#(B
>
>$B$"$H0lHV=EMW$J$N$O!"$=$N@\B3$7$?$$%[%9%H$KBP$7$F(Btraceroute$B$9$k$HFO$$$F$$$k$N$+!#(B
>$B$H$$$&$3$H$G$9!#(B

netbios$B$"$?$j$N(B port$B$,(Brouter$B$H$+$G;&$5$l$F$$$k2DG=@-$,$"$k$s$G$O!)(B
$B$H;W$$=P$7$F$-$F!"(B
netbios$B$J$I$N(Bwindows$B%U%!%$%k6&M-$G;H$o$l$k(Bport$B$,(Brouter$B$,DL$7$F$/$l$F(B
$B$$$k$N$+$H$$$&$N$O$I$&$d$C$?$iD4$Y$i$l$^$9$+!)(B


#  Susumu Okubo          /co Dr. Hoshi Dept. Pharm. Tohoku Univ.            #
#  Molecular Photoscience Research Center and Department of Physics         #
#  Kobe Univ., 1-1 Rokkodai, Nada, Kobe 657-8501, JAPAN                     #

