* Javier Fern?ndez-Sanguino Pe?a ([EMAIL PROTECTED]) [010915 17:13]:
> On Mon, Sep 10, 2001 at 05:49:55PM -0700, Vineet Kumar wrote:
> > * Alexander Reelsen ([EMAIL PROTECTED]) [010910 01:24]:
> > > On Sun, Sep 09, 2001 at 06:31:57PM -0400, hpknight wrote:
> > > > It depends on the process that is
* Javier Fern?ndez-Sanguino Pe?a ([EMAIL PROTECTED]) [010915 17:13]:
> On Mon, Sep 10, 2001 at 05:49:55PM -0700, Vineet Kumar wrote:
> > * Alexander Reelsen ([EMAIL PROTECTED]) [010910 01:24]:
> > > On Sun, Sep 09, 2001 at 06:31:57PM -0400, hpknight wrote:
> > > > It depends on the process that is
On Mon, Sep 10, 2001 at 05:49:55PM -0700, Vineet Kumar wrote:
> * Alexander Reelsen ([EMAIL PROTECTED]) [010910 01:24]:
> > On Sun, Sep 09, 2001 at 06:31:57PM -0400, hpknight wrote:
> > > It depends on the process that is binding the port. If you're using
> > > xinetd you can specify which interfa
On Sat, Sep 15, 2001 at 10:23:45PM +0300, Momchil Velikov wrote:
> > "Dimitri" == Dimitri Maziuk <[EMAIL PROTECTED]> writes:
> Dimitri> In linux.debian.security, you wrote:
> Dimitri> If you suspect your machine was r00ted,
> Dimitri> 1. Take it off the net _now_.
> Dimitri> 2. If you want to
El sáb, 15 de sep de 2001, a las 13:30 -0400,
Russell decía que:
> What's a good piece of software to monitor for system accesses?
snort is good for detecting well known attacks to your system.
> Should I report the IP to RBL or something like that?
I use to run whois on the attacker IP an
On Mon, Sep 10, 2001 at 05:49:55PM -0700, Vineet Kumar wrote:
> * Alexander Reelsen ([EMAIL PROTECTED]) [010910 01:24]:
> > On Sun, Sep 09, 2001 at 06:31:57PM -0400, hpknight wrote:
> > > It depends on the process that is binding the port. If you're using
> > > xinetd you can specify which interf
You can setup logcheck and cron to check every minute for "suspcious" log
entries (as you define them) and have them emailed to you. Additionally,
you can edit the logcheck.sh file and have it notify you anyway you like.
-rishi
On 15 Sep 2001, Russell Speed wrote:
> Thanks, I wil
Thanks, I will add that line.
This box only acts as a firewall and access for my home network, so
there isn't much on it. I'm just considering the idea of editing the
pertinent scripts to accomplish that and was wondering if some tried but
found the task too daunting.
I guess for backdoors it's
Hi everybody ,
I'm trying to deploy a security solution on my network with Cisco VPN
Concentrator 3000 series and
Sony "Puppy" FIU 710. My doubt is about digital certificates stored on FIU
and the VPN client user
authentication. But I didn't find any documentation about it or some
custommer who de
On Sat, Sep 15, 2001 at 10:23:45PM +0300, Momchil Velikov wrote:
> > "Dimitri" == Dimitri Maziuk <[EMAIL PROTECTED]> writes:
> Dimitri> In linux.debian.security, you wrote:
> Dimitri> If you suspect your machine was r00ted,
> Dimitri> 1. Take it off the net _now_.
> Dimitri> 2. If you want to
El sáb, 15 de sep de 2001, a las 13:30 -0400,
Russell decía que:
> What's a good piece of software to monitor for system accesses?
snort is good for detecting well known attacks to your system.
> Should I report the IP to RBL or something like that?
I use to run whois on the attacker IP a
consider using tripwire on your computers in the future. This way you can
create a database of md5sums of all important programs and store them on a
disk in your drawer. Then you'll know what was hacked and what wasn't.
-rishi
On 15 Sep 2001, Momchil Velikov wrote:
> > "Dimit
> "Dimitri" == Dimitri Maziuk <[EMAIL PROTECTED]> writes:
Dimitri> In linux.debian.security, you wrote:
>> I am curious if the following is an example of a buffer overflow. I
>> noticed this in my syslog - and the following day had someone logged in
>> from an IP I'm not aware of.
>>
>> I ch
In linux.debian.security, you wrote:
> I am curious if the following is an example of a buffer overflow. I
> noticed this in my syslog - and the following day had someone logged in
> from an IP I'm not aware of.
>
> I changed the passwords - and added an entry to the input chain to block
> the IP
You can setup logcheck and cron to check every minute for "suspcious" log
entries (as you define them) and have them emailed to you. Additionally,
you can edit the logcheck.sh file and have it notify you anyway you like.
-rishi
On 15 Sep 2001, Russell Speed wrote:
> Thanks, I wi
Thanks, I will add that line.
This box only acts as a firewall and access for my home network, so
there isn't much on it. I'm just considering the idea of editing the
pertinent scripts to accomplish that and was wondering if some tried but
found the task too daunting.
