> "Justin" == Justin R Miller <[EMAIL PROTECTED]> writes:
>> So, what could have caused ssh/telnet to hang like this while
>> ftp worked fine?
Justin> Check your local messages log and the remote one using the
Justin> shell that you already have while you attempt a login.
The
> "Jeff" == Jeff <[EMAIL PROTECTED]> writes:
>> Yesterday, I noticed that I could no longer login using ssh or
>> telnet. ssh logins would hang indefinitely whether I entered
>> correct or incorrect passwords. Telnet logins would time-out
>> after 60s. I tried different use
Gleb Arshinov wrote:
> I am running an up-to-date stable distribution. It looks like it may
> have been hacked yesterday, but I am not sure how.
> So, what could have caused ssh/telnet to hang like this while ftp
> worked fine? What else should I check for break-in signs? I am
> thinking I s
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) [011106 05:54]:
> Hallo,
>
>
> > > happen few times that students stole their passwords and so on and mainly
> > > they could steal even teacher's these days.)
> >
> > Can you get a shell account on the outside of your local network?
> > If so SSH over
> "Justin" == Justin R Miller <[EMAIL PROTECTED]> writes:
>> So, what could have caused ssh/telnet to hang like this while
>> ftp worked fine?
Justin> Check your local messages log and the remote one using the
Justin> shell that you already have while you attempt a login.
Th
> "Jeff" == Jeff <[EMAIL PROTECTED]> writes:
>> Yesterday, I noticed that I could no longer login using ssh or
>> telnet. ssh logins would hang indefinitely whether I entered
>> correct or incorrect passwords. Telnet logins would time-out
>> after 60s. I tried different us
Inline reply...
--
Wes Kurdziolek
Virginia Tech Computer Science Lab
UNIX System Administrator
E-mail: [EMAIL PROTECTED]
GnuPG key: http://www.cslab.vt.edu/~wkurdzio/wkurdzio.asc
On Wed, 7 Nov 2001, Gleb Arshinov wrote:
> Yesterday, I noticed that I could no longer login using ssh or telnet.
>
Thus spake Gleb Arshinov ([EMAIL PROTECTED]):
> /etc/passwd seems intact
Have a look at /etc/shadow. I'm not sure if password changes touch
/etc/passwd if you're using shadow passwords. Just a thought.
> So, what could have caused ssh/telnet to hang like this while ftp
> worked fine?
Check
Inline reply...
--
Wes Kurdziolek
Virginia Tech Computer Science Lab
UNIX System Administrator
E-mail: [EMAIL PROTECTED]
GnuPG key: http://www.cslab.vt.edu/~wkurdzio/wkurdzio.asc
On Wed, 7 Nov 2001, Gleb Arshinov wrote:
> Yesterday, I noticed that I could no longer login using ssh or telnet.
>
Gleb Arshinov, 2001-Nov-07 16:10 -0800:
> Yesterday, I noticed that I could no longer login using ssh or telnet.
> ssh logins would hang indefinitely whether I entered correct or
> incorrect passwords. Telnet logins would time-out after 60s. I tried
> different users with the same result. Howeve
Thus spake Gleb Arshinov ([EMAIL PROTECTED]):
> /etc/passwd seems intact
Have a look at /etc/shadow. I'm not sure if password changes touch
/etc/passwd if you're using shadow passwords. Just a thought.
> So, what could have caused ssh/telnet to hang like this while ftp
> worked fine?
Chec
I am running an up-to-date stable distribution. It looks like it may
have been hacked yesterday, but I am not sure how.
Yesterday, I noticed that I could no longer login using ssh or telnet.
ssh logins would hang indefinitely whether I entered correct or
incorrect passwords. Telnet logins woul
Gleb Arshinov, 2001-Nov-07 16:10 -0800:
> Yesterday, I noticed that I could no longer login using ssh or telnet.
> ssh logins would hang indefinitely whether I entered correct or
> incorrect passwords. Telnet logins would time-out after 60s. I tried
> different users with the same result. Howev
I am running an up-to-date stable distribution. It looks like it may
have been hacked yesterday, but I am not sure how.
Yesterday, I noticed that I could no longer login using ssh or telnet.
ssh logins would hang indefinitely whether I entered correct or
incorrect passwords. Telnet logins wou
* Wichert Akkerman <[EMAIL PROTECTED]> [011107 18:54]:
> That's because nessus only checks the version number, and since we
> backported the patch we still have the old version number even though
> we are safe.
This also occurred to me, but appeared too trivial a solution...
Well, I guess that's i
Quoting Ted Cabeen ([EMAIL PROTECTED]):
> >Hm, why should I do that? Is my admin right when he thinks that my
> >current sshd is vulnerable? I have the latest stable precompiled
> >package, i.e. the default ssh installed.
>
> Make sure that you have the security site in your /etc/apt/sources.list
Previously Ville Uski wrote:
> Thanks for info. Yes, I have that line in my sources.list, and I also
> believe I am fine. Our network admin used the nessus ssh plugin to scan
> the network. He only says that nessus gives a warning about my computer
> (concerning the crc bug) and knows nothing more
* Ted Cabeen <[EMAIL PROTECTED]> [011107 18:11]:
> Make sure that you have the security site in your
> /etc/apt/sources.list file. If you do, and apt-get update; apt-get
> upgrade says you're up to date, then you're fine. In general, the
> security team patches the current version to fix security
In message <[EMAIL PROTECTED]>, Ville Uski writes:
>* jigal <[EMAIL PROTECTED]> [011107 14:20]:
>> But I found this in the archives of the security mailinglist:
>> http://lists.debian.org/debian-security/2001/debian-security-200102/msg00138
>.html
>>
>> The previous mail in the thread references t
* Wichert Akkerman <[EMAIL PROTECTED]> [011107 18:54]:
> That's because nessus only checks the version number, and since we
> backported the patch we still have the old version number even though
> we are safe.
