Michelle Konzack wrote:
> Am 2006-08-20 14:49:53, schrieb kevin bailey:
>> Why is portmap installed by default on a vanilla basic Debian Sarge
>> install?
>
> Sorry, but portmap is NOT installed...
>
> This was changed from Woody->Sarge and I was surprised too,
&
Mike Hommey wrote:
> On Sun, Aug 20, 2006 at 02:49:53PM +0100, kevin bailey
> <[EMAIL PROTECTED]> wrote:
>> Why is portmap installed by default on a vanilla basic Debian Sarge
>> install?
>>
>> As far as I can see this is mainly used by by NFS and NIS - so i
Why is portmap installed by default on a vanilla basic Debian Sarge install?
As far as I can see this is mainly used by by NFS and NIS - so if we're not
using either of these then why should it be installed.
I'm asking mainly because chkrootkit is reporting what seems like a false
positive due to
Adrian von Bidder wrote:
> On Thursday 15 December 2005 23.54, Noah Meyerhans wrote:
>> given the choice between having your users use weak but easy to remember
>> passwords and having them use complex passwords that they have to write
>> down,
>
> My experience suggests that users use weak passw
>
>On Thu, Dec 15, 2005 at 12:35:09PM +, kevin bailey wrote:
>} hi,
>}
>} these ports seem to be open by default on a standard sarge setup
>}
>} PORT STATESERVICE
>} 9/tcpopen discard
Useless. Turn it off.
will do
} 13/tcp open daytime
Noah Meyerhans wrote:
> On Thu, Dec 15, 2005 at 06:46:02PM +0100, Florian Weimer wrote:
>> > It may be nothing. The fact that it showed up as filterd in the nmap
>> > output indicates that nmap didn't received a TCP RST packet back when
>> > it
>> > tried to contact that port. That may mean you
Will Maier wrote:
> On Thu, Dec 15, 2005 at 12:35:09PM +0000, kevin bailey wrote:
>> these ports seem to be open by default on a standard sarge setup
> [...]
>
> Not a standard, default setup; you've installed and enabled other
> services which aren't turned on by
Dale Amon wrote:
> On Thu, Dec 15, 2005 at 12:35:09PM +0000, kevin bailey wrote:
>> what is
>> 1720/tcp filtered H.323/Q.931
>
> Are you running any VOIP? H323 is the standard for telephone
> interchanges.
>
>> and how do i turn it off if it is uneccessary.
>
Noah Meyerhans wrote:
> On Thu, Dec 15, 2005 at 12:35:09PM +0000, kevin bailey wrote:
>> the service:
>> 443/tcp open https
>> is used to protect the webmail service. it is meant to stop the email
>> passwords from being sniffed.
>
> If you're concer
Dale Amon wrote:
> On Thu, Dec 15, 2005 at 12:27:01PM +0000, kevin bailey wrote:
>> 2. firewall
>> not i'm not sure about the need for a firewall - i may need to access the
>> server over ssh from anywhere. also, to run FTP doesn't the server need
>> to b
Will Maier wrote:
> On Thu, Dec 15, 2005 at 12:27:01PM +0000, kevin bailey wrote:
>> now i've generally relied on debian issuing security patches but i
>> thought i should be more proactive RE security.
>
> This is very important, as you're now aware. The most secu
tomasz abramowicz wrote:
> kevin bailey wrote:
>> hi,
>>
>> was recently rootkitted on a debian machine because i'd left an obscure
>> service running.
>
> which one?
>
i though it was webmin - but now i'm not so sure - i thought there was a
vu
Matt wrote:
> Kevin -
>
> kevin bailey wrote:
>> 1. before attaching server to network install and configure tripwire.
>>
>> and could possibly put key executables on to CD-ROM and leave them in the
>> server.
> In todays same day exploits, using something
Alvin Oga wrote:
>
>
> On Thu, 15 Dec 2005, kevin bailey wrote:
>
>> was recently rootkitted on a debian machine because i'd left an obscure
>> service running.
>
> if you know how they got in .. i assume oyu have since fixed it
my guess it was the m
> You can limit your FTP server to listen for data connections on a
> specific port only (eg, ftp-data, or 20). Then you only have to allow
> connections to ports 20 and 21.
but after the initial connection doesn't the server then wait for the data
connection on a port in a range above 1065?
>
Jeffrey L. Taylor wrote:
> Quoting kevin bailey <[EMAIL PROTECTED]>:
> [snip]
>> 4. enhance authentication
>>
>> maybe set up ssh access by authorised keys only - but again this has a
>> problem when i need to log in to the server from a putty se
>
> I suggest you set up host based firewalling, where iptables limits
> incoming/forwarding/outgoing traffic to whatever services you are
> running. This is especially important if your running a webserver and
> allow user cgi uploads, or cgi's with vulnerabilities are already
> installed. For ex
hi,
these ports seem to be open by default on a standard sarge setup
PORT STATESERVICE
9/tcpopen discard
13/tcp open daytime
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
37/tcp open time
80/tcp open http
110/tcp open pop3
111/tcp open
hi,
was recently rootkitted on a debian machine because i'd left an obscure
service running.
now i've generally relied on debian issuing security patches but i thought i
should be more proactive RE security.
here's my proposed checklist to carry out for securing a domain server -
i.e. one which
>
> (I hope you don't mind if I publish our correspondence in Linux Gazette,
> http://linuxgazette.net/ .)
>
No problem at all.
Kevin Bailey
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
thanks for the replies.
what with it being several different symptoms i tend to think this is not a
false positive.
cause:
this is an old server which has been running for 4 years.
i have tried out lots of different things on this server and have made the
mistake of leaving unnecessary services
and..
:/usr/local/sbin# /usr/lib/chkrootkit/chkproc -v
PID 4: not in ps output
PID 1769: not in ps output
PID 15688: not in ps output
PID 15690: not in ps output
PID 17760: not in ps output
PID 17762: not in ps output
PID 21583: not in ps output
PID 21585: not in ps output
PID 21919: not in p
hi,
the following output looks like i've been rooted.
i'm in the process of moving all services to another machine and restoring
from backups etc.
could anyone provide any analysis of what attack caused the problem - i
would guess that it's possibly something o do with zope.
thanks,
kev
:/usr
23 matches
Mail list logo
