En réponse à Phillip Hofmeister <[EMAIL PROTECTED]>:
> On Mon, 28 Oct 2002 at 11:18:23PM -0800, Brandon High wrote:
> > On Mon, Oct 28, 2002 at 07:38:38PM -0600, Hanasaki JiJi wrote:
> > > Too bad there is no way to do a secure handshake w/ an id/password
> or
> > > even SecureID cards.
> >
> >
hi ya noah
On Tue, 29 Oct 2002, Noah L. Meyerhans wrote:
> On Tue, Oct 29, 2002 at 04:12:54PM -0800, Alvin Oga wrote:
> > i say modifying files is a give away .. that says
> > "come find me" which is trivial since its modified
> > binaries
>
> If they do it right, it's not a giveaway. If
On Tue, Oct 29, 2002 at 04:12:54PM -0800, Alvin Oga wrote:
> i say modifying files is a give away .. that says
> "come find me" which is trivial since its modified
> binaries
If they do it right, it's not a giveaway. If they're quick, thorough,
and accurate, they can certainly do it right.
hi ya dale
if anybody modifies the typical binaries..
i'll know within the hour.. hourly/randomly system checks
or instaneously if i happen to be reading emails
at the time ... they are attacking...
i say modifying files is a give away .. that says
"come find me" which is trivial since it
On Tue, Oct 29, 2002 at 03:28:20PM -0800, Alvin Oga wrote:
> if they exploited a root vulnerability and got in...
> why modify silly binaries like ps, top, ls, find, etf ??
>
> that gives themself away as having modified the system
No it doesn't. It makes them and everything they do vanish
into t
hi ya dale
>
> Rootkits are *INSTALLED* after a successful root
> exploit.
maybe i missing something here ... that i been wonderng about
for years..
if they exploited a root vulnerability and got in...
why modify silly binaries like ps, top, ls, find, etf ??
that gives themself away as havin
hi ya noah
On Tue, 29 Oct 2002, Noah L. Meyerhans wrote:
> On Tue, Oct 29, 2002 at 04:12:54PM -0800, Alvin Oga wrote:
> > i say modifying files is a give away .. that says
> > "come find me" which is trivial since its modified
> > binaries
>
> If they do it right, it's not a giveaway. If
A rootkit is a selection of modified standard programs
that usually replace (among others)
ls
ps
netstat
users
and pretty much everything else you would use to check
your machine. It will also include a backdoor.
Sometimes the primary part of the rootkit is eithe
Hi, I have a question about chrooting bind 8.3.3
I have used the setup as described in
http://people.debian.org/~pzn/howto/chroot-bind.sh.txt ... but when I
then start bind evrything looks right but when I do a lsof -p I see:
command to start bind:
start-stop-daemon --start --quiet --exec /usr
hi ya rick
yes... got that part ... ( the after breaking in part )
was exepecting to see "it helps one to breakin and exploit
the vulnerabilities" so it didn't sink in at first when
i was reading all the talk-backs
( didnt see what i wanted to see ;-)
thanx
alvin
On Mon, 28 Oct 2002,
On Tue, Oct 29, 2002 at 04:12:54PM -0800, Alvin Oga wrote:
> i say modifying files is a give away .. that says
> "come find me" which is trivial since its modified
> binaries
If they do it right, it's not a giveaway. If they're quick, thorough,
and accurate, they can certainly do it right.
hi ya dale
if anybody modifies the typical binaries..
i'll know within the hour.. hourly/randomly system checks
or instaneously if i happen to be reading emails
at the time ... they are attacking...
i say modifying files is a give away .. that says
"come find me" which is trivial since it
On Tue, Oct 29, 2002 at 03:28:20PM -0800, Alvin Oga wrote:
> if they exploited a root vulnerability and got in...
> why modify silly binaries like ps, top, ls, find, etf ??
>
> that gives themself away as having modified the system
No it doesn't. It makes them and everything they do vanish
into t
On Tue, Oct 29, 2002 at 09:35:01AM -0500, Phillip Hofmeister wrote:
> Laptop (IPSEC CLient) -> WAP -> Server (DHCP AND IPSEC Host) -> Local
> Network. In order to get inside the network you will have to get past
> the IPSEC Host, which of course will require a key that has a valid
> certificate fr
We are currently looking into wireless where I work also.
Just a few weeks ago, we had this company come in to give a demo of an
appliance that enforces restrictions on the wireless network.
http://www.verniernetworks.com/
It seems to be along the path of what we are looking for, YMMV.
Oh, and we
hi ya dale
>
> Rootkits are *INSTALLED* after a successful root
> exploit.
maybe i missing something here ... that i been wonderng about
for years..
if they exploited a root vulnerability and got in...
why modify silly binaries like ps, top, ls, find, etf ??
that gives themself away as havin
A rootkit is a selection of modified standard programs
that usually replace (among others)
ls
ps
netstat
users
and pretty much everything else you would use to check
your machine. It will also include a backdoor.
Sometimes the primary part of the rootkit is eithe
Hi, I have a question about chrooting bind 8.3.3
I have used the setup as described in
http://people.debian.org/~pzn/howto/chroot-bind.sh.txt ... but when I
then start bind evrything looks right but when I do a lsof -p I see:
command to start bind:
start-stop-daemon --start --quiet --exec /usr
hi ya rick
yes... got that part ... ( the after breaking in part )
was exepecting to see "it helps one to breakin and exploit
the vulnerabilities" so it didn't sink in at first when
i was reading all the talk-backs
( didnt see what i wanted to see ;-)
thanx
alvin
On Mon, 28 Oct 2002,
On Tue, Oct 29, 2002 at 09:35:01AM -0500, Phillip Hofmeister wrote:
> Laptop (IPSEC CLient) -> WAP -> Server (DHCP AND IPSEC Host) -> Local
> Network. In order to get inside the network you will have to get past
> the IPSEC Host, which of course will require a key that has a valid
> certificate fr
We are currently looking into wireless where I work also.
