Kurt Roeckx writes:
> On Fri, May 30, 2014 at 10:43:56PM +1000, Alfie John wrote:
>> On Fri, May 30, 2014, at 10:24 PM, Michael Stone wrote:
>> > On Fri, May 30, 2014 at 10:15:01PM +1000, Alfie John wrote:
>> > >The public Debian mirrors seem like an obvious target for governments to
>> > >MITM.
On Mon, 30 Jan 2012 22:26:50 +0100, Yves-Alexis Perez wrote:
> On lun., 2012-01-30 at 14:08 +, Ben Hutchings wrote:
> > On Mon, 2012-01-30 at 11:05 +0100, Yves-Alexis Perez wrote:
> > > (adding few CC:s to keep track on the bug)
> > >
> > > On dim., 2012-01-29 at 21:26 +, Ben Hutchings wr
On Tue, 17 May 2011 11:39:58 -0300, "OLCESE, Marcelo Oscar."
wrote:
> Marcelo Oscar OlceseDear:
>
> Upgraded debian 5 to 6 and now I have some mistakes.
>
> Know they can be?
> - Cron Begin
>
> Errors when running cron:
> grandchild #27213 fa
* Karl Goetz [2009-06-11 08:25-0400]:
> On Wed, 10 Jun 2009 11:05:13 -0400
> Micah Anderson wrote:
>
> > * Karl Goetz [2009-06-10 03:44-0400]:
> > > On Tue, 2 Jun 2009 00:14:45 -0400
> > > Micah Anderson wrote:
>
>
> > > Odd. I've just d
* Karl Goetz [2009-06-10 03:44-0400]:
> On Tue, 2 Jun 2009 00:14:45 -0400
> Micah Anderson wrote:
>
> Thanks for your response, sorry about my delay getting back to you.
>
> > * Karl Goetz [2009-06-01 23:31-0400]:
> > > The suggestion in #vserver was "
* Karl Goetz [2009-06-01 23:31-0400]:
> The suggestion in #vserver was "if you manage to get a host path on a
> recent (non broken, i.e. non-debian :) kernel and util-vserver, then it
> is considered a bug and will be fixed ASAP ... because that basically
> means that the namespace isolation is no
* Steffen Joeris [2009-03-18 18:48-0400]:
> On Thu, 19 Mar 2009 09:19:28 am Micah Anderson wrote:
[snip: removed some unrelated stuff to move discussion to
debian-security, please reply there]
> > On a somewhat tangential note, I've been asked a number of times by
> > peopl
>>On Wed, 31 Dec 2008, Micah Anderson wrote:
>>
>> Does anyone have a legitimate reason to trust any particular Certificate
>> Authority?
> Yves-Alexis Perez writes:
>
> > I may be wrong, but I trust the CAs in ca-certif
* bgr...@toplitzer.net [2008-12-31 05:47-0500]:
> On Mittwoch, 31. Dezember 2008, Cristian Ionescu-Idbohrn wrote:
> > http://www.win.tue.nl/hashclash/rogue-ca/
> >
> > Could some skilled person comment on the article?
> >
> > I noticed around 20 certificates distributed with the package
> > ca-cer
* Michael Tautschnig <[EMAIL PROTECTED]> [2008-08-21 09:24-0400]:
> > * Michael Tautschnig <[EMAIL PROTECTED]> [2008-08-21 07:35-0400]:
> > > Hi all,
> > >
> > > since two days (approx.) I'm seeing an extremely high number of apparently
> > > coordinated (well, at least they are trying the same li
* Jakov Sosic <[EMAIL PROTECTED]> [2008-08-21 09:11-0400]:
> On Thursday 21 August 2008 16:57:27 Max Zimmermann wrote:
>
> > The problem with reporting the IPs is, that it can become a very big
> > task, as the number of IPs denyhosts blocks increases.
