On Mon, Nov 01, 2004 at 07:45:18AM -0800, Potato Chip wrote:
> Is there a recommended firewall package? There seem to be several
> available, but was curious if there was a debian recommended one.
>
> I currently have a hand-crafted script calling iptables directly.
> Logging is only provided by i
On Fri, Sep 05, 2003 at 04:47:30PM +0200, Frank Lichtenheld wrote:
> Hi.
Hello :)
> It was un/undermaintained a long time and has no separate upstream.
> While looking in the code to fix some outstanding bugs I found
> several code pieces like
>
> char path[256];
> sprintf( path, "some string/%s"
On Fri, Sep 05, 2003 at 04:47:30PM +0200, Frank Lichtenheld wrote:
> Hi.
Hello :)
> It was un/undermaintained a long time and has no separate upstream.
> While looking in the code to fix some outstanding bugs I found
> several code pieces like
>
> char path[256];
> sprintf( path, "some string/%s"
On Tue, Apr 22, 2003 at 04:21:03PM +0100, Dale Amon wrote:
> Would anyone have a recommendation for doing a stress
> test of a network? I've got a big show coming up and
> I'd like to set up re-produceable test procedures so
> I know how things respond under expected real life loads.
>From what i h
On Sun, Sep 15, 2002 at 02:47:38PM +0200, Lupe Christoph wrote:
> On Sunday, 2002-09-15 at 13:03:42 +0100, Tim Haynes wrote:
Hello
>
> > You're right, ICMP type 69 is pretty darn' invalid - a quick `ipchains -h
> > icmp' makes it obvious that the highest valid ICMP type is 18.
>
> According to ht
Hello
First, and I think most ipmortant thing would be to upgrade all
mission-critical applications you are using. For sure you have to upgrade
OpenSSH nad Exim. (run apt-setup, then apt-get update followed by apt-get
upgrade).
Second think would be to block all unwanted connection by iptables (ma
Hello
First, and I think most ipmortant thing would be to upgrade all
mission-critical applications you are using. For sure you have to upgrade
OpenSSH nad Exim. (run apt-setup, then apt-get update followed by apt-get
upgrade).
Second think would be to block all unwanted connection by iptables (m
On Fri, May 17, 2002 at 11:44:16PM +0800, Patrick Hsieh wrote:
> Hello list,
>
> I have a heavy smtp server and recently I got a lot messages like
>
> May 17 22:53:24 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
> May 17 22:54:25 ms2 kernel: possible SYN flooding on port 25. Sen
On Fri, May 17, 2002 at 11:44:16PM +0800, Patrick Hsieh wrote:
> Hello list,
>
> I have a heavy smtp server and recently I got a lot messages like
>
> May 17 22:53:24 ms2 kernel: possible SYN flooding on port 25. Sending cookies.
> May 17 22:54:25 ms2 kernel: possible SYN flooding on port 25. Se
On Mon, May 06, 2002 at 01:47:54PM -0700, Vineet Kumar wrote:
> This setup will work fine most of the time, but mysteriously fail when
> replies to your DNS queries are long. Your resolver tries to ask udp/53,
> but will need to connect to tcp/53 if the result is longer than can fit
> in a single u
On Mon, May 06, 2002 at 01:47:54PM -0700, Vineet Kumar wrote:
> This setup will work fine most of the time, but mysteriously fail when
> replies to your DNS queries are long. Your resolver tries to ask udp/53,
> but will need to connect to tcp/53 if the result is longer than can fit
> in a single
Hello
Try to add following lines into your firewall script:
iptables -A INPUT -p udp -i $DEV -s 0/0 --sport 53 -j ACCEPT
iptables -A INPUT -p udp -i $DEV -s 0/0 -j DROP
iptables -A OUTPUT -p udp -i $DEV -d 0/0 --dport 53 -j ACCEPT
Works fine with my firewall...
--
Michael "carstein" Melewski
Hello
Try to add following lines into your firewall script:
iptables -A INPUT -p udp -i $DEV -s 0/0 --sport 53 -j ACCEPT
iptables -A INPUT -p udp -i $DEV -s 0/0 -j DROP
iptables -A OUTPUT -p udp -i $DEV -d 0/0 --dport 53 -j ACCEPT
Works fine with my firewall...
--
Michael "carstein" Melewski
On Sun, May 05, 2002 at 06:24:23PM +1000, William Law wrote:
> Rauno,
>
> What it looks like is that openssh is having to perform a
> username/password lookup for the user you are trying to log in as,
> creating the delay. For root, the openssh daemon has already been told
> that this user
On Sun, May 05, 2002 at 06:24:23PM +1000, William Law wrote:
> Rauno,
>
> What it looks like is that openssh is having to perform a
> username/password lookup for the user you are trying to log in as,
> creating the delay. For root, the openssh daemon has already been told
> that this user
> well, it's better to replace DROP by ACCEPT in this last line if you want to
> accept the packets ;)
Damm ;)
Sure you are right; sorry , my fault.
I was a bit sleepy while writing this
--
Michael "carstein" Melewski | "One day, he said, in a taped segment
[EMAIL PROTECTED]
> well, it's better to replace DROP by ACCEPT in this last line if you want to
> accept the packets ;)
Damm ;)
Sure you are right; sorry , my fault.
I was a bit sleepy while writing this
--
Michael "carstein" Melewski | "One day, he said, in a taped segment
[EMAIL PROTECTED]
On Fri, Apr 12, 2002 at 11:17:38AM +0200, Lars Roland Kristiansen wrote:
> Hi - i have just installed an mailserver with postfix and wu-imap/pop3
> now i just want to have iptables running. I am no iptables guro, i just
> want to close all exept from ssh(port 22), pop3(port 110) and
> imap(port143
On Fri, Apr 12, 2002 at 11:17:38AM +0200, Lars Roland Kristiansen wrote:
> Hi - i have just installed an mailserver with postfix and wu-imap/pop3
> now i just want to have iptables running. I am no iptables guro, i just
> want to close all exept from ssh(port 22), pop3(port 110) and
> imap(port14
> Yikes! I guess, you didn't remove inetd that way, right? But how then?
I think that you should just turn it off :)
'Don't' use isn't equal to 'wipe it out'
> Namarie!
> Juku
--
Michael "carstein" Melewski | "One day, he said, in a taped segment
[EMAIL PROTECTED]|
> Yikes! I guess, you didn't remove inetd that way, right? But how then?
I think that you should just turn it off :)
'Don't' use isn't equal to 'wipe it out'
> Namarie!
> Juku
--
Michael "carstein" Melewski | "One day, he said, in a taped segment
[EMAIL PROTECTED] |
21 matches
Mail list logo
