Connection to Webmin
Nathaniel Hall
halln at otc.edu
Mon Dec 13 21:25:35 UTC 2004
True, webmin does use the loopback interface. However, every read or
change must be transmitted two and from the client machine, including
the username and password used to access it. Anybody on the inside of
the network could easily sniff all of the information they need.
Nathaniel Hall, GSEC
Intrusion Detection and Firewall Technician
Ozarks Technical Community College -- Office of Computer Networking
halln at otc.edu
417-447-7535
James Wilkinson wrote:
>In this particular example, it's merely bad practice. It's safe enough
>in that example because the data never leaves the machine (it will go
>over the loopback interface). And if the computer is properly
>firewalled, no-one can get at port 10000 from outside. And the standard
>Fedora firewall will do this.
>
More information about the fedora-list
mailing list