* Jean-Marc Boursot <[EMAIL PROTECTED]> [010406 21:09]:
> They allow telnet and not ssh? Nice!
yeah, afraid of the port-forwarding capabilities in ssh. i can see
their point but i'm just as leery of clear-text transmission. oh, well.
> So you can turn it off.
should of thought of that myself.
On Sat, Apr 07, 2001 at 12:19:38AM -0500, Vinh Truong wrote:
> * Patrick Maheral <[EMAIL PROTECTED]> [010406 16:57]:
> >
> > Is the firewall blocking all traffic that has a destination port 22, or
> > or a source port 22? If only the latter, you can tell your ssh client
> > to use a high port nu
* Patrick Maheral <[EMAIL PROTECTED]> [010406 16:57]:
>
> Is the firewall blocking all traffic that has a destination port 22, or
> or a source port 22? If only the latter, you can tell your ssh client
> to use a high port number. With OpenSSH, from work I use:
> ssh -P home #
* Karl E. Jorgensen <[EMAIL PROTECTED]> [010406 15:23]:
>
> Sounds like you need to talk to your firewall administrator. If you trust
> him that is... How can you be sure that he's not snooping on the passing
> telnet traffic?
hmm, i thought that ssh encrypted traffic between server and client?
* Jean-Marc Boursot <[EMAIL PROTECTED]> [010406 21:09]:
> They allow telnet and not ssh? Nice!
yeah, afraid of the port-forwarding capabilities in ssh. i can see
their point but i'm just as leery of clear-text transmission. oh, well.
> So you can turn it off.
should of thought of that myself.
On Friday 06 April 2001 17:31, Vinh Truong wrote:
> I have sshd set up on my machine at home. Instead of the default
> port 22, I uninstalled telnetd and run sshd on 23. I do this mostly
> because I want to ssh into my machine from work where they don't open
> port 22 on the firewall.
> They do
Ugh. Why did my apt-get dist-upgrades not mention or grab this package?
Btw, now that's it's installed, it's logging correctly..
On Fri, Apr 06, 2001 at 02:26:31PM -0500, Nathan E Norman wrote:
> X-Mailing-List: archive/latest/2255
> Resent-Sender: [EMAIL PROTECTED]
> Resent-Date: Fri, 06 Apr 2
On Friday 06 April 2001 17:31, Vinh Truong wrote:
> I have sshd set up on my machine at home. Instead of the default
> port 22, I uninstalled telnetd and run sshd on 23. I do this mostly
> because I want to ssh into my machine from work where they don't open
> port 22 on the firewall.
> They do
On Fri, Apr 06, 2001 at 10:31:27AM -0500, Vinh Truong wrote:
> I have sshd set up on my machine at home. Instead of the default port
> 22, I uninstalled telnetd and run sshd on 23. I do this mostly because
> I want to ssh into my machine from work where they don't open port 22 on
> the firewall.
Ugh. Why did my apt-get dist-upgrades not mention or grab this package?
Btw, now that's it's installed, it's logging correctly..
On Fri, Apr 06, 2001 at 02:26:31PM -0500, Nathan E Norman wrote:
> X-Mailing-List: <[EMAIL PROTECTED]> archive/latest/2255
> Resent-Sender: [EMAIL PROTECTED]
> Resent
On Fri, Apr 06, 2001 at 10:31:27AM -0500, Vinh Truong wrote:
> I have sshd set up on my machine at home. Instead of the default port
> 22, I uninstalled telnetd and run sshd on 23. I do this mostly because
> I want to ssh into my machine from work where they don't open port 22 on
> the firewall.
On Fri, Apr 06, 2001 at 10:39:47AM -0700, Eric N. Valor wrote:
> Well, most folks like to connect to the Web, so port 80 is a must for that
> (it's 2-way on the same port). 53 is required only if you're running BIND
Is that true? I only block *incoming* port 80, but I'm still able to surf
the
On Fri, Apr 06, 2001 at 03:07:42PM -0400, Damian M Gryski wrote:
> On Fri, 06 Apr 2001, Steve Greenland wrote:
> > On 06-Apr-01, 11:41 (CDT), Damian M Gryski <[EMAIL PROTECTED]> wrote:
> > >
> > >So, this for me pretty much nails it that something is borked with the
> > >sysklogd cron.wee
On Fri, Apr 06, 2001 at 10:31:27AM -0500, Vinh Truong wrote:
> I have sshd set up on my machine at home. Instead of the default port
> 22, I uninstalled telnetd and run sshd on 23. I do this mostly because
> I want to ssh into my machine from work where they don't open port 22 on
> the firewall.
