Find the answer to your Linux question:
Results 1 to 6 of 6
I was interested to see how secure my information is on my school network. So I run nslookup on my school's webmail domain, and proceed to run a port scan ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Jul 2004
    Posts
    53

    School server.


    I was interested to see how secure my information is on my school network. So I run nslookup on my school's webmail domain, and proceed to run a port scan with nmap. I have found a number of services running on this server. Well over 12 ports are open ranging from finger to msrpc and is even opened up wide for the gnutella network. This is extremely unerving considering the shear amount of sensitive data that they hold on their network. Our SS# is our student ID on the computer database. All new passwords are set to your birthday which also inherintly insecure.

    I was going to share the name of the server with you but now that I think about it, I'm going to keep that info to myself. But what should I do? There is no contact information on the webmail site. No feedback options what so ever.

    Any help is greatly appreciated.

  2. #2
    Linux Guru sarumont's Avatar
    Join Date
    Apr 2003
    Location
    /dev/urandom
    Posts
    3,682
    What type of school is it? Public? University?

    I'd head up to the administration building and talk to someone about it. Basically express your concern at their apparant lack of security on their servers.
    "Time is an illusion. Lunchtime, doubly so."
    ~Douglas Adams, The Hitchhiker's Guide to the Galaxy

  3. #3
    Just Joined!
    Join Date
    Jul 2004
    Posts
    53
    It's a community college. I think I'll bring it up with the head of the Computer Engineering department and see what he thinks.

    I've yet to see how much he really knows about computers, so my efforts may still remain fruitless. At that point I will probably seek out some one in the school administration.

    Thanks for your response.

  4. #4
    Linux Guru sarumont's Avatar
    Join Date
    Apr 2003
    Location
    /dev/urandom
    Posts
    3,682
    Quote Originally Posted by Construct
    It's a community college. I think I'll bring it up with the head of the Computer Engineering department and see what he thinks.

    I've yet to see how much he really knows about computers, so my efforts may still remain fruitless. At that point I will probably seek out some one in the school administration.

    Thanks for your response.
    I've found that even CS proffessors can know little about computers in general as long as they know CS theory. It pisses me off (I ranted about it on the forums last fall ), but it's very common.

    Good luck with it!
    "Time is an illusion. Lunchtime, doubly so."
    ~Douglas Adams, The Hitchhiker's Guide to the Galaxy

  5. #5
    Linux Engineer jledhead's Avatar
    Join Date
    Oct 2004
    Location
    North Carolina
    Posts
    1,077
    might be hard, but you could try and ask the head of the department in front of someone else important, so they can't just brush you off

  6. #6
    Linux Engineer adrenaline's Avatar
    Join Date
    Aug 2004
    Location
    Seattle, Washington
    Posts
    1,058

    Re: School server.

    Quote Originally Posted by Construct
    This is extremely unerving considering the shear amount of sensitive data that they hold on their network. Our SS# is our student ID on the computer database. All new passwords are set to your birthday which also inherintly insecure.

    Any help is greatly appreciated.
    If I were you I wouldn't ever give out that information as passwords. I would lie or tell them that they can't have that information because that is very dangerous. You are saying that all the students that know each other knows the username and passwords, or can be figured out very easily. I would bet though that if this is a M$ server you could probably go in and change your passwords or call someone. I am with you that sucks.
    I think I would close my account or see if you could forward your school email to your more secure mail at home.

    Good Luck
    Mike

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •