On Tue, Jul 01, 2003 at 05:52:35PM +0200, Peter A. Felvegi wrote:
>
> hello!
>
> i'm about to set up port forwarding on a firewall to be able to reach
> some hosts on the lan from the outside. i wish to use iptables prerouting
> rules. my question is, is there a way to detect the port forwarding
- Original message -
On Tue, 1 Jul 2003 00:39:29 +0200 (CEST)
Bencsath Boldizsar <[EMAIL PROTECTED]> wrote in message
<[EMAIL PROTECTED]>:
> Hi,
>
> Do You (We) really surely want to include buggy samba 2.2.3a-12, more
> than half year old in 'testing' release?
> I already know one guy wi
According to http://packages.qa.debian.org/x/xfree86/news/1.html xfree86
4.2.1-9 fixes some security issues (just in xterm?) along with doing some
other things.
Drew Daniels
On Tue, Jul 01, 2003 at 05:57:27PM +0200, Tomasz Papszun wrote:
> On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote:
> > Not really a good idea. Consider what happens when someone forges the IP
> > addresses.
>
> One can predefine trusted or other very important IP addresses which
> ca
On Tue, Jul 01, 2003 at 05:49:58PM +0200, Philippe Marzouk wrote:
> I agree with you for the /etc/rcX.d symlinks but various packages (not
> sure about proftpd) start their daemon when upgraded even if it was not
> started before and there is no start link in /etc/rcX.d, only stop links :
> I had
Peter A. Felvegi <[EMAIL PROTECTED]> wrote:
> i'm about to set up port forwarding on a firewall to be able to reach
> some hosts on the lan from the outside. i wish to use iptables prerouting
> rules. my question is, is there a way to detect the port forwarding,
> and/or get info about the host i
On Tue, Jul 01, 2003 at 02:36:37PM +0200, Javier Castillo Alcibar wrote:
> Hi all,
>
> I want to setup a new linux server in internet (apache, php, postfix,
> mysql, dns...), and I would like to patch the standard kernel with some
> security patches. but my question is, what patches are the be
On Tue, Jul 01, 2003 at 05:52:35PM +0200, Peter A. Felvegi wrote:
>
> hello!
>
> i'm about to set up port forwarding on a firewall to be able to reach
> some hosts on the lan from the outside. i wish to use iptables prerouting
> rules. my question is, is there a way to detect the port forwarding
- Original message -
On Tue, 1 Jul 2003 00:39:29 +0200 (CEST)
Bencsath Boldizsar <[EMAIL PROTECTED]> wrote in message
<[EMAIL PROTECTED]>:
> Hi,
>
> Do You (We) really surely want to include buggy samba 2.2.3a-12, more
> than half year old in 'testing' release?
> I already know one guy wi
According to http://packages.qa.debian.org/x/xfree86/news/1.html xfree86
4.2.1-9 fixes some security issues (just in xterm?) along with doing some
other things.
Drew Daniels
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Tue, Jul 01, 2003 at 05:57:27PM +0200, Tomasz Papszun wrote:
> On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote:
> > Not really a good idea. Consider what happens when someone forges the IP
> > addresses.
>
> One can predefine trusted or other very important IP addresses which
> ca
On Tue, Jul 01, 2003 at 05:49:58PM +0200, Philippe Marzouk wrote:
> I agree with you for the /etc/rcX.d symlinks but various packages (not
> sure about proftpd) start their daemon when upgraded even if it was not
> started before and there is no start link in /etc/rcX.d, only stop links :
> I had
Peter A. Felvegi <[EMAIL PROTECTED]> wrote:
> i'm about to set up port forwarding on a firewall to be able to reach
> some hosts on the lan from the outside. i wish to use iptables prerouting
> rules. my question is, is there a way to detect the port forwarding,
> and/or get info about the host i
At 22:39 on Jun 30, Matt Zimmerman shook the earth with:
> On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
>
> > Are there any projects out there to do this right now. If not, is this
> > a good idea? If it is who would be a person/group that would be
> > qualified and have
> A daemon sits running in the background listening to a special device
> Are there any projects out there to do this right now. If not, is this
> a good idea? If it is who would be a person/group that would be
> qualified and have the time/interest to develop it.
Abacus Portsentry binds itself
On Tue, Jul 01, 2003 at 02:36:37PM +0200, Javier Castillo Alcibar wrote:
> Hi all,
>
> I want to setup a new linux server in internet (apache, php, postfix,
> mysql, dns...), and I would like to patch the standard kernel with some
> security patches. but my question is, what patches are the be
Look snort 2.0.0 [1]
It's an Intrusion Detection System. Theres an Preprozessor for Snort called
'Guardian'[2] to do things like you want. But read the other answers in this
thread carefully!