On Fri, 06 Apr 2001, Steve Greenland wrote:
> On 06-Apr-01, 11:41 (CDT), Damian M Gryski <[EMAIL PROTECTED]> wrote:
> >
> >So, this for me pretty much nails it that something is borked with the
> >sysklogd cron.weekly script.
>
> I'd guess that the daemon wasn't restarted after the logs
On 06-Apr-01, 11:41 (CDT), Damian M Gryski <[EMAIL PROTECTED]> wrote:
>
>So, this for me pretty much nails it that something is borked with the
>sysklogd cron.weekly script.
I'd guess that the daemon wasn't restarted after the logs were rotated,
so that all the messages since have been w
On 06-Apr-01, 12:39 (CDT), "Eric N. Valor" <[EMAIL PROTECTED]> wrote:
> Well, most folks like to connect to the Web, so port 80 is a must for that
^^
Uh, no, that's not correct.
Steve, refraining from several more sarcast
On Fri, Apr 06, 2001 at 10:31:27AM -0500, Vinh Truong wrote:
> I have sshd set up on my machine at home. Instead of the default port
> 22, I uninstalled telnetd and run sshd on 23. I do this mostly because
> I want to ssh into my machine from work where they don't open port 22 on
> the firewall.
On Fri, Apr 06, 2001 at 10:39:47AM -0700, Eric N. Valor wrote:
> Well, most folks like to connect to the Web, so port 80 is a must for that
> (it's 2-way on the same port). 53 is required only if you're running BIND
Is that true? I only block *incoming* port 80, but I'm still able to surf
the
At 03:27 AM 4/6/2001 +0200, you wrote:
On Thu, Apr 05, 2001 at 01:40:54PM -0700, Eric N. Valor wrote:
>
> I work from a default-deny stance. Usual things to then allow in would be
> 25 (smtp), 80 (http), 22 (ssh, although be careful here), 53-UDP (DNS, if
This strickes me as odd, warning to be
On Fri, Apr 06, 2001 at 03:07:42PM -0400, Damian M Gryski wrote:
> On Fri, 06 Apr 2001, Steve Greenland wrote:
> > On 06-Apr-01, 11:41 (CDT), Damian M Gryski <[EMAIL PROTECTED]> wrote:
> > >
> > >So, this for me pretty much nails it that something is borked with the
> > >sysklogd cron.we
PS> Hello,
PS> I am running Apache 1.3.9 and I am wondering, if this might be a
PS> security issue. There is always one Apache-process running as root.
PS> [..skip..]
>> From my point of understanding Apache starts as root and then switches
PS> to www-data. Ok, but does this mean, that a host mi
Previously Philipp Schulte wrote:
> I am running Apache 1.3.9 and I am wondering, if this might be a
> security issue. There is always one Apache-process running as root.
That process doesn't process requests, it only accepts connections
and hands them off to the other process. It needs to run as
Hello,
I am running Apache 1.3.9 and I am wondering, if this might be a
security issue. There is always one Apache-process running as root.
$ ps aux | grep apache says:
root 513 0.0 1.0 2496 1276 ?S18:57 0:00
/usr/sbin/apache
www-data 514 0.0 1.0 2520 1272 ?S
On Fri, 06 Apr 2001, Steve Greenland wrote:
> On 06-Apr-01, 11:41 (CDT), Damian M Gryski <[EMAIL PROTECTED]> wrote:
> >
> >So, this for me pretty much nails it that something is borked with the
> >sysklogd cron.weekly script.
>
> I'd guess that the daemon wasn't restarted after the logs
This is a fairly common error w/ 2.4.x. Actually, error is the wrong
word; more like warning. The only reason you're seeing it is because
TCP_DEBUG is defined. If it's annoying, you can undefine it in
linux/include/net/tcp.h.
On Fri, Apr 06, 2001 at 12:03:40PM -0400, Noah L. Meyerhans wrote:
On Fri, 06 Apr 2001, S.Salman Ahmed wrote:
> > "AS" == Andres Salomon <[EMAIL PROTECTED]> writes:
> I am not sure if it has anything to do with the kernel.