>
> You can always write a script that will
* Michael Tautschnig <[EMAIL PROTECTED]> [2008-08-21 07:35-0400]:
> Hi all,
>
> since two days (approx.) I'm seeing an extremely high number of apparently
> coordinated (well, at least they are trying the same list of usernames) brute
> force attempts from IP addresses spread all over the world. I
* Michael Stone <[EMAIL PROTECTED]> [2008-07-17 08:09-0400]:
> On Thu, Jul 17, 2008 at 04:46:54PM +0200, Daniel Leidert wrote:
>> Today there were some news about a study from the University of Arizona
>> regarding security issues with package management systems (like apt). I
>> did not yet read th
* s. keeling <[EMAIL PROTECTED]> [2008-07-09 17:31-0400]:
> Micah Anderson <[EMAIL PROTECTED]>:
> > * Wolfgang Jeltsch <[EMAIL PROTECTED]> [2008-07-09 13:31-0400]:
> > > > > configure it to only listen on 127.0.0.1,
> > >
> > > How do
* Wolfgang Jeltsch <[EMAIL PROTECTED]> [2008-07-09 13:31-0400]:
> > > configure it to only listen on 127.0.0.1,
>
> How do I do this? dpkg-reconfigure doesn’t help.
I think the bind9 package comes configured this way by default in
Debian (a caching-only local nameserver).
Micah
--
To UNSUBSCR
* Joey Hess <[EMAIL PROTECTED]> [2008-05-15 09:57-0400]:
> Juha Jäykkä wrote:
> > Just count how many times you've used GPG over one of
> > the weak links...
>
> Zero!
>
> Zero gpg invocations over network links!
This is Just to Say
I have invoked
gpg
over the
network links
and which
was pro
* Simon Valiquette <[EMAIL PROTECTED]> [2008-05-14 16:36-0400]:
>
>> Affected keys include SSH keys [...] and session keys used
> > in SSL/TLS connections.
>
> It seems that people are insisting quite a lot on the bad keys, but
> what worry me a lot more is that, apparently and very logically,
* Stefan Novak <[EMAIL PROTECTED]> [071212 01:39]:
> Hello!
>
> http://www.squid-cache.org/Advisories/SQUID-2007_2.txt
This is CVE-2007-6239[1].
> Will there be a patch für Debian Etch?
Etch and Sarge are vulnerable, the issue is known to the squid
maintainer and the security team[2].
1. http
* Florian Weimer <[EMAIL PROTECTED]> [070725 01:36]:
> Will there be a timely security update for BIND 9, or does it make
> sene to roll your own?
There is a security update for this issue being put together since
yesterday, its in the testing phase now.
Speaking of this issue... this problem exi
You are missing:
deb http://security.debian.org/ etch/updates main
micah
Tomasz Ciolek wrote:
Hi All
have packages for these updates:
[DSA 1308-1] New iceweasel packages
[DSA 1309-1] New PostgreSQL 8.1
[DSA 1310-1] New libexif packages
been uploaded to the repositories and added to Release
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Kevin B McCarty ([EMAIL PROTECTED]) wrote:
> Did the announcement for DSA 1193-1 cause Thunderbird to crash
> for anyone else? (I was reading it in Thunderbird 1.5.0.7 on
> Mac OS X with the Enigmail extension installed, so it may not happen
> on a De
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Gerhard Kroder wrote:
> Hi,
>
> i want to stop sshd account testing by scripties witht the followoing
> iptables/bash script, but it won't do what i thougt. On a sarge test
> host with 2 aliased nic (eth0:1 and eth0:2), this script loads
> correctl
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Michael Stone wrote:
> On Wed, Nov 23, 2005 at 10:53:46PM -0800, Thomas Bushnell BSG wrote:
>
>> In the case of galeon, for example, there is no bug, because it can
>> restart with the old state.