Thomas Bechtold
[1] http://snort.org
[2] http://www.chaotic.org/guardian/
On Tuesday 01 July 2003 00:
On Martes, 1 de Julio de 2003 04:39, Matt Zimmerman wrote:
> On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
> > A daemon sits running in the background listening to a special device
> > (/dev) or an IPC which would originate from syslog-ng. This daemon
> > would then parse the
At 22:39 on Jun 30, Matt Zimmerman shook the earth with:
> On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
>
> > Are there any projects out there to do this right now. If not, is this
> > a good idea? If it is who would be a person/group that would be
> > qualified and have
> A daemon sits running in the background listening to a special device
> Are there any projects out there to do this right now. If not, is this
> a good idea? If it is who would be a person/group that would be
> qualified and have the time/interest to develop it.
Abacus Portsentry binds itself
Look snort 2.0.0 [1]
It's an Intrusion Detection System. Theres an Preprozessor for Snort called
'Guardian'[2] to do things like you want. But read the other answers in this
thread carefully!
Thomas Bechtold
[1] http://snort.org
[2] http://www.chaotic.org/guardian/
On Tuesday 01 July 2003 00:
On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote:
> On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
>
> > A daemon sits running in the background listening to a special device
> > (/dev) or an IPC which would originate from syslog-ng. This daemon
> > would then pars
Dale Amon wrote:
You should probably go over to linux-crypto. If it's loop-aes, ask Jaari;
otherwise one of the others might.
yes, i've done so and Jari was as helpful as you said :-)
Thanks,
Christian.
--
BOFH excuse #413:
Cow-tippers tipped a cow onto the server.
Matt Zimmerman a dit :
> On Mon, Jun 30, 2003 at 12:51:46PM -0500, CARMICHAEL, SHAWN (ASI) wrote:
>
>> That occurs because that is how it is packaged in the .deb when you
>> download
>> and update it. Unless you package your own from source there is no work
>> around.
>
> There is no need for a wor
Christoph Haas wrote:
hm, patches. i'm not good at creating patches. would it help too if i/we
send you "this word, sentence, page XX.." and the like?
That's a terrible burden for Alexander to create text from it. Please
get the docbook formatted code and do a revision. Then just do a "diff"
an
hello!
i'm about to set up port forwarding on a firewall to be able to reach
some hosts on the lan from the outside. i wish to use iptables prerouting
rules. my question is, is there a way to detect the port forwarding,
and/or get info about the host i forward to (ip address mainly) ? i mean:
is
On Martes, 1 de Julio de 2003 04:39, Matt Zimmerman wrote:
> On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
> > A daemon sits running in the background listening to a special device
> > (/dev) or an IPC which would originate from syslog-ng. This daemon
> > would then parse the
[EMAIL PROTECTED] said:
> That answer is pretty easy to find, too. Look at the description of the
> debian-keyring package.
"The Debian project wants developers to digitally sign the announcements
of their packages with GnuPG, to protect against forgeries. This package
contains keyrings of GnuPG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Volker Tanger said:
> ...which is the official license to shoot yourself into the foot. What
> happens if I send you a forged, suspicious packet with source-IP equal
> to the IP address of your gateway router, your DNS server, your internal
> system(s
On Tue, Jul 01, 2003 at 10:22:33AM +0200, Volker Tanger wrote:
> ...which is the official license to shoot yourself into the foot. What
> happens if I send you a forged, suspicious packet with source-IP equal
> to the IP address of your gateway router, your DNS server, your internal
> system(s), ..
Hi all,
I want to setup a new linux server in internet (apache, php, postfix,
mysql, dns...), and I would like to patch the standard kernel with some
security patches. but my question is, what patches are the best??
- Openwall ??
- TrustedDebian ??
- LIDS??
Any suggestions??
thx a
On Tue, Jul 01, 2003 at 12:47:36PM +0200, Boldizsar BENCSATH wrote:
> What about something like this 5-minutes-change?:
>
> Template: samba/security_warning
> Type: boolean
> Default: false
> Description: Warning! Serious Warning!
> This version of samba contains remotely exploitable SERIOUS
> v
On Mon, 30 Jun 2003 at 22:39:15 -0400, Matt Zimmerman wrote:
> On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
>
> > A daemon sits running in the background listening to a special device
> > (/dev) or an IPC which would originate from syslog-ng. This daemon
> > would then pars
Dale Amon wrote:
You should probably go over to linux-crypto. If it's loop-aes, ask Jaari;
otherwise one of the others might.
yes, i've done so and Jari was as helpful as you said :-)
Thanks,
Christian.
--
BOFH excuse #413:
Cow-tippers tipped a cow onto the server.
