On 15 Jul 2005, Jarosław Tabor wrote:
> Hi all!
>
> This is probably not the best list, but it may also be important from
> security point of view.
You were right - this isn't the best list. :/
> I've tried to check the version of some lib from my program, and it
> looks, that the only way is to
On 5 Jul 2005, Michael Stone wrote:
> On Tue, Jul 05, 2005 at 10:00:53PM +1000, Daniel Pittman wrote:
>> /sbin/iptables -t filter -A in_world_http_s1 -p tcp --sport 1024:65535
>> --dport 80 -m state --state NEW,ESTABLISHED -j ACCEPT /sbin/iptables
>> -t filter -A out_world_h
On 5 Jul 2005, Paul Gear wrote:
> Daniel Pittman wrote:
>> ...
>>> So, probably, the best way to go is allowing the R/E packets alongside their
>>> "new state" counterparts. It also clarifies where the packets are accepted
>>> and WHY. Also, "i
On 5 Jul 2005, Eloi Granado wrote:
> On Sunday, 3 de July de 2005 23:24, Paul Gear wrote:
>> Daniel Pittman wrote:
>>> It also tends to encourage "shortcuts" in the firewall, like accepting
>>> any RELATED/ESTABLISHED packets,
>>
>> Am i r
On 4 Jul 2005, Paul Gear wrote:
> Daniel Pittman wrote:
>> ...
>>> Am i right in understanding that you consider accepting
>>> RELATED/ESTABLISHED packets a bad thing?
>>
>>
>> No. Accepting *any* RELATED/ESTABLISHED packets is, though, if someone
On 4 Jul 2005, KC wrote:
[...]
> *nat
> :PREROUTING DROP [0:0]
> :POSTROUTING DROP [0:0]
> :OUTPUT DROP [0:0]
> COMMIT
I thought that using a policy of DROP in the nat tables would result in
anything that wasn't NAT-ed being prevented from passing through by
iptables.
I can't find any documenta
On 4 Jul 2005, Paul Gear wrote:
> Daniel Pittman wrote:
>> ...
>> Shorewall, like many firewall packages, gives you[1] a whole bunch of
>> configuration options, which turn on or off features in the pre-packaged
>> firewall you have.
>>
>> This tends to
On 3 Jul 2005, Jakub Sporek wrote:
> On Sun, 03 Jul 2005 05:07:02 +0200, Daniel Pittman <[EMAIL PROTECTED]>
> wrote:
>
>> I found that 'firehol' was quite a surprise to me -- not only didn't it
>> suck, it actually improved my hand-written firewall somewha
On 3 Jul 2005, KC wrote:
> Daniel Pittman wrote:
>> On 3 Jul 2005, KC wrote:
>>
>>> I need help understanding what goes wrong in this script. I cannot ping
>>> anyone and cannot resolve as well. In fact I believe the only thing I can
>>> get is an ip addre
On 3 Jul 2005, Steve Kemp wrote:
> On Sat, Jul 02, 2005 at 04:46:29PM -0400, KC wrote:
[...]
> One thing did stand out though, you don't allow outgoing connections
> generally. These lines:
>
>> iptables --policy OUTPUT DROP
>> iptables -t nat --policy OUTPUT DROP
>> iptables -t mangle --policy
On 3 Jul 2005, KC wrote:
> I need help understanding what goes wrong in this script. I cannot ping
> anyone and cannot resolve as well. In fact I believe the only thing I can
> get is an ip address from my isp's dhcp server.
With sufficiently modern kernels, the DHCP client uses raw sockets, so
it
On 31 Mar 2005, JM wrote:
>> You can use pinning to pull in some packages from testing to stable or
>> whatever if you really must.
>
> My experiences with pining have been good in the begining but, sooner or
> later, I ended up with a broken system. Happy now running sarge but I
> recognize the v
On 11 Mar 2005, [EMAIL PROTECTED] wrote:
> I am having a problem in logging into my linux machine it is saying me
> that authentication failure
Try putting in the correct username and password; that should solve
that problem.