Just a few weeks ago, we had this company come in to give a demo of an
appliance that enforces restrictions on the wireless network.
http://www.verniernetworks.com/
It seems to be along the path of what we are looking for, YMMV.
Oh, and we
On Mon, 28 Oct 2002 at 11:18:23PM -0800, Brandon High wrote:
> On Mon, Oct 28, 2002 at 07:38:38PM -0600, Hanasaki JiJi wrote:
> > Too bad there is no way to do a secure handshake w/ an id/password or
> > even SecureID cards.
>
> That's the idea behind PPPoE. Yuck.
Or you could do ipsec:
Laptop (
On Tue, 29 Oct 2002 at 10:52:22AM +1100, Stewart James wrote:
> I had the very same thoughts, being a university you can imagine what
> physical security is like, plus management wants to give students the
> ability to walk on campus and plugin, plus start wireless services too.
Be weary of wireles
On Mon, 28 Oct 2002 at 11:18:23PM -0800, Brandon High wrote:
> On Mon, Oct 28, 2002 at 07:38:38PM -0600, Hanasaki JiJi wrote:
> > Too bad there is no way to do a secure handshake w/ an id/password or
> > even SecureID cards.
>
> That's the idea behind PPPoE. Yuck.
Or you could do ipsec:
Laptop (
On Tue, 29 Oct 2002 at 10:52:22AM +1100, Stewart James wrote:
> I had the very same thoughts, being a university you can imagine what
> physical security is like, plus management wants to give students the
> ability to walk on campus and plugin, plus start wireless services too.
Be weary of wireles
On 0, Jean Christophe ANDR? <[EMAIL PROTECTED]> wrote:
> Tom Cook ?crivait :
> > What the
> > What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
>
> Nothing wrong with it! :)
>
> > It tells you precisely what's attempting to connect...
>
> Yes, except in his case there is no connection
On Tuesday 29 October 2002 01:02 am, Jean Christophe ANDRÉ wrote:
> Hi,
>
> ben écrivait :
> > way overkill. 16001 isn't being scanned and 111 is the most common target
> > after 25. you're suggesting that the guy turn his server into a
> > honeypot--to what end? disable portmap and nothing can get
Hi,
ben écrivait :
> way overkill. 16001 isn't being scanned and 111 is the most common target
> after 25. you're suggesting that the guy turn his server into a
> honeypot--to what end? disable portmap and nothing can get at 111. there's
> a difference between simply securing a box and ass
On 0, Jean Christophe ANDR? <[EMAIL PROTECTED]> wrote:
> Tom Cook ?crivait :
> > What the
> > What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
>
> Nothing wrong with it! :)
>
> > It tells you precisely what's attempting to connect...
>
> Yes, except in his case there is no connection
On Monday 28 October 2002 11:59 pm, Jean Christophe ANDRÉ wrote:
> Tom Cook écrivait :
> > What the
> > What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
>
> Nothing wrong with it! :)
>
> > It tells you precisely what's attempting to connect...
>
> Yes, except in his case there is no conne
Tom Cook écrivait :
> What the
> What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
Nothing wrong with it! :)
> It tells you precisely what's attempting to connect...
Yes, except in his case there is no connection since there is no installed
daemon on this port, only some connection atte
On Tue, 29 Oct 2002, Francois Sauterey wrote:
> HI,
>
> I'm looking for any craft to secure YP:
>
> I'm working around shadow password and yp.
>
> shadow passwords are stupid if "ypcat passwd" give the encripted passwords !
> Well, I use (in /etc/ypserv):
> * : passwd
On Tuesday 29 October 2002 01:02 am, Jean Christophe ANDRÉ wrote:
> Hi,
>
> ben écrivait :
> > way overkill. 16001 isn't being scanned and 111 is the most common target
> > after 25. you're suggesting that the guy turn his server into a
> > honeypot--to what end? disable portmap and nothing can get
On Mon, Oct 28, 2002 at 07:38:38PM -0600, Hanasaki JiJi wrote:
> Too bad there is no way to do a secure handshake w/ an id/password or
> even SecureID cards.
That's the idea behind PPPoE. Yuck.
-B
--
Brandon High [EMAIL PROTECTED]
'98 Kawi ZX-7R "Wasabi", '9
Hi,
ben écrivait :
> way overkill. 16001 isn't being scanned and 111 is the most common target
> after 25. you're suggesting that the guy turn his server into a
> honeypot--to what end? disable portmap and nothing can get at 111. there's
> a difference between simply securing a box and ass
On Monday 28 October 2002 11:59 pm, Jean Christophe ANDRÉ wrote:
> Tom Cook écrivait :
> > What the
> > What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
>
> Nothing wrong with it! :)
>
> > It tells you precisely what's attempting to connect...
>
> Yes, except in his case there is no conne
HI,
I'm looking for any craft to secure YP:
I'm working around shadow password and yp.
shadow passwords are stupid if "ypcat passwd" give the encripted passwords !
Well, I use (in /etc/ypserv):
* : passwd.byname: port : yes
* : pass
Tom Cook écrivait :
> What the
> What's wrong with 'lsof -i :111' and 'lsof -i :16001'?
Nothing wrong with it! :)
> It tells you precisely what's attempting to connect...
Yes, except in his case there is no connection since there is no installed
daemon on this port, only some connection atte
38 matches
Mail list logo