>
>
> Of course, if there's a page that causes the
Sorry for the email with the maligned from address in that last message
(debian-security@lists.debian.org), I'm trying out mozilla-thunderbird
with a virtual identity extention that seems to construct odd from
lines, that message was not from debian-security@lists.debian.org, so
don't take it as su
Alvin Oga schrieb am Wednesday, den 29. June 2005:
>
> On Wed, 29 Jun 2005, Micah Anderson wrote:
>
> > > i think you can search thru the debian security archives just as
> > > easily as i can or in fact even more easily since yu have a debian acct ??
> >
Alvin Oga schrieb am Wednesday, den 29. June 2005:
>
> On Wed, 29 Jun 2005, Micah Anderson wrote:
>
> > Alvin Oga schrieb am Tuesday, den 28. June 2005:
> >
> > You sent an email where about what and got no response? I did not see
> > your offer to help come
Alvin Oga schrieb am Tuesday, den 28. June 2005:
> On Tue, 28 Jun 2005, Micah Anderson wrote:
>
> > Alvin Oga schrieb am Tuesday, den 28. June 2005:
> >
> > If you are interested in testing security, then there is a group
> > working on this project. Here is some in
Alvin Oga schrieb am Tuesday, den 28. June 2005:
[snip]
> etch/testing where are the security patches ??
> - i want it to also have latest apps i care about
> ( latest kernels, latest apache, latest xxx, .. )
>
> - this is the parts i'm interested in structuring for security
The way you can tell is to get the debian source of apache, look at
the patch referenced via those URLs and see if it has been applied to
the debian source. If it has been, then the problem has been resolved
in Debian. If it hasn't been, then either the problem is unknown and
you should file a bug
Fixed in 2.6.8-15 (see #300838)
Things that show up in that list are unresolved items, if it doesn't
show up there then it is resolved.
Micah
On Wed, 30 Mar 2005, Geoff Crompton wrote:
> On http://merkel.debian.org/~joeyh/testing-security.html this CAN is
> listed, as waiting for a 2.4.27-9 t
On Wed, 16 Mar 2005, Frank Küster wrote:
> Frank Küster <[EMAIL PROTECTED]> wrote:
>
> > Micah Anderson <[EMAIL PROTECTED]> wrote:
> >
> >> 7. Is our xpdf vulnerable to CAN-2005-0206[13]?
> >
> > This also needs to be checked for pdftex (in te
On Thu, 17 Mar 2005, Micah Anderson wrote:
> I think that the best course of action with regards to this query is
> to send a message to [EMAIL PROTECTED] asking this very question.
> The maintainers of this package are probably not paying attention to
> debian-security, but would res
I think that the best course of action with regards to this query is
to send a message to [EMAIL PROTECTED] asking this very question.
The maintainers of this package are probably not paying attention to
debian-security, but would respond to this query. Although the bug has
been closed, by sending
[ note: Reply-To: set to debian-devel ]
This is a quick summary of the Debian Testing Security Team[1] work
and a request for some aid to help sort out some difficult Sarge
security problems.
Contents of this message:
What the Testing Security Team has been up to
How can I leverag
Marc Haber schrieb am Friday, den 18. February 2005:
> On Fri, Feb 18, 2005 at 04:40:56AM -0800, Harry wrote:
> > --- Marc Haber <[EMAIL PROTECTED]> wrote:
> > > What does this gain you? A compomised uml is as bad as a compromised
> > > system.
> >
> Nice idea. However, if somebody roots one of t
Hello,
Thank you for providing this entire list with a trouble ticket through
your poorly setup request tracker software, it is nice to know we have
two of these today because we know you are on top of things and will
get back to us as soon as you can.
These are obviously very important announce
I have seen that also, but that doesn't help me understand if there is
official security support for sarge yet or not?