More seriously: this isn't a bug report, or a problem, it is a
statem
On 18 Feb 2005, kurt kuene wrote:
> * I have to use testing (sarge). *
Have to?
> All of my 3 webservers (apache php mysql java tomcat). on two other
> webserver I run woody with some packages from sarge (apt-pining) and
> the mail relay servers (spamassasin amavisd postfix clamav).
IIRC, all of
On 2 Nov 2004, Potato Chip wrote:
> Is there a recommended firewall package? There seem to be several
> available, but was curious if there was a debian recommended one.
>
> I currently have a hand-crafted script calling iptables directly.
> Logging is only provided by iptable's -j LOG parameter, w
On 23 Oct 2004, Jan LÃhr wrote:
> Am Freitag, 22. Oktober 2004 14:02 schrieb Daniel Pittman:
>> On 22 Oct 2004, Jan LÃhr wrote:
>>> because of the recent xpdf issues I tested the access restrictions of
>>> some users like lp, mail, etc. with default settings in sa
On 22 Oct 2004, Jan LÃhr wrote:
> because of the recent xpdf issues I tested the access restrictions of some
> users like lp, mail, etc. with default settings in sarge. I noticed that, by
> default, no acl were used to prevent access to vital system commands, the
> user shouldn't have. For instan
On 6 Oct 2004, Emil Perhinschi wrote:
> Sorry to bother, but is this an attack? I get repeated requests for a
> file "favicon.ico" that should have been, or so the client connecting
> believes, in the root of my htdocs.
Yup. Ages ago Microsoft added support for displaying that icon next to
var
On 28 Sep 2004, Dariush Pietrzak wrote:
>>
>> I don't know what you imagine is "encrypted" in FTP, though, since that
>> is not part of the specification or the standard implementations.
>
> oh, not part of THIS: http://www.ietf.org/rfc/rfc2246.txt specification?
> that is like, what, 5 years old?
On 28 Sep 2004, Dariusz Pietrzak wrote:
>>
>> ftp == good enough for public upload and download in a chroot
>> environment.
>>
>> scp == the preferred method for data transfer between machines. Nearly
>> as fast on semi-modern machines. pscp == the windows equivalent for
>> regault *NIXX scp.
>
> W
On 28 Sep 2004, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
>> Alternately, with sed:
>>
>> ] sed -si.orig -e '...' `find . -name '...'`
>>
>> More safely, but with more forks:
>>
>> ] find . -name '...' -print0 | xargs -0 sed -si.orig -e '...'
>
> BTW: I dont see how xarg wo
On 27 Sep 2004, Dale Amon wrote:
> A couple years ago I ran across a sed like program that will
> recursively descend through a tree and apply specified edits in place.
> I have searched my notes, gone through the deb available and have not
> been able to find it. Might just have been something on
On 1 Sep 2004, s. keeling wrote:
> Incoming from Daniel Pittman:
>>
>> *Most* mail clients under Unix are better written than to do that, but
>
> Even mutt (a terrific MUA) _can be told_ to automatically "handle"
> MIME types for you, if you want. It just depen
On 1 Sep 2004, Jim Richardson wrote:
> On Tue, 31 Aug 2004 16:50:09 +0200,
> Adrian 'Dagurashibanipal' von Bidder <[EMAIL PROTECTED]> wrote:
>> On Tuesday 31 August 2004 13.30, Volker Tanger wrote:
>>
>> [spyware/adware/trojans/...:]
>>
>>> Yes and no. When surfing as normal user *ware programs can
On 31 Aug 2004, Physics IT Support via wrote:
> This message has been automatically generated in response to the
> creation of a trouble ticket regarding: "[SECURITY] [DSA 542-1] New Qt
> packages fix arbitrary code execution and denial of service", a
> summary of which appears below.