I guess for backdoors it's
> "Russell" == Russell Speed <[EMAIL PROTECTED]> writes:
Russell> I am curious if the following is an example of a buffer overflow. I
Russell> noticed this in my syslog - and the following day had someone logged in
Russell> from an IP I'm not aware of.
Btw, I noticed the attack because syslo
Hi everybody ,
I'm trying to deploy a security solution on my network with Cisco VPN
Concentrator 3000 series and
Sony "Puppy" FIU 710. My doubt is about digital certificates stored on FIU
and the VPN client user
authentication. But I didn't find any documentation about it or some
custommer who d
> "Russell" == Russell Speed <[EMAIL PROTECTED]> writes:
Russell> I am curious if the following is an example of a buffer overflow. I
Yes. I have the same in my log.
See http://www.debian.org/security/2000/2719a
and http://www.cert.org/advisories/CA-2000-17.html
Russell> noticed this in
On Sat, Sep 15, 2001 at 12:51:26 -0400, Russell Speed wrote:
> I am curious if the following is an example of a buffer overflow.
It looks like an attempt to exploit a buffer overflow. IIRC the fact that it
got logged to syslog means it didn't work.
> I changed the passwords - and added an entry t
On Sat, Sep 15, 2001 at 12:51:26PM -0400, Russell Speed wrote:
> Should I remove /bin/sh for something less obvious as a general
> protection from buffer overflows?
>
Most shell scripts running on your server call #!/bin/sh, so
removing it will get you in lots of trouble ;-)
Just try:
$ grep "\/
consider using tripwire on your computers in the future. This way you can
create a database of md5sums of all important programs and store them on a
disk in your drawer. Then you'll know what was hacked and what wasn't.
-rishi
On 15 Sep 2001, Momchil Velikov wrote:
> > "Dimi
> "Dimitri" == Dimitri Maziuk <[EMAIL PROTECTED]> writes:
Dimitri> In linux.debian.security, you wrote:
>> I am curious if the following is an example of a buffer overflow. I
>> noticed this in my syslog - and the following day had someone logged in
>> from an IP I'm not aware of.
>>
>> I c
I am curious if the following is an example of a buffer overflow. I
noticed this in my syslog - and the following day had someone logged in
from an IP I'm not aware of.
I changed the passwords - and added an entry to the input chain to block
the IP, but am wondering what other things I should do?
In linux.debian.security, you wrote:
> I am curious if the following is an example of a buffer overflow. I
> noticed this in my syslog - and the following day had someone logged in
> from an IP I'm not aware of.
>
> I changed the passwords - and added an entry to the input chain to block
> the I
> "Russell" == Russell Speed <[EMAIL PROTECTED]> writes:
Russell> I am curious if the following is an example of a buffer overflow. I
Russell> noticed this in my syslog - and the following day had someone logged in
Russell> from an IP I'm not aware of.
Btw, I noticed the attack because sysl
> "Russell" == Russell Speed <[EMAIL PROTECTED]> writes:
Russell> I am curious if the following is an example of a buffer overflow. I
Yes. I have the same in my log.
See http://www.debian.org/security/2000/2719a
and http://www.cert.org/advisories/CA-2000-17.html
Russell> noticed this i
On Sat, Sep 15, 2001 at 12:51:26 -0400, Russell Speed wrote:
> I am curious if the following is an example of a buffer overflow.
It looks like an attempt to exploit a buffer overflow. IIRC the fact that it
got logged to syslog means it didn't work.
> I changed the passwords - and added an entry
On Sat, Sep 15, 2001 at 12:51:26PM -0400, Russell Speed wrote:
> Should I remove /bin/sh for something less obvious as a general
> protection from buffer overflows?
>
Most shell scripts running on your server call #!/bin/sh, so
removing it will get you in lots of trouble ;-)
Just try:
$ grep "\
I am curious if the following is an example of a buffer overflow. I
noticed this in my syslog - and the following day had someone logged in
from an IP I'm not aware of.
I changed the passwords - and added an entry to the input chain to block
the IP, but am wondering what other things I should do
On Fri, 14 Sep 2001 19:50:04 -0500,
Rob VanFleet <[EMAIL PROTECTED]> wrote:
> So I added the following regex to catch it:
>
> /USR/SBIN/CRON\[.*\]: (mail) CMD ( if \[ -x /usr/sbin/exim -a -f
> /etc/exim.conf \]; then /usr/sbin/exim -q >/dev/null 2>&1; fi)
>
> (after simply trying to add a '.*' b
On Fri, 14 Sep 2001 19:50:04 -0500,
Rob VanFleet <[EMAIL PROTECTED]> wrote:
> So I added the following regex to catch it:
>
> /USR/SBIN/CRON\[.*\]: (mail) CMD ( if \[ -x /usr/sbin/exim -a -f
> /etc/exim.conf \]; then /usr/sbin/exim -q >/dev/null 2>&1; fi)
>
> (after simply trying to add a '.*'
32 matches
Mail list logo
