On Thu, May 29, 2003 at 08:59:15AM -0400, Peter Solodov wrote:
> On Thu, 29 May 2003, Jayson Vantuyl wrote:
> > On Wed, May 28, 2003 at 02:06:21PM +0200, Olaf Dietsche wrote:
> >> Just curious, how do you su to root, if root's password is
> >> disabled? Do yo
On Wed, May 28, 2003 at 12:04:00PM +0200, Marcel Weber wrote:
> I did not reread the whole thread, so sorry if I'm asking silly
> questions, but perhaps it's not a security issue, but a policy issue:
Oh, it is partially a policy issue. All of the points you have
mentioned completely apply. Offic
On Wed, May 28, 2003 at 02:06:21PM +0200, Olaf Dietsche wrote:
> Just curious, how do you su to root, if root's password is disabled?
> Do you have a modified su replacement?
One of the few really nice things to come out of RedHat is PAM.
If you examine /etc/pam.d/su there should be a commented li
On Wed, May 28, 2003 at 03:11:03PM +, Jason Lunz wrote:
> Maybe he didn't use the same method for all of them. With the tty
> sniffer, he could have sniffed passwords from the first box he cracked
> if he was lucky enough to catch an admin su'ing. Do the timestamps
> support that theory? (This
On Thu, May 29, 2003 at 08:59:15AM -0400, Peter Solodov wrote:
> On Thu, 29 May 2003, Jayson Vantuyl wrote:
> > On Wed, May 28, 2003 at 02:06:21PM +0200, Olaf Dietsche wrote:
> >> Just curious, how do you su to root, if root's password is
> >> disabled? Do yo
On Wed, May 28, 2003 at 12:04:00PM +0200, Marcel Weber wrote:
> I did not reread the whole thread, so sorry if I'm asking silly
> questions, but perhaps it's not a security issue, but a policy issue:
Oh, it is partially a policy issue. All of the points you have
mentioned completely apply. Offic
On Wed, May 28, 2003 at 02:06:21PM +0200, Olaf Dietsche wrote:
> Just curious, how do you su to root, if root's password is disabled?
> Do you have a modified su replacement?
One of the few really nice things to come out of RedHat is PAM.
If you examine /etc/pam.d/su there should be a commented li
On Wed, May 28, 2003 at 03:11:03PM +, Jason Lunz wrote:
> Maybe he didn't use the same method for all of them. With the tty
> sniffer, he could have sniffed passwords from the first box he cracked
> if he was lucky enough to catch an admin su'ing. Do the timestamps
> support that theory? (This
On Tue, May 27, 2003 at 06:23:10PM -0500, Andr?s Rold?n wrote:
> Hi.
>
> I was reading about certain kind of attacks about TCP sequence and I was
> wondering whether iptables is vulnerable to theses attacks. Especifically,
> whether iptables is capable to know if a RELATED or ESTABLISHED package i
On Sun, May 25, 2003 at 08:44:29PM +0100, David Ramsden wrote:
> I've found that when running a system were the users can put up their
> web pages.. most insecure.
> It's virtually impossible to know what each user is running under their
> web space.. An exploitable version of PHPNuke for example,
On Sun, May 25, 2003 at 02:35:32PM -0400, Ed McMan wrote:
> Sunday, May 25, 2003, 2:04:30 PM, Jayson Vantuyl (Jayson) wrote:
>
> Jayson> We've had a number of hacked boxen recently. It appears a certain
> Jayson> person (Romanian we think) is specifically targeting us and
On Sun, May 25, 2003 at 02:32:56PM -0400, Noah Meyerhans wrote:
> If you believe he'll be back, it might be worth it to set up a honeypot
> and a box running tcpdump and capturing all the traffic to honeypot.
> Set the honeypot up with the same services you run on your production
> machines, and ma
On Sun, May 25, 2003 at 02:25:28PM -0400, John Keimel wrote:
> Here's one major thing to consider. If all of your servers within your
> network are nearly the same, security wise, then you should consider
> that ALL of them are hacked. Until you've rebuilt every single one with
> trustable sources,
On Tue, May 27, 2003 at 06:23:10PM -0500, Andr?s Rold?n wrote:
> Hi.
>
> I was reading about certain kind of attacks about TCP sequence and I was
> wondering whether iptables is vulnerable to theses attacks. Especifically,
> whether iptables is capable to know if a RELATED or ESTABLISHED package i
On Sun, May 25, 2003 at 08:44:29PM +0100, David Ramsden wrote:
> I've found that when running a system were the users can put up their
> web pages.. most insecure.
> It's virtually impossible to know what each user is running under their
> web space.. An exploitable version of PHPNuke for example,
On Sun, May 25, 2003 at 02:35:32PM -0400, Ed McMan wrote:
> Sunday, May 25, 2003, 2:04:30 PM, Jayson Vantuyl (Jayson) wrote:
>
> Jayson> We've had a number of hacked boxen recently. It appears a certain
> Jayson> person (Romanian we think) is specifically targeting us and
On Sun, May 25, 2003 at 02:32:56PM -0400, Noah Meyerhans wrote:
> If you believe he'll be back, it might be worth it to set up a honeypot
> and a box running tcpdump and capturing all the traffic to honeypot.
> Set the honeypot up with the same services you run on your production
> machines, and ma
On Sun, May 25, 2003 at 02:25:28PM -0400, John Keimel wrote:
> Here's one major thing to consider. If all of your servers within your
> network are nearly the same, security wise, then you should consider
> that ALL of them are hacked. Until you've rebuilt every single one with
> trustable sources,
he only comforting thought is that I can't imaging Redhat
would have done any better.
Jayson Vantuyl
Computing Edge, Inc.
19 matches
Mail list logo