>
> There is
On 25 Aug 2004, Matthew Palmer wrote:
> On Tue, Aug 24, 2004 at 12:20:24PM -0400, Phillip Hofmeister wrote:
>> On Tue, 24 Aug 2004 at 10:50:38AM -0400, Daniel Pittman wrote:
>>> Be aware that this sort of technique "multi-encryption" technique can
>>> lead to
On 24 Aug 2004, Sam Vilain wrote:
> Robert Trebula wrote:
>
>> Maybe you have already noticed - collisions have been found in MD5
>> hashing algorithm:
[...]
> I think cryptanalysts have 'cracked' pretty much all of them, though
> with practically prohibitive costs of cracking them (eg, 2^50 for
On 24 Aug 2004, Robert Trebula wrote:
> Maybe you have already noticed - collisions have been found in MD5
> hashing algorithm:
>
> http://eprint.iacr.org/2004/199.pdf
> http://www.freedom-to-tinker.com/archives/000664.html
> http://www.unixwiz.net/techtips/iguide-crypto-hashes.html
>
> My questio
On 20 Aug 2004, Don Froien, III wrote:
> I was recently in a meeting where members of the IT group propose to
> use a utility called WebEx to perform remote compiles. Webex offers
> SSL encrypted transfers and the ability to offer only selected members
> to the meeting (remote compile in this case)
On 14 Aug 2004, s. keeling wrote:
> Incoming from Bernd Eckenfels:
>> In article <[EMAIL PROTECTED]> you wrote:
>> Aug 12 04:36:53 towern kernel: |iptables -- IN=ppp0 OUT= MAC=
>> SRC=201.129.122.85 DST=12.65.24.43 LEN=48 TOS=0x00 PREC=0x00 TTL=115
>> ID=40023 DF PROTO=TCP SPT=4346 DPT
On 24 Jul 2004, [EMAIL PROTECTED] wrote:
> Any package in Debian that will automatically run all /etc/init.d based
> deamons in jail / chroot?
No, because it is not possible to provide a generic solution to running
daemons under a chroot, for a variety of reasons.
Regards,
Daniel
--
Natu
On 16 Jun 2004, Hubert Chan wrote:
>> "Russell" == Russell Coker <[EMAIL PROTECTED]> writes:
> Russell> On Fri, 11 Jun 2004 22:34, Patrick Maheral <[EMAIL PROTECTED]> wrote:
[...]
> SpamAssassin will check for hashcash in the future. Support is already
> present in the development version of
On 16 Jun 2004, Hubert Chan wrote:
>> "Russell" == Russell Coker <[EMAIL PROTECTED]> writes:
> Russell> On Fri, 11 Jun 2004 22:34, Patrick Maheral <[EMAIL PROTECTED]> wrote:
[...]
> SpamAssassin will check for hashcash in the future. Support is already
> present in the development version of
On 14 Jun 2004, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
>> This sort of thing is why I would rather use any RBL within
>> SpamAssassin, rather than at SMTP delivery time. Even if one of these
>> services goes completely belly up and blacklists the world, I don't
>> automa
On 14 Jun 2004, Bernd Eckenfels wrote:
> In article <[EMAIL PROTECTED]> you wrote:
>> This sort of thing is why I would rather use any RBL within
>> SpamAssassin, rather than at SMTP delivery time. Even if one of these
>> services goes completely belly up and blacklists the world, I don't
>> automa
On 14 Jun 2004, Noah Meyerhans wrote:
> On Sun, Jun 13, 2004 at 07:46:15PM +0300, Vassilii Khachaturov wrote:
>>> What are the recommended rbl's these days?
>>
>> Best thing is ask on NANAE or exim-users or whatever your favourite MTA is.
>> Here's what I am using here RBL-wise:
>>
>> rbl_domains =
On 14 Jun 2004, Noah Meyerhans wrote:
> On Sun, Jun 13, 2004 at 07:46:15PM +0300, Vassilii Khachaturov wrote:
>>> What are the recommended rbl's these days?
>>
>> Best thing is ask on NANAE or exim-users or whatever your favourite MTA is.
>> Here's what I am using here RBL-wise:
>>
>> rbl_domains =
On 12 Jun 2004, Christian Christmann wrote:
> I just checked my /var/log/samba and found
> bunch of log files:
>
> log.shitbanda log.familj
> log.mario-t3psqfw32 log.talentoaa
> log.syb07 log.50163099sp
> log.gustavo log.momerdadd
> log.rampeiras.