--
To UNSUBSCRIBE, email to [E
Christoph Haas wrote:
hm, patches. i'm not good at creating patches. would it help too if i/we
send you "this word, sentence, page XX.." and the like?
That's a terrible burden for Alexander to create text from it. Please
get the docbook formatted code and do a revision. Then just do a "diff"
and s
Matt Zimmerman a dit :
> On Mon, Jun 30, 2003 at 12:51:46PM -0500, CARMICHAEL, SHAWN (ASI) wrote:
>
>> That occurs because that is how it is packaged in the .deb when you
>> download
>> and update it. Unless you package your own from source there is no work
>> around.
>
> There is no need for a wor
hello!
i'm about to set up port forwarding on a firewall to be able to reach
some hosts on the lan from the outside. i wish to use iptables prerouting
rules. my question is, is there a way to detect the port forwarding,
and/or get info about the host i forward to (ip address mainly) ? i mean:
is
Check out psad, which is similar to what you want (and I use it)...
You can see psad at http://www.cipherdyne.com/psad/, which is somehow related to
Bastille Linux http://www.bastille-linux.org/. Or just apt-get install psad.
--jordan
On Mon, Jun 30, 2003 at 06:38:33PM -0400, Philli
On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
> A daemon sits running in the background listening to a special device
> (/dev) or an IPC which would originate from syslog-ng. This daemon
> would then parse the log and look for suspicious things. If it found
> something suspi
Hi,
There is an Intrusion Detection System(IDS) named Snort (http://www.snort.org)
There you can log to syslog, database, tcpdump-file,...
And there are some Preprozessors which can block 'bad' Traffic.
Snort can do much more. Read the FAQ
http://www.snort.org/docs/FAQ.txt
Thomas Bechtold
On Tue
[EMAIL PROTECTED] said:
> That answer is pretty easy to find, too. Look at the description of the
> debian-keyring package.
"The Debian project wants developers to digitally sign the announcements
of their packages with GnuPG, to protect against forgeries. This package
contains keyrings of GnuPG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Volker Tanger said:
> ...which is the official license to shoot yourself into the foot. What
> happens if I send you a forged, suspicious packet with source-IP equal
> to the IP address of your gateway router, your DNS server, your internal
> system(s
What about something like this 5-minutes-change?:
Template: samba/security_warning
Type: boolean
Default: false
Description: Warning! Serious Warning!
This version of samba contains remotely exploitable SERIOUS
vulnerabilities!
If you continue the install You will be definetly target of CRACKING
On Tue, Jul 01, 2003 at 10:22:33AM +0200, Volker Tanger wrote:
> ...which is the official license to shoot yourself into the foot. What
> happens if I send you a forged, suspicious packet with source-IP equal
> to the IP address of your gateway router, your DNS server, your internal
> system(s), ..
Hi all,
I want to setup a new linux server in internet (apache, php, postfix,
mysql, dns...), and I would like to patch the standard kernel with some
security patches. but my question is, what patches are the best??
- Openwall ??
- TrustedDebian ??
- LIDS??
Any suggestions??
thx a
On Tue, Jul 01, 2003 at 12:39:29AM +0200, Bencsath Boldizsar wrote:
> Do You (We) really surely want to include buggy samba 2.2.3a-12, more than
> half year old in 'testing' release?
> I already know one guy with a 1 week old 'testing' debian hacked through
> samba. (I know, it's -12.3 on security
On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
> A daemon sits running in the background listening to a special device
> (/dev) or an IPC which would originate from syslog-ng. This daemon
> would then parse the log and look for suspicious things. If it found
> something susp
On Mon, Jun 30, 2003 at 12:51:46PM -0500, CARMICHAEL, SHAWN (ASI) wrote:
> That occurs because that is how it is packaged in the .deb when you download
> and update it. Unless you package your own from source there is no work
> around.
There is no need for a work-around. What is needed is to rea
On Tue, Jul 01, 2003 at 12:47:36PM +0200, Boldizsar BENCSATH wrote:
> What about something like this 5-minutes-change?:
>
> Template: samba/security_warning
> Type: boolean
> Default: false
> Description: Warning! Serious Warning!
> This version of samba contains remotely exploitable SERIOUS
> v
Hmm, seems the list has lost my earlier mail, second try. Sorry for possible
double posts.
On Monday 30 June 2003 17:22, Andrew Sayers wrote:
> Ideally. whenever someone tries to FTP in as root, ftp, backup, or some
> other administrative account, I'd like iptables to DROP further incoming
> FTP
Check out psad, which is similar to what you want (and I use it)...
You can see psad at http://www.cipherdyne.com/psad/, which is somehow related to
Bastille Linux http://www.bastille-linux.org/. Or just apt-get install psad.
