#! /bin/sh
# adaptible for upd also
export TCPPRTS=`netstat -na -t | grep "^tcp" | sed "s/^[^:]*:\(.\).*/\1/g"
| sort -nu`
echo "Active tcp ports:" $TCPPRTS
for PRT in ${TCPPRTS} ; do
echo port number $PRT : `grep "[^0123456789]${PRT}\/tcp" /etc/services`
export TPID=`fuser ${PRT}/tcp |
a note to sparc users (and others): the versions of ssh and ssh-askpass-gnome
referenced below and to be found at
http://security.debian.org/dists/stable/updates/main/binary-sparc/ssh_1.2.3-9.2_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/ssh-askpass-gnome_1.2.3-9.2_s
On Thursday 08 February 2001 21:21, Rolf Kutz wrote:
> Wade Richards ([EMAIL PROTECTED]) wrote:
> > I've got a rescue CD with most of the packages on it, and most(*) of
> > those packages include MD5 sums for all the files.
> >
> > There should be a way to, after booting up on my rescue CD, check a
a note to sparc users (and others): the versions of ssh and ssh-askpass-gnome
referenced below and to be found at
http://security.debian.org/dists/stable/updates/main/binary-sparc/ssh_1.2.3-9.2_sparc.deb
http://security.debian.org/dists/stable/updates/main/binary-sparc/ssh-askpass-gnome_1.2.3-9.2_
On Thursday 08 February 2001 21:21, Rolf Kutz wrote:
> Wade Richards ([EMAIL PROTECTED]) wrote:
> > I've got a rescue CD with most of the packages on it, and most(*) of
> > those packages include MD5 sums for all the files.
> >
> > There should be a way to, after booting up on my rescue CD, check
Wade Richards ([EMAIL PROTECTED]) wrote:
> I've got a rescue CD with most of the packages on it, and most(*) of
> those packages include MD5 sums for all the files.
>
> There should be a way to, after booting up on my rescue CD, check all
> my files against the MD5 checksums on the CD (ignoring t
All this discussion about the possibility of "script kiddies" installing
root kits, and overwriting various important system files, makes me think
of a useful potential feature. And since this is Debian, I figure there's
a good chance that this useful feature already exists, and I just don't
know
Wade Richards ([EMAIL PROTECTED]) wrote:
> I've got a rescue CD with most of the packages on it, and most(*) of
> those packages include MD5 sums for all the files.
>
> There should be a way to, after booting up on my rescue CD, check all
> my files against the MD5 checksums on the CD (ignoring
All this discussion about the possibility of "script kiddies" installing
root kits, and overwriting various important system files, makes me think
of a useful potential feature. And since this is Debian, I figure there's
a good chance that this useful feature already exists, and I just don't
know
On Thu, 08 Feb 2001, Christian Hammers wrote:
> > Currently it won't. :-\ You would have to get the packages yourself
> > and check the md5sums.
> Which were of course altered by the cracker. Bad idea.
Just subscribe to debian-devel-changes or debian-changes @lists.debian.org,
the .changes files
I ran apt-setup and it automatically added my local mirrors. I'm not sure if
it wipes your previous sources.list though...
GBY
> Currently it won't. :-\ You would have to get the packages yourself
> and check the md5sums.
Which were of course altered by the cracker. Bad idea.
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet & Security for
Anybody know if apt will do any sort of verification of checksums or
anything to validate the package is from debian? I'm using apt to
automate priority security updates on several of my customers firewalls
and i'm curious that is somebody poisons some routes and/or dns caches, we could
have seriou
On Thu, 08 Feb 2001, Christian Hammers wrote:
> > Currently it won't. :-\ You would have to get the packages yourself
> > and check the md5sums.
> Which were of course altered by the cracker. Bad idea.
Just subscribe to debian-devel-changes or debian-changes @lists.debian.org,
the .changes file
I ran apt-setup and it automatically added my local mirrors. I'm not sure if
it wipes your previous sources.list though...
GBY
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> Currently it won't. :-\ You would have to get the packages yourself
> and check the md5sums.
Which were of course altered by the cracker. Bad idea.
bye,
-christian-
--
Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0
[EMAIL PROTECTED] Internet & Security for
On Thu, 8 Feb 2001, Desai, Jason wrote:
> Hello.
>
> Can someone tell me the difference between packages in the
> dists/potato-proposed-updates and packages on the security.debian.org site?