On 12 Jun 2004, Christian Christmann wrote:
> I just checked my /var/log/samba and found
> bunch of log files:
>
> log.shitbanda log.familj
> log.mario-t3psqfw32 log.talentoaa
> log.syb07 log.50163099sp
> log.gustavo log.momerdadd
> log.rampeiras.
On 2 Jun 2004, Remco Seesink wrote:
> I tried the question below first on debian-mentors but harvested silence.
> Hopefully it is more on topic here.
In part, that is probably because you asked a very hard question. :)
[...]
>> I am packaging ibwebadmin, a web administration tool for firebird
>>
On 2 Jun 2004, Remco Seesink wrote:
> I tried the question below first on debian-mentors but harvested silence.
> Hopefully it is more on topic here.
In part, that is probably because you asked a very hard question. :)
[...]
>> I am packaging ibwebadmin, a web administration tool for firebird
>>
On Tue, 27 Apr 2004, Dan Christensen wrote:
> Daniel Pittman <[EMAIL PROTECTED]> writes:
>
>> On Mon, 26 Apr 2004, George Georgalis wrote:
>>> On Mon, Apr 26, 2004 at 06:44:35PM +0200, LeVA wrote:
>>>
>>>>So when I'm getting a large amoun
On Tue, 27 Apr 2004, Dan Christensen wrote:
> Daniel Pittman <[EMAIL PROTECTED]> writes:
>
>> On Mon, 26 Apr 2004, George Georgalis wrote:
>>> On Mon, Apr 26, 2004 at 06:44:35PM +0200, LeVA wrote:
>>>
>>>>So when I'm getting a large amoun
On Tue, 27 Apr 2004, Emmanuel Lacour wrote:
> On Mon, Apr 26, 2004 at 07:08:05PM +0200, Thomas Schuering wrote:
>> Hi,
>>
>> > So when I'm getting a large amount of messages there is approx.
>> > 15-20 spamc/spamd running. I want to limit this to ~5. How can I do
>> > this.
>>
>> /usr/sbin/spamd
On Tue, 27 Apr 2004, Emmanuel Lacour wrote:
> On Mon, Apr 26, 2004 at 07:08:05PM +0200, Thomas Schuering wrote:
>> Hi,
>>
>> > So when I'm getting a large amount of messages there is approx.
>> > 15-20 spamc/spamd running. I want to limit this to ~5. How can I do
>> > this.
>>
>> /usr/sbin/spamd
On Mon, 26 Apr 2004, George Georgalis wrote:
> On Mon, Apr 26, 2004 at 06:44:35PM +0200, LeVA wrote:
>
>>I have a 'spam' user, and I've set up postfix, to run a tiny little
>>script as this 'spam' user. This script accepts messages thru the
>>stdin, and it filters the message thru the spamd daemon
On Mon, 26 Apr 2004, George Georgalis wrote:
> On Mon, Apr 26, 2004 at 06:44:35PM +0200, LeVA wrote:
>
>>I have a 'spam' user, and I've set up postfix, to run a tiny little
>>script as this 'spam' user. This script accepts messages thru the
>>stdin, and it filters the message thru the spamd daemon
On Sun, 11 Apr 2004, Noah Meyerhans wrote:
> On Sun, Apr 11, 2004 at 11:15:10AM +0200, LeVA wrote:
>> I always compile the latest stable 2.4 kernel with loadable modules
>> disabled, but I don't apply any kernel patches.
>> Is this "safe", or I must apply some security patch?
>
> None of the rece
On Sun, 11 Apr 2004, Noah Meyerhans wrote:
> On Sun, Apr 11, 2004 at 11:15:10AM +0200, LeVA wrote:
>> I always compile the latest stable 2.4 kernel with loadable modules
>> disabled, but I don't apply any kernel patches.
>> Is this "safe", or I must apply some security patch?
>
> None of the rece
49 matches
Mail list logo