This also occurred to me, but appeared too trivial a solution...
Well, I guess that's
Previously Ville Uski wrote:
> Thanks for info. Yes, I have that line in my sources.list, and I also
> believe I am fine. Our network admin used the nessus ssh plugin to scan
> the network. He only says that nessus gives a warning about my computer
> (concerning the crc bug) and knows nothing mor
Quoting Ted Cabeen ([EMAIL PROTECTED]):
> >Hm, why should I do that? Is my admin right when he thinks that my
> >current sshd is vulnerable? I have the latest stable precompiled
> >package, i.e. the default ssh installed.
>
> Make sure that you have the security site in your /etc/apt/sources.lis
* Ted Cabeen <[EMAIL PROTECTED]> [011107 18:11]:
> Make sure that you have the security site in your
> /etc/apt/sources.list file. If you do, and apt-get update; apt-get
> upgrade says you're up to date, then you're fine. In general, the
> security team patches the current version to fix securit
In message <[EMAIL PROTECTED]>, Ville Uski writes:
>* jigal <[EMAIL PROTECTED]> [011107 14:20]:
>> But I found this in the archives of the security mailinglist:
>> http://lists.debian.org/debian-security/2001/debian-security-200102/msg00138
>.html
>>
>> The previous mail in the thread references
* jigal <[EMAIL PROTECTED]> [011107 14:20]:
> But I found this in the archives of the security mailinglist:
> http://lists.debian.org/debian-security/2001/debian-security-200102/msg00138.html
>
> The previous mail in the thread references to:
> http://razor.bindview.com/publish/advisories/adv_ssh1
On Wed, 07 Nov 2001, jigal wrote:
> Here you find a reference to the vuln, fixed.
> http://www.debian.org/security/2001/dsa-027
I am sorry I found by reading it again it doesn't mention it.
But I found this in the archives of the security mailinglist:
http://lists.debian.org/debian-security/20
On Wed, 07 Nov 2001, Ville Uski wrote:
> The ssh package I currently have is ssh_1.2.3-9.3_i386.deb.
>
> I have understood that the crc32 bug was already found in February so I
> find it hard to believe that it's not already fixed on debian (I'm
> running woody on a laptop PC). I should have all
Hello,
www.freshmeat.net
Or if your running debian do an apt-get install ssh (most recommended)
Ed
> -Original Message-
> From: Osvaldo Mundim Junior [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 07, 2001 7:47 AM
> To: debian-security@lists.debian.org
> Subject: Re: Which ssh sh
Where can I get the opensource ssh?
tks
On Wed, 07 Nov 2001, Ville Uski wrote:
> Hi,
>
> I just joined the list after the admin of the network in my house had
> complained that sshd running in my computer is "remotely exploitable". I
> asked for more details and he only said it's the bug in the
Hi,
I just joined the list after the admin of the network in my house had
complained that sshd running in my computer is "remotely exploitable". I
asked for more details and he only said it's the bug in the crc32 bit.
He also told me to install the newest version of openssh. The problem is
now whi
* jigal <[EMAIL PROTECTED]> [011107 14:20]:
> But I found this in the archives of the security mailinglist:
> http://lists.debian.org/debian-security/2001/debian-security-200102/msg00138.html
>
> The previous mail in the thread references to:
> http://razor.bindview.com/publish/advisories/adv_ssh
On Wed, 07 Nov 2001, jigal wrote:
> Here you find a reference to the vuln, fixed.
> http://www.debian.org/security/2001/dsa-027
I am sorry I found by reading it again it doesn't mention it.
But I found this in the archives of the security mailinglist:
http://lists.debian.org/debian-security/2
On Wed, 07 Nov 2001, Ville Uski wrote:
> The ssh package I currently have is ssh_1.2.3-9.3_i386.deb.
>
> I have understood that the crc32 bug was already found in February so I
> find it hard to believe that it's not already fixed on debian (I'm
> running woody on a laptop PC). I should have al
Hello,
www.freshmeat.net
Or if your running debian do an apt-get install ssh (most recommended)
Ed
> -Original Message-
> From: Osvaldo Mundim Junior [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, November 07, 2001 7:47 AM
> To: [EMAIL PROTECTED]
> Subject: Re: Which ssh should I have?
Where can I get the opensource ssh?
tks
On Wed, 07 Nov 2001, Ville Uski wrote:
> Hi,
>
> I just joined the list after the admin of the network in my house had
> complained that sshd running in my computer is "remotely exploitable". I
> asked for more details and he only said it's the bug in the
Hi,
I just joined the list after the admin of the network in my house had
complained that sshd running in my computer is "remotely exploitable". I
asked for more details and he only said it's the bug in the crc32 bit.
He also told me to install the newest version of openssh. The problem is
now wh
> > mind is IPSec: make your firewall (or what ever) an IPSec gateway and
> > run everything inside your network over IPSec. No more stealing, I
> > would think.
> Hmmm... I am afraid it isn't possible, because there are W95
> workstations. Or is there anything to support this which is reasonably
> > mind is IPSec: make your firewall (or what ever) an IPSec gateway and
> > run everything inside your network over IPSec. No more stealing, I
> > would think.
> Hmmm... I am afraid it isn't possible, because there are W95
> workstations. Or is there anything to support this which is reasonabl
38 matches
Mail list logo
