Hi,
> I have a Debian webserver that currently runs SSH, HTTP, and SMTP
> services. The SMTP service only accepts mail from the local interface.
> I try to keep my box free of any excess services that might lead to
> vulnerabilities, or that transmit authentication information via
> cleartext.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hi,
I found a local DOS vulnerability in the mysql-server package. Since I
am not experienced in the field of computer security I have not
contacted upstream nor any other security list about the issue and would
be happy to get some feedback about the perceived severity of the
problem and appropr
On Fri, 19 Apr 2002, Patrick Maheral wrote:
> I've heard of, but not confirmed the existence of, a root kit that is
> not detected by Tripwire and other intrusion detection software. It
> does this by keeping a backup of the original utility (eg. ls, ps, etc.)
> and then provides either it's own
> Am I just being paranoid, or is this sort of compromise
> really possible?
And also: If the IDS "was there first" it would trigger on the modified
kernel/module/library (or whatever) since it has to differ between the last
check _before_ the infection and the first check _after_ infection.
N
> I've heard of, but not confirmed the existence of, a root kit that is
> not detected by Tripwire and other intrusion detection software. It
> does this by keeping a backup of the original utility (eg.
> ls, ps, etc.)
> and then provides either it's own utility or the original depending on
> how
On Fri, Apr 19, 2002 at 02:47:08PM +0200, Jan Johansson wrote:
> > Why some people says that eg. tripwire doesn't discover it ?
>
> Then they dont know what they are saying, i would say that Tripwire /
> AIDE / such will be 100% efficient in detecting kits _PROVIDING_ that
> your database is curre
> In output of 'w' command I saw something like that:
>
> --cut--
> root 7073 0.0 0.0 1240 636 ?S11:09 0:05
> in.telnetd: some.host.in.my.domain --cut--
>
> Correct address I replaced with some.host.in.my.domain.
> Is root is logging to this mashine by telnet ???
Maybe, bu
Hi,
> I have a Debian webserver that currently runs SSH, HTTP, and SMTP
> services. The SMTP service only accepts mail from the local interface.
> I try to keep my box free of any excess services that might lead to
> vulnerabilities, or that transmit authentication information via
> cleartext.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> How to protect against rootkis ?
Keep your system up to date, do not run unrelaibale software, do not give
accounts to people you do not trust.
> Is it some kind of trojan
> wich working
> with root priviledges ?
Basically, yes. It is typically a "kit" you drop on the system via a remote
r
Hi,
I found a local DOS vulnerability in the mysql-server package. Since I
am not experienced in the field of computer security I have not
contacted upstream nor any other security list about the issue and would
be happy to get some feedback about the perceived severity of the
problem and approp
Hi al.
On Fri, 19 Apr 2002, Sidnei da Silva wrote:
> Clearly yes. In my opinion you should disable telnet and use ssh. Once i left
> telnet open after installing a server, and the next day i found a rootkit
> inside it. Telnet suckz badly.
How to protect against rootkis ? Is it some kind of tr
>Telnet suckz badly.
How do you know it was exploited via telnetd? I can think of a lot of services
more readibly exploitable then telnet.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Sex 19 Abr 2002 09:05, Marcin Bednarz wrote:
| Hi all.
|
| In output of 'w' command I saw something like that:
|
| --cut--
| root 7073 0.0 0.0 1240 636 ?S11:09 0:05 in.telnetd:
| some.host.in.my.domain --cut--
|
| Correct address I replaced with some.host.in.my.domain.
| I
Hi all.
In output of 'w' command I saw something like that:
--cut--
root 7073 0.0 0.0 1240 636 ?S11:09 0:05 in.telnetd:
some.host.in.my.domain
--cut--
Correct address I replaced with some.host.in.my.domain.
Is root is logging to this mashine by telnet ???
Regards,
Marci
On Fri, 19 Apr 2002, Patrick Maheral wrote:
> I've heard of, but not confirmed the existence of, a root kit that is
> not detected by Tripwire and other intrusion detection software. It
> does this by keeping a backup of the original utility (eg. ls, ps, etc.)
> and then provides either it's own
> Am I just being paranoid, or is this sort of compromise
> really possible?
And also: If the IDS "was there first" it would trigger on the modified
kernel/module/library (or whatever) since it has to differ between the last check
_before_ the infection and the first check _after_ infection.
