Re: snort-stat warnings

2008-07-30 Thread Bjoern Meier
Hi, well, it's mir first post on this list. So please don't flame me ;-) Ok under the docoments of snort is a file called README.http_inspect , from which I quote: Bare byte encoding is an IIS trick that uses non-ASCII chars as valid values in decoding UTF-8 values. This is NOT in the HT

Re: Tinydns - cache poisoning?

2008-07-30 Thread John Allen
Stephen Vaughan wrote: Hi, Does anyone know if TinyDNS is vulnerable to the dns cache poisoning exploit? I run tinydns servers, I ran the test below and it came back as POOR. mh1:~# dig +short @ns1.example.com porttest.dns-oarc.net TXT

snort-stat warnings

2008-07-30 Thread Adam D. Barratt
Hi, We're running snort 2.3.3-11 on etch, and for the past few days the cron.daily job has been generating a number of "Warning, file may be incomplete" messages. After a little experimentation, it appears that this is due to /var/log/snort/alert containing the "header" line for a number of

Re: Tinydns - cache poisoning?

2008-07-30 Thread Rick Moen
Quoting Stephen Vaughan ([EMAIL PROTECTED]): > Does anyone know if TinyDNS is vulnerable to the dns cache poisoning > exploit? The Kaminsky-publicised attack method applies _only_ to caching recursive-resolver nameservers: tinydns is an authoritative-only DNS daemon, not a recursive resolver.

Re: Bug#492806: libavformat52: does not handle STR file demuxing (CVE-2008-3162)

2008-07-30 Thread Nico Golde
Hi Michael, * Michael Gilbert <[EMAIL PROTECTED]> [2008-07-30 09:03]: [...] > >> ubuntu just updated their libavformat packages to patch a problem with > >> STR file demuxing [1]. does this problem apply to debian as well? the > >> CVE number is CVE-2008-3162 [2]. > >> > >> [1] http://www.ubuntu

Re: Tinydns - cache poisoning?

2008-07-30 Thread Adrian Chapela
Stephen Vaughan escribió: I was querying my tinydns remotely which was using bind locally. When I ran the dig command on the box itself (which uses the local dnscache) it didn't return anything. Who is resolving the external domains ? Your TinyDNS have forwarders ? If your answer is yes, you ar

Re: Bug#492806: libavformat52: does not handle STR file demuxing (CVE-2008-3162)

2008-07-30 Thread Reinhard Tartler
found 492806 0.cvs20060823-8 stop "Michael Gilbert" <[EMAIL PROTECTED]> writes: > ok, i appologize, i did a quick scan of bugs in libavformat, and > somehow missed this. No Problem. Better safe than sorry. > there has not been a DSA to fix this problem in stable. is the > libavformat0d package