LDA
>>
>> Since then, I can not log on as root.
>>
>> Does anyone knows how to repair the machine?
>>
>> Thanks in advance
>>
>> Thomas
>>
>>
>
>
> --
> To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
>
>
--
Josh Lauricha
--
To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
e are winning the battle and will in the next few weeks try do the
>> analysis of what went wrong.
>>
>> Regards
>> Johann
>>
>
>
> --
> Guntram Trebs
> freier Programmierer und Administrator
>
> g...@trebs.net
> +49 (30) 42 80 61 55
> +49 (178)
:00
No viruses or suspicious files/boot sectors were
found.
$ md5sum ./ssh-copy-id
a36ef875ba1c83e0c6d7cbf276e7f0f0 ./ssh-copy-id
Regards,
Josh
--- Asim Saglam <[EMAIL PROTECTED]> wrote:
> Dear all,
>
> Can anybody explain the following?
>
> My virus scanner reported th
:00
No viruses or suspicious files/boot sectors were
found.
$ md5sum ./ssh-copy-id
a36ef875ba1c83e0c6d7cbf276e7f0f0 ./ssh-copy-id
Regards,
Josh
--- Asim Saglam <[EMAIL PROTECTED]> wrote:
> Dear all,
>
> Can anybody explain the following?
>
> My virus scanner reported th
this
work around.
Good luck!
Josh
Eckhard Hoeffner ([EMAIL PROTECTED]) wrote:
> * Ted Roby <[EMAIL PROTECTED]> [22 09 03 20:56]:
>
> >My secalert account for these lists is being drenched with 40 to 70 of
> >these fake Microsoft Update emails per day.
> >My filte
this
work around.
Good luck!
Josh
Eckhard Hoeffner ([EMAIL PROTECTED]) wrote:
> * Ted Roby <[EMAIL PROTECTED]> [22 09 03 20:56]:
>
> >My secalert account for these lists is being drenched with 40 to 70 of
> >these fake Microsoft Update emails per day.
> >My filte
effort/etc,
but then again maybe
you'll forget something and a backdoor will remain. Best bet is to re-install,
referencing your
existing configuration files (though I would NOT use them as-is without
inspection, since they
could potentially have backdoor'd the configs as well).
Good
effort/etc, but
then again maybe
you'll forget something and a backdoor will remain. Best bet is to re-install,
referencing your
existing configuration files (though I would NOT use them as-is without inspection,
since they
could potentially have backdoor'd the configs as well).
Good
would like to see said exploit so I can test my systems
post-patch. But I guess
we'll have to trust the packages and/or buffer.c patch.
Josh
Florian Weimer ([EMAIL PROTECTED]) wrote:
> Ted Roby <[EMAIL PROTECTED]> writes:
>
> > Does this vulnerability require a login
would like to see said exploit so I can test my systems post-patch. But I
guess
we'll have to trust the packages and/or buffer.c patch.
Josh
Florian Weimer ([EMAIL PROTECTED]) wrote:
> Ted Roby <[EMAIL PROTECTED]> writes:
>
> > Does this vulnerability require a login
It may be slightly unpure, but what's wrong with:
chkrootkit -q | grep -vE '(eth[0-9]+:*[0-9]* *is not
promisc)'
That would at least avoid triggering the mail from the
cron job.
Regards,
Josh
--- Kay-Michael Voit <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED
If you compiled and ran the resulting binary before
upgrading your kernel, the isec-ptrace-kmod-exploit
binary may already be set[ug]id, which is a side
effect of running it. Make sure it's not +s and/or
g+s, or better yet just remove it and recompile it.
--- LeVA <[EMAIL PROTECTED]> wrote:
> Hell
If you compiled and ran the resulting binary before
upgrading your kernel, the isec-ptrace-kmod-exploit
binary may already be set[ug]id, which is a side
effect of running it. Make sure it's not +s and/or
g+s, or better yet just remove it and recompile it.
--- LeVA <[EMAIL PROTECTED]> wrote:
> Hell
ss you by for an easier target.
In general, I don't use -REJECT unless I'm worried
about being polite. And in most circumstances,
politeness isn't my goal ;)
Josh
--- Vineet Kumar
<[EMAIL PROTECTED]> wrote:
> * Adrian 'Dagurashibanipal' von Bidder
> <[EMAIL P
ss you by for an easier target.
In general, I don't use -REJECT unless I'm worried
about being polite. And in most circumstances,
politeness isn't my goal ;)
Josh
--- Vineet Kumar
<[EMAIL PROTECTED]> wrote:
> * Adrian 'Dagurashibanipal' von Bidder
> <[EMAIL P
culations that
netmask -c is doing. Something like:
iptables -m ip_block -A INPUT -s 1.2.3.1:1.2.3.4 -d
...
Would be really cool.
Anyway, thanks for the suggestions all!
