Well I am not a guru on this subject and did not want to put my nose into that ( well
this is my MsD project at the moment ) but as far as I know impersonation is not the
only thing we try to achieve when we are using such things. We also use one way hash
functions to get a value out of our m
> "ozymandias" == ozymandias G desiderata <[EMAIL PROTECTED]> writes:
ozymandias> Of course, this would be a different story if the web
ozymandias> of trust were in more common usage, but it's not,
Ever think of *why* that is? And whether this is in any way related
to people's keys n
Hello,
--- dude <[EMAIL PROTECTED]> wrote:
> Is there any way to get snort to send more than
> daily reports from snort?
You can set up logging into database (i.e. mysql), the
use acid (http://www.andrew.cmu.edu/~rdanyliw/snort/).
This way you can get reports in any time, by request.
Unfortunely,
> "ozymandias" == ozymandias G desiderata <[EMAIL PROTECTED]> writes:
ozymandias> Of course, this would be a different story if the web
ozymandias> of trust were in more common usage, but it's not,
Ever think of *why* that is? And whether this is in any way related
to people's keys
Hello,
--- dude <[EMAIL PROTECTED]> wrote:
> Is there any way to get snort to send more than
> daily reports from snort?
You can set up logging into database (i.e. mysql), the
use acid (http://www.andrew.cmu.edu/~rdanyliw/snort/).
This way you can get reports in any time, by request.
Unfortunely
dude <[EMAIL PROTECTED]> wrote:
> On Tue, 10 Jul 2001, Jeremy T. Bouse wrote:
>
>>
>> Snort actually dumps the raw packet details into log files in the
>> /var/log/snort directory... These can be open'd using Ethereal and you are
>> able to take a closer look at the packets themselves with
There are probably others out there that can read the snort logs
as they are merely tcpdumps of the offending packets but I have found that
Ethereal is very handy and convient to examing them... So that's my personal
choice... If you find another app that views and interprets the packet log
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hubert Chan <[EMAIL PROTECTED]> writes:
[snip]
> BTW, I don't know why people sign their mail to mailing lists (other than
> things like debian-security-announce). I do it because I think that all
> e-mail, and for that matter, all internet traffic, s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "ozymandias" == ozymandias G desiderata <[EMAIL PROTECTED]> writes:
ozymandias> On Mon, Jul 09, 2001 at 01:23:29PM -0600, Hubert Chan wrote:
Hubert> PS. If you're going to PGP-sign your messages, you might want to
Hubert> upload your key to a se
On Tue, Jul 10, 2001 at 09:28:41AM -0400, dude wrote:
>
>Is there any way to get snort to send more than
>daily reports from snort?
>
>I've looked and cant fidn the answer.
>
>Thanks,
>
>G
I wondered the same thing. Snort uses cron to send daily reports...
If you look in '/etc/cron.dail
On Tue, 10 Jul 2001, Jeremy T. Bouse wrote:
>
> Snort actually dumps the raw packet details into log files in the
> /var/log/snort directory... These can be open'd using Ethereal and you are
> able to take a closer look at the packets themselves with relative ease...
>
So i should use
dude <[EMAIL PROTECTED]> wrote:
> On Tue, 10 Jul 2001, Jeremy T. Bouse wrote:
>
>>
>> Snort actually dumps the raw packet details into log files in the
>> /var/log/snort directory... These can be open'd using Ethereal and you are
>> able to take a closer look at the packets themselves wit
On Tue, Jul 10, 2001 at 09:05:18AM -0400, Jason Healy wrote:
>
> At 994738826s since epoch (07/10/01 02:20:26 -0400 UTC), Micah Anderson wrote:
> > These both seem like excellent practices, for the clueless in all of us -
> > can someone describe how this is done for sudo? How do you configure PAM
There are probably others out there that can read the snort logs
as they are merely tcpdumps of the offending packets but I have found that
Ethereal is very handy and convient to examing them... So that's my personal
choice... If you find another app that views and interprets the packet lo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hubert Chan <[EMAIL PROTECTED]> writes:
[snip]
> BTW, I don't know why people sign their mail to mailing lists (other than
> things like debian-security-announce). I do it because I think that all
> e-mail, and for that matter, all internet traffic,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "ozymandias" == ozymandias G desiderata <[EMAIL PROTECTED]> writes:
ozymandias> On Mon, Jul 09, 2001 at 01:23:29PM -0600, Hubert Chan wrote:
Hubert> PS. If you're going to PGP-sign your messages, you might want to
Hubert> upload your key to a s
On Tue, Jul 10, 2001 at 09:28:41AM -0400, dude wrote:
>
>Is there any way to get snort to send more than
>daily reports from snort?
>
>I've looked and cant fidn the answer.
>
>Thanks,
>
>G
I wondered the same thing. Snort uses cron to send daily reports...
If you look in '/etc/cron.dai
Snort actually dumps the raw packet details into log files in the
/var/log/snort directory... These can be open'd using Ethereal and you are
able to take a closer look at the packets themselves with relative ease...
Respectfully,
Jeremy T. Bouse
dude was said to been seen
On Tue, 10 Jul 2001, Jeremy T. Bouse wrote:
>
> Snort actually dumps the raw packet details into log files in the
> /var/log/snort directory... These can be open'd using Ethereal and you are
> able to take a closer look at the packets themselves with relative ease...
>
So i should use
Is there any way to get snort to send more than
daily reports from snort?
I've looked and cant fidn the answer.
