Check or Attack Name: nntppost

NNTP has been detected as running, and users can post to newsgroups without authorization. If the attacker has read access to the nntpd daemon, then your resources (and private company information, if your news server is for private newsgroups) may be obtained and used by unauthorized users. If posting access is allowed to the server, the NNTP server can be an access point for malicious users to post anonymous and possibly illegal information to the world from your computers.

Disable the NNTP daemon or restrict access to newsgroups.

Unix: To disable the NNTP daemon, follow these steps:

1. Edit the /etc/inetd.conf (or equivalent) file.
2. Locate the line that controls the daemon.
3. Type a # at the beginning of the line to comment out the daemon.
4. Restart inetd.

To restrict access:

1. Edit the /usr/lib/news/nntp_access file.
2. Change the line starting with default to default no no.

Windows: To disable the NNTP service from Windows NT, follow these steps:

1. Open the Services control panel. From the Windows NT Start menu, select Settings, Control Panel, Services.
2. Select the service.
3. Click Stop.
4. When the service has stopped, click Startup.
5. Choose one of these options:
• To permanently disable the service, click Disabled.
• To turn the service off unless manually activated by the user or a program, click Manual.
6. Click OK, then click Close.