Josh
--- Karl Hammar <[EMAIL PROTECTED]> wrote:
> > It would be useful to have something that would
> take
> &
culations that
netmask -c is doing. Something like:
iptables -m ip_block -A INPUT -s 1.2.3.1:1.2.3.4 -d
...
Would be really cool.
Anyway, thanks for the suggestions all!
Josh
--- Karl Hammar <[EMAIL PROTECTED]> wrote:
> > It would be useful to have something that would
> take
> &
. But is
there any easier way to allow ip ranges in iptables,
short of doing each individual IP or generalizing to a
class boundary? Can ipsc do this easily?
Thanks,
Josh
--- Douglas Blood <[EMAIL PROTECTED]>
wrote:
> http://www.ralphb.net/IPSubnet/class_a.html
> That is a page I use whe
. But is
there any easier way to allow ip ranges in iptables,
short of doing each individual IP or generalizing to a
class boundary? Can ipsc do this easily?
Thanks,
Josh
--- Douglas Blood <[EMAIL PROTECTED]>
wrote:
> http://www.ralphb.net/IPSubnet/class_a.html
> That is a page I use whe
the *nix domain or windows if known), and should it be a concern.
Below is
an example of the dropped packets I'm seeing.
Thanks in advance,
Josh
Jan 7 14:45:54 deblin kernel: PACKET DROPPED: IN=ppp0 OUT= MAC= SRC=a.b.c.d
DST=w.x.y.z LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=25183 DF PROTO=TC
the *nix domain or windows if known), and should it be a concern. Below is
an example of the dropped packets I'm seeing.
Thanks in advance,
Josh
Jan 7 14:45:54 deblin kernel: PACKET DROPPED: IN=ppp0 OUT= MAC= SRC=a.b.c.d
DST=w.x.y.z LEN=48 TOS=0x00 PREC=0x00 TTL=115 ID=25183 DF PROTO=T
Noah L. Meyerhans wrote:
On Fri, Mar 15, 2002 at 06:40:45AM -0500, Josh Frick wrote:
I thought class C networks were non-routable.
I think you're confused. First of all I think you're confused as to
what a class C network is, and second of all I think you're confused as
t
Noah L. Meyerhans wrote:
>On Fri, Mar 15, 2002 at 06:40:45AM -0500, Josh Frick wrote:
>
>>I thought class C networks were non-routable.
>>
>
>I think you're confused. First of all I think you're confused as to
>what a class C network is, and second of al
Stephen Gran wrote:
This one time, at band camp, Hal said:
I run a potato server on an ethernet behind a firewall connected by dsl to the
internet. The only service exposed is ftp, In the middle of last night ippl
reported an ftp connection attempt from 192.168.1,1 The network behind my
Stephen Gran wrote:
>This one time, at band camp, Hal said:
>
>>I run a potato server on an ethernet behind a firewall connected by dsl to the
>internet. The only service exposed is ftp, In the middle of last night ippl
>reported an ftp connection attempt from 192.168.1,1 The network behind
Simon Murcott wrote:
On Thu, 2002-03-07 at 11:06, Josh Frick wrote:
Thank you. That's what I had suspected. NAT is NAT, right? I'm
trying to build a multi-layered approach. Currenlty it's two Coyote
(IPchains) Firewalls in front of Squid/Socks. This does
Berend De Schouwer wrote:
On Wed, 2002-03-06 at 16:21, Josh Frick wrote:
I've just added a Dante/Squid proxy to my network, and I'd like to know
if this is significantly more secure than packet filtering.
You can view the separate services as:
packet filtering = IP layer
Simon Murcott wrote:
>On Thu, 2002-03-07 at 11:06, Josh Frick wrote:
>
>Thank you. That's what I had suspected. NAT is NAT, right? I'm
>trying to build a multi-layered approach. Currenlty it's two Coyote
>(IPchains) Firewalls in front of Squid/So
Berend De Schouwer wrote:
>On Wed, 2002-03-06 at 16:21, Josh Frick wrote:
>
>>I've just added a Dante/Squid proxy to my network, and I'd like to know
>>if this is significantly more secure than packet filtering.
>>
>
>You can view the separate ser
traight-forward question:
Do Socks4/5 and/or Squid actually prevent packets with inappropriate
protocols from being passed on to the client (i.e. telnet to port 80)?
If not, what does?
Sincerely,
Josh Frick
traight-forward question:
Do Socks4/5 and/or Squid actually prevent packets with inappropriate
protocols from being passed on to the client (i.e. telnet to port 80)?
If not, what does?
Sincerely,
Josh Frick
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "u
try checking out www.grsecurity.net. It's a collection of patches and a
very excellent ACL system written by a friend of mine. It also
incorperates the OpenWall / pax patches among other things.
- Josh Reynolds
On Sat, 9 Feb 2002, Jeff Bonner wrote:
> > -Origi
try checking out www.grsecurity.net. It's a collection of patches and a
very excellent ACL system written by a friend of mine. It also
incorperates the OpenWall / pax patches among other things.