Thanks,
G
On Tue, Jul 10, 2001 at 09:05:18AM -0400, Jason Healy wrote:
>
> At 994738826s since epoch (07/10/01 02:20:26 -0400 UTC), Micah Anderson wrote:
> > These both seem like excellent practices, for the clueless in all of us -
> > can someone describe how this is done for sudo? How do you configure PA
On Tue, Jul 10, 2001 at 09:04:42AM +0200, Philippe BARNETCHE wrote:
> actually, you can get your public key signed by certification authorities.
> That would be ideal, but there aren't many people out there getting their
> keys certified.
Which is for the most part an utter waste of time, as they
On Tue, Jul 10, 2001 at 09:05:18AM -0400, Jason Healy wrote:
> apt-get install libpam-doc libpam-opie libpam-pwdfile
>
> The first is docs, the second is OTP (one time passwords), and the
> third is to authenticate against "passwd-like" files. The idea with
> the third is that you make another pa
ozymandias G desiderata [really?] wrote:
> Of course, this would be a different story if the web of trust were in
> more common usage, but it's not, outside of debian-maintainers and
> some small klatches of die-hard cypherpunks, some of whom are too
> paranoid to admit who they know anyway.
Besi
On Fri, 06 Jul 2001, Philippe Clérié wrote:
> I got the following from snort :
>
> Active System Attack Alerts
> =-=-=-=-=-=-=-=-=-=-=-=-=-=
> Jul 6 07:48:19 canopus snort[3884]: spp_http_decode: IIS Unicode
> attack detected: 128.95.75.153:1647 -> 208.52.11.121:80
>
> Active System Attack Al
At 994738826s since epoch (07/10/01 02:20:26 -0400 UTC), Micah Anderson wrote:
> These both seem like excellent practices, for the clueless in all of us -
> can someone describe how this is done for sudo? How do you configure PAM to
> require alternative passwords, which expire and age, and are dec
Snort actually dumps the raw packet details into log files in the
/var/log/snort directory... These can be open'd using Ethereal and you are
able to take a closer look at the packets themselves with relative ease...
Respectfully,
Jeremy T. Bouse
dude was said to been seen
Title: nomail
nomail
Is there any way to get snort to send more than
daily reports from snort?
I've looked and cant fidn the answer.
Thanks,
G
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
At 994740997s since epoch (07/10/01 03:56:37 -0400 UTC), Ethan Benson wrote:
> detectability is the key here, the case should be locked shut ...
>
> compare this to your envolope idea where the machine need not even be
> shutdown and tell me which is more likely to go by unnoticed.
Okay, we've al
On Tue, Jul 10, 2001 at 09:04:42AM +0200, Philippe BARNETCHE wrote:
> actually, you can get your public key signed by certification authorities.
> That would be ideal, but there aren't many people out there getting their
> keys certified.
Which is for the most part an utter waste of time, as they
On Tue, Jul 10, 2001 at 09:05:18AM -0400, Jason Healy wrote:
> apt-get install libpam-doc libpam-opie libpam-pwdfile
>
> The first is docs, the second is OTP (one time passwords), and the
> third is to authenticate against "passwd-like" files. The idea with
> the third is that you make another p
On Fri, 06 Jul 2001, Philippe Clérié wrote:
> I got the following from snort :
>
> Active System Attack Alerts
> =-=-=-=-=-=-=-=-=-=-=-=-=-=
> Jul 6 07:48:19 canopus snort[3884]: spp_http_decode: IIS Unicode
> attack detected: 128.95.75.153:1647 -> 208.52.11.121:80
>
> Active System Attack Ale
At 994738826s since epoch (07/10/01 02:20:26 -0400 UTC), Micah Anderson wrote:
> These both seem like excellent practices, for the clueless in all of us -
> can someone describe how this is done for sudo? How do you configure PAM to
> require alternative passwords, which expire and age, and are de
Title: nomail
nomail
I've found a bug in the 2.4.6 kernel archive, where can I know if this has
already been reported and where should I report it, if it hasn't been yet ?
(sorry, this is totally off-topic)
Jean-Francois JOLY
ITIN - Institut des Techniques Informatiques
Cergy
At 994740997s since epoch (07/10/01 03:56:37 -0400 UTC), Ethan Benson wrote:
> detectability is the key here, the case should be locked shut ...
>
> compare this to your envolope idea where the machine need not even be
> shutdown and tell me which is more likely to go by unnoticed.
Okay, we've a
I've found a bug in the 2.4.6 kernel archive, where can I know if this has
already been reported and where should I report it, if it hasn't been yet ?
(sorry, this is totally off-topic)
Jean-Francois JOLY
ITIN - Institut des Techniques Informatiques
Cergy
On Mon, Jul 09, 2001 at 08:38:56PM -0500, Martin Maney wrote:
>
> Give me physical access and I don't need your root password, though it may
> help make the job less detectable. But you don't get more security than you
> physically have to begin with.
detectability is the key here, the case shou
actually, you can get your public key signed by certification authorities.
That would be ideal, but there aren't many people out there getting their
keys certified.
On Mon, Jul 09, 2001 at 06:58:24PM -0700, ozymandias G desiderata wrote:
> On Mon, Jul 09, 2001 at 01:23:29PM -0600, Hubert Chan wrot
On Mon, 09 Jul 2001, Jason Healy wrote:
> About the best you can hope for is to log to another machine (so
> sudoers can't hose your logfiles), and be vigilant about checking what
> they do.
>
> Anyway, to your point about passwords, I say again (do we detect a
> theme?): use PAM and make them us
On Mon, Jul 09, 2001 at 08:38:56PM -0500, Martin Maney wrote:
>
> Give me physical access and I don't need your root password, though it may
> help make the job less detectable. But you don't get more security than you
> physically have to begin with.
detectability is the key here, the case sho
42 matches
Mail list logo
