REXEC

by Andreas Schmidt.
Share
|
Homepage | Submit your article | Contact | TOS
More articles on protocols  

You are here: Categories » Electronics and communication » Protocols

REXEC is often confused with the other r services. However, it bears no relationship to them. REXEC runs on TCP port 512.

UNIX distributions often ship without an REXEC client program—for some, this makes the service all the more mysterious.

The REXEC protocol is predominately used by application programmers to remotely connect to a UNIX system, run a command, and exit. They do this via the REXECREXEC library call. REXEC uses standard username and password authentication. All communications are sent in clear text between client and server.

REXECREXEC Risks

· Brute-force login attempts might go unnoticed as the REXEC daemon performs pitiful logging.

· Communications are unencrypted so that all the MITM is active, and passive attacks apply.

· There is no access-control built in to REXEC. Beyond disabling the service or using third-party software, you cannot define which users can use the service. Therefore a user who normally logs in via a secure protocol could end up inadvertently sending his password (and more) across the network in plaintext, simply by using a client application which relies on REXEC.

· Some REXEC daemons produce a different error message to a client, depending on whether the username or password was incorrect. This behavioral difference permits attackers to ascertain valid usernames. Again, your system is disclosing information.

Securing REXEC

· Disable REXEC. If client applications rely upon it, figure out a migration path away and then disable it.

· If disabling is not an option, consider using SSH to tunnel the protocol. SSH provides remote terminal access.

Share
Leave a comment or ask a question
Total comments: 0

Protocols Disclaimer

  • The e-articles directory is not responsible for any and all copyright infringements by writers and authors. If you suspect the information contained by this page for any copyright infringements, please contact us to investigate the issue
History of the Internet - During the 1960s, the U.S. Department of Defense’s Advanced Research Projects Agency (ARPA, later called DARPA) began an experimental wide area network (WAN) that spanned the United States (more...)
Internet Protocol - The Internet Protocol (IP) part of the TCP/IP suite is a four-layer model. IP is designed to interconnect networks to form an Internet to pass data back and forth. IP contains addressing and contro (more...)
Transmission Control Protocol - IP has many weaknesses, one of which is unreliable packet delivery—packets may be dropped due to transmission errors, bad routes, and/or throughput degradation. The Transmission Control Proto (more...)
Internet Control Message Protocol ICMP - The Internet Control Message Protocol (ICMP) delivers message packets, reporting errors and other pertinent information to the sending station or source. Hosts and infrastructure equipment use this (more...)
THE WEB APPLICATION ARCHITECTURE - Web application architectures most closely approximate the centralized model of computing, with many distributed “thin” clients that typically perform little more than data presentati (more...)
DNS risks and security - DNS is the Domain Name System. It's a UDP- and TCP-based protocol that listens on port 53. TCP connections are commonly used for zone transfers. The DNS matches IP addresses to hostname (more...)
FTP with IPv6 - FTP has been designed to work over IPv4 supporting 32-bit addresses. With RFC 2428, "FTP Extensions for IPv6 and NATs," a specification was made that allows FTP to work over IPv4 and IPv6. Duri (more...)
DNS in the IPv6 world - DNS is used in the IPv4 world to do name-to-address mappings and vice versa. This is not changing in the IPv6 world. The need for DNS is actually much greater because of the length of IPv6 addr (more...)
RADIUS Vulnerabilities - RADIUS is known to have a set of weaknesses that are either presented in the protocol itself or caused by poor client implementation. The stateless UDP protocol itself allows easier packet forg (more...)
DHCP with IPv6 - DHCP is widely used to configure hosts with their IPv4 addresses and additional information. If you have an IPv6 network, you do not need DHCP to configure your hosts with address information. (more...)
 
free content
    Copyright © 2006 - 2012 e-articles.info.
The texts, articles and tutorials in the directory are property of their respective owners and authors.