> I had been using the proposed-updates in my sources.list file for a while,
> but I have not found the upd
I have recently been to the www.debian.org looking for the latest sites to
add to my sources.list file. I could not find them even though I know that I
have seen them there before. Could anyone give me a hand and let me know
what entries to include there. I am currently using:
#STABLE
deb http://h
Anybody know if apt will do any sort of verification of checksums or
anything to validate the package is from debian? I'm using apt to
automate priority security updates on several of my customers firewalls
and i'm curious that is somebody poisons some routes and/or dns caches, we could
have serio
On Thursday 08 February 2001 03:19, Bradley M Alexander wrote:
> On Wed, Feb 07, 2001 at 05:12:48PM -0500, Matthias G. Imhof wrote:
> > Running lsof as root or various versions of netstat showed that
> > portsentry owns these ports :-)
>
> This is quite true. I remember now that I had the same issu
Hello.
Can someone tell me the difference between packages in the
dists/potato-proposed-updates and packages on the security.debian.org site?
I had been using the proposed-updates in my sources.list file for a while,
but I have not found the updated bind package there. But I did find it on
the se
On Thu, 8 Feb 2001, Desai, Jason wrote:
> Hello.
>
> Can someone tell me the difference between packages in the
> dists/potato-proposed-updates and packages on the security.debian.org site?
> I had been using the proposed-updates in my sources.list file for a while,
> but I have not found the up
I have recently been to the www.debian.org looking for the latest sites to
add to my sources.list file. I could not find them even though I know that I
have seen them there before. Could anyone give me a hand and let me know
what entries to include there. I am currently using:
#STABLE
deb http://
On Thursday 08 February 2001 03:19, Bradley M Alexander wrote:
> On Wed, Feb 07, 2001 at 05:12:48PM -0500, Matthias G. Imhof wrote:
> > Running lsof as root or various versions of netstat showed that
> > portsentry owns these ports :-)
>
> This is quite true. I remember now that I had the same iss
Hello.
Can someone tell me the difference between packages in the
dists/potato-proposed-updates and packages on the security.debian.org site?
I had been using the proposed-updates in my sources.list file for a while,
but I have not found the updated bind package there. But I did find it on
the s
On Wed, 7 Feb 2001, Matthias G. Imhof wrote:
> Running lsof as root or various versions of netstat showed that portsentry
> owns
> these ports :-)
Glad to hear it was a false alarm. Sorry to have alarmed you.
Bye
Giacomo
_
Giacom
On Wed, 7 Feb 2001, Carl Brock Sides wrote:
> My immediate guess, upon seeing anything running on 31337, is that
> you've been "0wn3d", as the script kiddies put it, and maybe lsof has
> been trojaned not to list the attacker's processes.
>
> You are running lsof as root, right? It won't show you
On Wed, 7 Feb 2001, Aaron Dewell wrote:
> Well, finger is probably running through inetd... Either that or you
> are running that scanner detecter package that binds to every port
> known in the universe.
He said he checked inetd.conf, and whatever is bound to any port lsof
should report it. It
On Wed, 7 Feb 2001, Matthias G. Imhof wrote:
> Performing strobe or nmap on my system, I get, e.g., the following list:
(omissis)
It is very likely that your host has been compromised and a rootkit
installed. Do not trust any of the utilities on that host. Instead, boot
off a (trusted) rescue cd
On Wed, 7 Feb 2001, Matthias G. Imhof wrote:
> Running lsof as root or various versions of netstat showed that portsentry owns
> these ports :-)
Glad to hear it was a false alarm. Sorry to have alarmed you.
Bye
Giacomo
_
Giacomo
On Wed, 7 Feb 2001, Carl Brock Sides wrote:
> My immediate guess, upon seeing anything running on 31337, is that
> you've been "0wn3d", as the script kiddies put it, and maybe lsof has
> been trojaned not to list the attacker's processes.
>
> You are running lsof as root, right? It won't show yo
On Wed, 7 Feb 2001, Aaron Dewell wrote:
> Well, finger is probably running through inetd... Either that or you
> are running that scanner detecter package that binds to every port
> known in the universe.
He said he checked inetd.conf, and whatever is bound to any port lsof
should report it. I
On Wed, 7 Feb 2001, Matthias G. Imhof wrote:
> Performing strobe or nmap on my system, I get, e.g., the following list:
(omissis)
It is very likely that your host has been compromised and a rootkit
installed. Do not trust any of the utilities on that host. Instead, boot
off a (trusted) rescue c
33 matches
Mail list logo
