NNTP reading

Risk Level: Low risk vulnerability  Low

Check or Attack Name: nntpread
Platforms: Any
Description:

NNTP has been detected as running, and users can read newsgroups without authorization. Your resources (and private company information, if your server is for private newsgroups) may be obtained and read by unauthorized users.
Remedy:

Disable the NNTP daemon or restrict access to newsgroups.

Unix: To disable the NNTP daemon, follow these steps:

  1. Edit the /etc/inetd.conf (or equivalent) file.
    2. Locate the line that controls the daemon.
  2. Type a # at the beginning of the line to comment out the daemon.
  3. Restart inetd.

—OR—

To restrict access:

  1. Edit the /usr/lib/news/nntp_access file.
  2. Change the line starting with default to default no no.

Windows: To disable the NNTP service from Windows NT, follow these steps:

  1. Open the Services control panel.
  2. Select the service.
  3. Click Stop.
  4. When the service has stopped, click Startup.
  5. Choose one of these options:
    • To permanently disable the service, click Disabled.
    • To turn the service off unless manually activated by the user or a program, click Manual.
  6. Click OK, then click Close.
References:
X-Force Logo
Know Your Risks