> I've heard of, but not confirmed the existence of, a root kit that is
> not detected by Tripwire and other intrusion detection software. It
> does this by keeping a backup of the original utility (eg.
> ls, ps, etc.)
> and then provides either it's own utility or the original depending on
> ho
On Fri, Apr 19, 2002 at 02:47:08PM +0200, Jan Johansson wrote:
> > Why some people says that eg. tripwire doesn't discover it ?
>
> Then they dont know what they are saying, i would say that Tripwire /
> AIDE / such will be 100% efficient in detecting kits _PROVIDING_ that
> your database is curr
> In output of 'w' command I saw something like that:
>
> --cut--
> root 7073 0.0 0.0 1240 636 ?S11:09 0:05
> in.telnetd: some.host.in.my.domain --cut--
>
> Correct address I replaced with some.host.in.my.domain.
> Is root is logging to this mashine by telnet ???
Maybe, b
> How to protect against rootkis ?
Keep your system up to date, do not run unrelaibale software, do not give accounts to
people you do not trust.
> Is it some kind of trojan
> wich working
> with root priviledges ?
Basically, yes. It is typically a "kit" you drop on the system via a remote r
Hi al.
On Fri, 19 Apr 2002, Sidnei da Silva wrote:
> Clearly yes. In my opinion you should disable telnet and use ssh. Once i left
> telnet open after installing a server, and the next day i found a rootkit
> inside it. Telnet suckz badly.
How to protect against rootkis ? Is it some kind of t
>Telnet suckz badly.
How do you know it was exploited via telnetd? I can think of a lot of services more
readibly exploitable then telnet.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Sex 19 Abr 2002 09:05, Marcin Bednarz wrote:
| Hi all.
|
| In output of 'w' command I saw something like that:
|
| --cut--
| root 7073 0.0 0.0 1240 636 ?S11:09 0:05 in.telnetd:
| some.host.in.my.domain --cut--
|
| Correct address I replaced with some.host.in.my.domain.
|
Hi all.
In output of 'w' command I saw something like that:
--cut--
root 7073 0.0 0.0 1240 636 ?S11:09 0:05 in.telnetd:
some.host.in.my.domain
--cut--
Correct address I replaced with some.host.in.my.domain.
Is root is logging to this mashine by telnet ???
Regards,
Marc
Look at winscp ( http://winscp.vse.cz if I recall correctly ). It's a
scp client that can be easily used by end users. Best bet is to use
winscp 2, as that has drag and drop with explorer.
Mark
Marcel Hicking wrote:
There is a Explorer-like interface to PuTTY's
scp command. Maybe an option
There is a Explorer-like interface to PuTTY's
scp command. Maybe an option. Don't have
much experience with this, I personally use some
mini-shell-scripts attached to the sendto-menue
for uploading.
http://www.i-tree.org/ixplorer.htm
Cheers, Marcel
--On Donnerstag, 18. April 2002 17:34 -0700 J
> There is a Explorer-like interface to PuTTY's
> scp command. Maybe an option. Don't have
> much experience with this, I personally use some
> mini-shell-scripts attached to the sendto-menue
> for uploading.
>
> http://www.i-tree.org/ixplorer.htm
>
I tried that program before, but it has issues
Look at winscp ( http://winscp.vse.cz if I recall correctly ). It's a
scp client that can be easily used by end users. Best bet is to use
winscp 2, as that has drag and drop with explorer.
Mark
Marcel Hicking wrote:
> There is a Explorer-like interface to PuTTY's
> scp command. Maybe an opt
There is a Explorer-like interface to PuTTY's
scp command. Maybe an option. Don't have
much experience with this, I personally use some
mini-shell-scripts attached to the sendto-menue
for uploading.
http://www.i-tree.org/ixplorer.htm
Cheers, Marcel
--On Donnerstag, 18. April 2002 17:34 -0700 J
hi ya david
you can use ssh for windows to do secure ftp to debian or bsd*
found out pftp didnt support "mput *" ... o well
highlight, drag-n-drop works
http://www.Linux-Sec.net/SSH/ssh.windows.txt
- use ssh clients from ssh.com or putty or your favorite
"i heard tom-dic
32 matches
Mail list logo