--jordan
On Mon, Jun 30, 2003 at 06:38:33PM -0400, Philli
On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
> A daemon sits running in the background listening to a special device
> (/dev) or an IPC which would originate from syslog-ng. This daemon
> would then parse the log and look for suspicious things. If it found
> something suspi
Hi,
There is an Intrusion Detection System(IDS) named Snort (http://www.snort.org)
There you can log to syslog, database, tcpdump-file,...
And there are some Preprozessors which can block 'bad' Traffic.
Snort can do much more. Read the FAQ
http://www.snort.org/docs/FAQ.txt
Thomas Bechtold
On Tue
What about something like this 5-minutes-change?:
Template: samba/security_warning
Type: boolean
Default: false
Description: Warning! Serious Warning!
This version of samba contains remotely exploitable SERIOUS
vulnerabilities!
If you continue the install You will be definetly target of CRACKING
On Tue, Jul 01, 2003 at 12:39:29AM +0200, Bencsath Boldizsar wrote:
> Do You (We) really surely want to include buggy samba 2.2.3a-12, more than
> half year old in 'testing' release?
> I already know one guy with a 1 week old 'testing' debian hacked through
> samba. (I know, it's -12.3 on security
On Mon, Jun 30, 2003 at 06:38:33PM -0400, Phillip Hofmeister wrote:
> A daemon sits running in the background listening to a special device
> (/dev) or an IPC which would originate from syslog-ng. This daemon
> would then parse the log and look for suspicious things. If it found
> something susp
Greetings!
On Mon, 30 Jun 2003 18:38:33 -0400 Phillip Hofmeister
<[EMAIL PROTECTED]> wrote:
> This daemon
> would then parse the log and look for suspicious things. If it found
> something suspicious it would use regular expression to grab out
> pertinent parts of the log (say the IP address) an
On Mon, Jun 30, 2003 at 12:51:46PM -0500, CARMICHAEL, SHAWN (ASI) wrote:
> That occurs because that is how it is packaged in the .deb when you download
> and update it. Unless you package your own from source there is no work
> around.
There is no need for a work-around. What is needed is to rea
Hmm, seems the list has lost my earlier mail, second try. Sorry for possible
double posts.
On Monday 30 June 2003 17:22, Andrew Sayers wrote:
> Ideally. whenever someone tries to FTP in as root, ftp, backup, or some
> other administrative account, I'd like iptables to DROP further incoming
> FTP
Ted Cabeen <[EMAIL PROTECTED]> wrote on 01/07/2003 (08:14) :
> Individual admins are not supposed to use update-rc.d to disable a
> packaged program from starting.
I got told earlier that I should use the update tools when doing
changes.
> update-rc.d is supposed to be for the use of the installe
On Mon, Jun 30, 2003 at 04:16:39PM +, Jason Lunz wrote:
> [EMAIL PROTECTED] said:
> >> Where should I get the key? And why isn't it in debian-keyring? I've got
> >> the current sid version.
> >
> > http://www.debian.org/releases/
>
> Well, that wasn't too hard to find, of course. The "where"
Greetings!
On Mon, 30 Jun 2003 18:38:33 -0400 Phillip Hofmeister
<[EMAIL PROTECTED]> wrote:
> This daemon
> would then parse the log and look for suspicious things. If it found
> something suspicious it would use regular expression to grab out
> pertinent parts of the log (say the IP address) an
Ted Cabeen <[EMAIL PROTECTED]> wrote on 01/07/2003 (08:14) :
> Individual admins are not supposed to use update-rc.d to disable a
> packaged program from starting.
I got told earlier that I should use the update tools when doing
changes.
> update-rc.d is supposed to be for the use of the installe
On Mon, Jun 30, 2003 at 04:16:39PM +, Jason Lunz wrote:
> [EMAIL PROTECTED] said:
> >> Where should I get the key? And why isn't it in debian-keyring? I've got
> >> the current sid version.
> >
> > http://www.debian.org/releases/
>
> Well, that wasn't too hard to find, of course. The "where"
On Sun, Jun 29, 2003 at 11:22:42PM -0700, Simon Kirby wrote:
> It's probably possible for something to overflow an X packet or something
> in the middle and obtain root by opening a new shell and issuing
> commands, or maybe it's even possible for X clients to fake keystrokes to
> other windows, bu
On Sun, Jun 29, 2003 at 11:22:42PM -0700, Simon Kirby wrote:
> It's probably possible for something to overflow an X packet or something
> in the middle and obtain root by opening a new shell and issuing
> commands, or maybe it's even possible for X clients to fake keystrokes to
> other windows, bu
66 matches
Mail list logo