- Josh Reynolds
On Sat, 9 Feb 2002, Jeff Bonner wrote:
> > -Origi
you're at it, Linuxconf isn't too bad either. The
http://www.linux-firewall-tools.com site also has a good ipchains
builder. And there are some decent GTK firewall builders also, aren't
there?
Josh
;
> also apt-get install bastill*
> man InteractiveBastille
> easy and simple
> Kenneth
>
>
>
While you're at it, Linuxconf isn't too bad either. The
http://www.linux-firewall-tools.com site also has a good ipchains
builder. And there are some decent GTK firewall
Lou Poppler wrote:
On Fri, 11 Jan 2002, Josh Frick wrote:
Is there any reason that Socks and Squid couldn't or shouldn't be run on
the same box? I'd appreciate anyone's advice. Thanks.
Be very careful to configure both of these very restrictively.
The newest f
Lou Poppler wrote:
>On Fri, 11 Jan 2002, Josh Frick wrote:
>
>>Is there any reason that Socks and Squid couldn't or shouldn't be run on
>>the same box? I'd appreciate anyone's advice. Thanks.
>>
>
>Be very careful to configure both of these
Is there any reason that Socks and Squid couldn't or shouldn't be run on
the same box? I'd appreciate anyone's advice. Thanks.
Sincerely,
Josh Frick
Is there any reason that Socks and Squid couldn't or shouldn't be run on
the same box? I'd appreciate anyone's advice. Thanks.
Sincerely,
Josh Frick
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
hmmm, im a bit of a newbie here, but how do you bind a
daemon, eg telnetd to a certain nic?
__
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://auctio
hmmm, im a bit of a newbie here, but how do you bind a
daemon, eg telnetd to a certain nic?
__
Do You Yahoo!?
Check out Yahoo! Shopping and Yahoo! Auctions for all of
your unique holiday gifts! Buy at http://shopping.yahoo.com
or bid at http://aucti
How is this related to Debian security?
Josh
> -Original Message-
> From: Jochen Rohrig [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, August 14, 2001 10:42 AM
> To: debian-security@lists.debian.org
> Cc: debian-s390@lists.debian.org
> Subject: Questions concerning
How is this related to Debian security?
Josh
> -Original Message-
> From: Jochen Rohrig [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, August 14, 2001 10:42 AM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Questions concerning S/390 OCO-modules
>
>
gainst a (patched) hole in Microsoft IIS, and
doesn't have any impact other than a minor log annoyance on Apache users.
ZDNet has a story regarding this:
http://www.zdnet.com/zdnn/stories/news/0,4586,5094345,00.html?chkpt=zdhpnews
01
Josh
> -Original Message-
> From: [EM
gainst a (patched) hole in Microsoft IIS, and
doesn't have any impact other than a minor log annoyance on Apache users.
ZDNet has a story regarding this:
http://www.zdnet.com/zdnn/stories/news/0,4586,5094345,00.html?chkpt=zdhpnews
01
Josh
> -Original Message-
> From: [EMA
ne or both of them. I can probably reproduce
it doing other tasks as well, but I haven't tried it.
Josh Hattery
[EMAIL PROTECTED]
On Wed, 14 Mar 2001, Rob Kaper wrote:
> On Wed, Mar 14, 2001 at 01:07:26AM -0500, Josh Hattery wrote:
> > The system is a Celeron 300a (o/c 450, ha
in one or both of them. I can probably reproduce
it doing other tasks as well, but I haven't tried it.
Josh Hattery
[EMAIL PROTECTED]
On Wed, 14 Mar 2001, Rob Kaper wrote:
> On Wed, Mar 14, 2001 at 01:07:26AM -0500, Josh Hattery wrote:
> > The system is a Celeron 300a (o/c 450, ha
I have an identical CPU/Motherboard pair that used to be in another box of
mine, but I haven't gotten ambitious enough to swap the two and see if it
continues to have the problem. I also don't know if it's worth the effort
since it could be a simple design flaw. *shrug*
Thanks
ntaneously rebooting. It's
an odd problem and I'm kind of tired of it... :) For now I just avoid web
browsing in XFree86/enlightenment.
(Problem persisted with different distros and video cards.)
Josh Hattery
[EMAIL PROTECTED]
On Wed, 14 Mar 2001 [EMAIL PROTECTED] wrote:
> Hey ther
I have an identical CPU/Motherboard pair that used to be in another box of
mine, but I haven't gotten ambitious enough to swap the two and see if it
continues to have the problem. I also don't know if it's worth the effort
since it could be a simple design flaw. *shrug*
Thanks
ntaneously rebooting. It's
an odd problem and I'm kind of tired of it... :) For now I just avoid web
browsing in XFree86/enlightenment.
(Problem persisted with different distros and video cards.)
Josh Hattery
[EMAIL PROTECTED]
On Wed, 14 Mar 2001 [EMAIL PROTECTED] wrote:
> H
51 matches
Mail list logo