I dig a bit of digging on my system and, surprise surprise, March 18th
was the last time kern.log and family were updated too. Now,
On 06-Apr-01, 11:41 (CDT), Damian M Gryski <[EMAIL PROTECTED]> wrote:
>
>So, this for me pretty much nails it that something is borked with the
>sysklogd cron.weekly script.
I'd guess that the daemon wasn't restarted after the logs were rotated,
so that all the messages since have been
On 06-Apr-01, 12:39 (CDT), "Eric N. Valor" <[EMAIL PROTECTED]> wrote:
> Well, most folks like to connect to the Web, so port 80 is a must for that
^^
Uh, no, that's not correct.
Steve, refraining from several more sarcas
Previously Noah L. Meyerhans wrote:
> The IP address, obviously, has been replaced with x's here. I haven't
> ever seen the message before.
You should never get one.
> Might this be an attempt at something like that? Might this merely have been
> a packet that got horribly mangled somewhere on
This was logged by one of my servers the other day (potato, upgraded
with the necessary packages to run kernel 2.4.2):
Mar 31 08:40:48 debian kernel: TCP: peer xxx.xx.xx.xx:41760/20 shrinks
window 3735214707:8280:3735227987. Bad, what else can I say?
The IP address, obviously, has been replaced w
> Any other ideas? I'm starting to wonder if this is a bug in the kernel,
> or w/ the 2.4.3 w/ debian syslog interaction. Mar. 18 and 20th were the
> last days something was logged; this coincides w/ when I switched to
> 2.4.3-pre4 or 2.4.3-pre5 (according to timestamps on ftp.kernel.org).
> Anyo
I have sshd set up on my machine at home. Instead of the default port
22, I uninstalled telnetd and run sshd on 23. I do this mostly because
I want to ssh into my machine from work where they don't open port 22 on
the firewall. They do however allow telnet to the outside. I have
commented out e
On Fri, Apr 06, 2001 at 11:06:26AM -0500, S.Salman Ahmed wrote:
>
> I've noticed the same problem on my firewall system which is running
> kernel-2.4.2 and sid:
>
> -rw-r-1 root adm 0 Mar 25 06:48 kern.log
> -rw-r-1 root adm 0 Mar 18 06:48 lpr.log
>
On Fri, Apr 06, 2001 at 10:55:52AM -0300, H?lio Alexandre Lopes Loureiro wrote:
>
> Verify if your "/etc/syslog.conf" is right:
>
> kern.* -/var/log/kern.log
They are, in fact, tabs. Actually, the syslog.conf file is the one
that came w/ debian's sysklogd package; i haven't touc
At 03:27 AM 4/6/2001 +0200, you wrote:
>On Thu, Apr 05, 2001 at 01:40:54PM -0700, Eric N. Valor wrote:
> >
> > I work from a default-deny stance. Usual things to then allow in would be
> > 25 (smtp), 80 (http), 22 (ssh, although be careful here), 53-UDP (DNS, if
>
>This strickes me as odd, warnin
PS> Hello,
PS> I am running Apache 1.3.9 and I am wondering, if this might be a
PS> security issue. There is always one Apache-process running as root.
PS> [..skip..]
>> From my point of understanding Apache starts as root and then switches
PS> to www-data. Ok, but does this mean, that a host m
Previously Philipp Schulte wrote:
> I am running Apache 1.3.9 and I am wondering, if this might be a
> security issue. There is always one Apache-process running as root.
That process doesn't process requests, it only accepts connections
and hands them off to the other process. It needs to run as
Hello,
I am running Apache 1.3.9 and I am wondering, if this might be a
security issue. There is always one Apache-process running as root.
$ ps aux | grep apache says:
root 513 0.0 1.0 2496 1276 ?S18:57 0:00
/usr/sbin/apache
www-data 514 0.0 1.0 2520 1272 ?S
This is a fairly common error w/ 2.4.x. Actually, error is the wrong
word; more like warning. The only reason you're seeing it is because
TCP_DEBUG is defined. If it's annoying, you can undefine it in
linux/include/net/tcp.h.
