Re: Remote Root In Nvidia xserver Driver

2006-10-19 Thread Uwe Hermann
No, but have a look at http://nouveau.freedesktop.org/wiki/ and contribute if you can! Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unmaintained-free-software.org signature.asc Description: Digital signature

Updated firewall script.

2006-06-04 Thread Uwe Hermann
Hi, here's a heavily updated firewall script. I have incorporated many of the suggestions and ideas from the lists (especially debian-firewall). Any further comments and improvement-suggestions are still very welcome! Cheers, Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://w

Re: Request for comments: iptables script for use on laptops.

2006-05-26 Thread Uwe Hermann
king something in OUTPUT is reasonable for servers as a stumbling > block if a service got taken over but then it probably won't be long until > the intruder got root access there and removes the rules anyway. True. Of course, it's not a complete "now we're 100% safe" metho

Re: Request for comments: iptables script for use on laptops.

2006-05-26 Thread Uwe Hermann
Hi, On Tue, May 23, 2006 at 07:29:44PM +0400, Konstantin Khomoutov wrote: > On Tue, May 23, 2006 at 04:36:31PM +0200, Uwe Hermann wrote: > > >>> useless. Did I miss anything? > >> Kernel shoots any packet it considers as being "martian" -- e.g. packets >

Re: Request for comments: iptables script for use on laptops.

2006-05-26 Thread Uwe Hermann
; | echo 1 > /proc/sys/net/ipv4/conf/all/rp_filter Um, no. The line is from my own script, but the one from George Hein (which I was referring to) does not have that line. Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.hols

Re: Request for comments: iptables script for use on laptops.

2006-05-26 Thread Uwe Hermann
ldn't be used for authentication on untrusted > networks. (Though they are useful as one layer of security, to mitigate > the risk of vulnerabilities in the encryption routines.) Full ACK. It's one additional layer of security, but should never be relied upon alone. Uwe. -- Uwe Herman

Re: Request for comments: iptables script for use on laptops.

2006-05-23 Thread Uwe Hermann
n which should _not_ be reachable from outside, the firewall will block any traffic to it, and hence any exploit attempts. There are many other valid examples. It's not the concept of a firewall that is flawed, it's relying on IP addresses for authentication which is a bad idea. Uwe.

Re: How to prevent daemons from ever being started?

2006-05-23 Thread Uwe Hermann
also don't like the idea of manually editing files in /etc/init.d... I think policy-rc.d looks like what I want. Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unmaintained-free-software.org signature.asc Description: Digital signature

Re: How to prevent daemons from ever being started?

2006-05-23 Thread Uwe Hermann
on installation of their associated > packages[4] use policy-rc.d, please read > /usr/share/doc/sysv-rcREADME.policy-rc.d.gz for more information." > > I believe all the mechanisms dissuggested in this thread are already there. Yes, policy-rc.d indeed looks like it does what I want

Re: Request for comments: iptables script for use on laptops.

2006-05-23 Thread Uwe Hermann
net access to all those ports? Especially portmap, FTP, CUPS etc? Are you running a server which needs to be reachable from the Internet? Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unm

Re: Request for comments: iptables script for use on laptops.

2006-05-23 Thread Uwe Hermann
iptables... Is there any _real_ reason why sysctl might be better in certain situations? For me /etc/sysctl.conf is not so nice, as I want to be able to download my own script from my website when I'm at other machines which I want to secure. Thus, I'd like to have everything in one sing

Request for comments: iptables script for use on laptops.

2006-05-21 Thread Uwe Hermann
e, Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unmaintained-free-software.org #!/bin/sh #-- # File: fw_laptop # Auth

How to prevent daemons from ever being started?

2006-05-15 Thread Uwe Hermann
manually maintain the contents of the script, adding whatever packages I newly install. That's tedious and error-prone. How would you go about ensuring that _no daemon at all_ is ever started on your system, except when you explicitly type "etc/init.d/foobar start"? Uwe. -- Uwe Her

Re: Hacked too?

2002-01-11 Thread Uwe Hermann
Hi Ed, On Fri, Jan 11, 2002 at 05:46:58PM -0500, Ed Street wrote: > > > > I have run chkrootkit and get > > Anyone have a d/l site for the deb package of this? apt-get install chkrootkit Uwe. -- Uwe Hermann [EMAIL PROTECTED] [EMAIL PROTECTED] | Unmaintained F

Re: Hacked too?

2002-01-11 Thread Uwe Hermann
Hi Ed, On Fri, Jan 11, 2002 at 05:46:58PM -0500, Ed Street wrote: > > > > I have run chkrootkit and get > > Anyone have a d/l site for the deb package of this? apt-get install chkrootkit Uwe. -- Uwe Hermann [EMAIL PROTECTED] [EMAIL PROTECTED] | Unmaintained F