On Fri, Apr 06, 2001 at 12:03:40PM -0400, Noah L. Meyerhans wrote
On Fri, 06 Apr 2001, S.Salman Ahmed wrote:
> > "AS" == Andres Salomon <[EMAIL PROTECTED]> writes:
> I am not sure if it has anything to do with the kernel.
I dig a bit of digging on my system and, surprise surprise, March 18th
was the last time kern.log and family were updated too. Now
Previously Noah L. Meyerhans wrote:
> The IP address, obviously, has been replaced with x's here. I haven't
> ever seen the message before.
You should never get one.
> Might this be an attempt at something like that? Might this merely have been
> a packet that got horribly mangled somewhere on
On Friday 06 April 2001 03:47, Andres Salomon wrote:
> i was playing w/ a kernel driver when i noticed the following:
>
> (machine 1)
> -rw-r-1 root adm 0 Mar 25 06:49 /var/log/kern.log
> -rw-r-1 root adm 2259 Mar 20 17:59 /var/log/kern.log.0
>
> (machin
This was logged by one of my servers the other day (potato, upgraded
with the necessary packages to run kernel 2.4.2):
Mar 31 08:40:48 debian kernel: TCP: peer xxx.xx.xx.xx:41760/20 shrinks
window 3735214707:8280:3735227987. Bad, what else can I say?
The IP address, obviously, has been replaced
> Any other ideas? I'm starting to wonder if this is a bug in the kernel,
> or w/ the 2.4.3 w/ debian syslog interaction. Mar. 18 and 20th were the
> last days something was logged; this coincides w/ when I switched to
> 2.4.3-pre4 or 2.4.3-pre5 (according to timestamps on ftp.kernel.org).
> Any
I have sshd set up on my machine at home. Instead of the default port
22, I uninstalled telnetd and run sshd on 23. I do this mostly because
I want to ssh into my machine from work where they don't open port 22 on
the firewall. They do however allow telnet to the outside. I have
commented out
On Fri, Apr 06, 2001 at 11:06:26AM -0500, S.Salman Ahmed wrote:
>
> I've noticed the same problem on my firewall system which is running
> kernel-2.4.2 and sid:
>
> -rw-r-1 root adm 0 Mar 25 06:48 kern.log
> -rw-r-1 root adm 0 Mar 18 06:48 lpr.log
On Fri, Apr 06, 2001 at 10:55:52AM -0300, H?lio Alexandre Lopes Loureiro wrote:
>
> Verify if your "/etc/syslog.conf" is right:
>
> kern.* -/var/log/kern.log
They are, in fact, tabs. Actually, the syslog.conf file is the one
that came w/ debian's sysklogd package; i haven't tou
On Fri, Apr 06, 2001 at 02:47:30AM -0400, Andres Salomon wrote:
> i was playing w/ a kernel driver when i noticed the following:
>
> (machine 1)
> -rw-r-1 root adm 0 Mar 25 06:49 /var/log/kern.log
> -rw-r-1 root adm 2259 Mar 20 17:59 /var/log/kern.log.0
On Friday 06 April 2001 03:47, Andres Salomon wrote:
> i was playing w/ a kernel driver when i noticed the following:
>
> (machine 1)
> -rw-r-1 root adm 0 Mar 25 06:49 /var/log/kern.log
> -rw-r-1 root adm 2259 Mar 20 17:59 /var/log/kern.log.0
>
> (machi
On Fri, Apr 06, 2001 at 02:47:30AM -0400, Andres Salomon wrote:
> i was playing w/ a kernel driver when i noticed the following:
>
> (machine 1)
> -rw-r-1 root adm 0 Mar 25 06:49 /var/log/kern.log
> -rw-r-1 root adm 2259 Mar 20 17:59 /var/log/kern.log.
hi
[...]
> If you disable icmp pings then you can hide from most scans.
... and you break also the RFC ...
---
;---+---;
bye |
bye |hor
i was playing w/ a kernel driver when i noticed the following:
(machine 1)
-rw-r-1 root adm 0 Mar 25 06:49 /var/log/kern.log
-rw-r-1 root adm 2259 Mar 20 17:59 /var/log/kern.log.0
(machine 2)
-rw-r-1 root adm 0 Mar 25 06:49 /var
hi
[...]
> If you disable icmp pings then you can hide from most scans.
... and you break also the RFC ...
---
;---+---;
bye |
bye |hor
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
54 matches
Mail list logo