Micah
On Fri, 20 Aug 2004, Felipe Massia Pereira wrote:
> Micah Anderson wrote:
>
> >According to [EMAIL PROTECTED] message posted by
> >Steve Langase
According to [EMAIL PROTECTED] message posted by
Steve Langasek on Mon, 2 Aug 2004 00:11:55:
Aug. 8: Official security support for sarge begins
Anyone have any updates on this? Is it happening, is it delayed, what
can we do to help?
micah
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a s
On Tue, 15 Jun 2004, Alvin Oga wrote:
>
> hi ya
>
> On Wed, 16 Jun 2004, TiM wrote:
>
> >
> > Look at installing mod_security, http://modsecurity.org
> >
> > Install some rules for it to harden your webserver, see if anything is
> > flagged in the security log.
>
> other web server testing
On Tue, 15 Jun 2004, Alvin Oga wrote:
>
> hi ya
>
> On Wed, 16 Jun 2004, TiM wrote:
>
> >
> > Look at installing mod_security, http://modsecurity.org
> >
> > Install some rules for it to harden your webserver, see if anything is
> > flagged in the security log.
>
> other web server testing
Try kedpm, its a debian package, and has console as well as GUI
support and uses the FPM data, really nice.
micah
On Tue, 15 Jun 2004, Kenneth Jacker wrote:
> al> what does everyone else use to keep track of all there passwords?
>
> I've used 'tkpasman' for years ... nice!
>
> http://www
Try kedpm, its a debian package, and has console as well as GUI
support and uses the FPM data, really nice.
micah
On Tue, 15 Jun 2004, Kenneth Jacker wrote:
> al> what does everyone else use to keep track of all there passwords?
>
> I've used 'tkpasman' for years ... nice!
>
> http://www
Yes, Tripwire is GPLd, if you dont mind the March 3, 2001 version.
Their commercial version is much newer however
micha
On Thu, 22 Apr 2004, Noah Meyerhans wrote:
> On Fri, Apr 23, 2004 at 02:48:33AM +0200, Marcin Orda wrote:
> > I've got tripwire packages that I use internally at work. The
Yes, Tripwire is GPLd, if you dont mind the March 3, 2001 version.
Their commercial version is much newer however
micha
On Thu, 22 Apr 2004, Noah Meyerhans wrote:
> On Fri, Apr 23, 2004 at 02:48:33AM +0200, Marcin Orda wrote:
> > I've got tripwire packages that I use internally at work. The
With the rash of security gaffs in the kernel related to mmap and
mremap, does it make anyone else nervous to see the following in the
changelog for 2.4.26:
o mremap NULL pointer dereference fix
If this was a security concern, would it be noted in the changelog?
Additionally, the 2.4.25 kernel
With the rash of security gaffs in the kernel related to mmap and
mremap, does it make anyone else nervous to see the following in the
changelog for 2.4.26:
o mremap NULL pointer dereference fix
If this was a security concern, would it be noted in the changelog?
Additionally, the 2.4.25 kernel
Hey all,
I am looking for some scanners which look for known vulnerabilities in
different web software.
I have a collegue who runs a community web server with some 100
different sites and almost half that in different CMS', blogs,
publishing software, formmail scripts, postnuke, phpnuke, drupal,
Hey all,
I am looking for some scanners which look for known vulnerabilities in
different web software.
I have a collegue who runs a community web server with some 100
different sites and almost half that in different CMS', blogs,
publishing software, formmail scripts, postnuke, phpnuke, drupal,
They are clean.
On Fri, 05 Dec 2003, Mo Zhen Guang wrote:
> Hi,
>
> I am going to install a few new debian servers, but I worry about the
> integratity of the packages because of the incident of compromised debian
> servers some days ago.
>
> Can anybody confirm me if these servers are clean no
They are clean.
On Fri, 05 Dec 2003, Mo Zhen Guang wrote:
> Hi,
>
> I am going to install a few new debian servers, but I worry about the
> integratity of the packages because of the incident of compromised debian
> servers some days ago.
>
> Can anybody confirm me if these servers are clean no
On Tue, 02 Dec 2003, Rick Moen wrote:
> Quoting Micah Anderson ([EMAIL PROTECTED]):
>
> > I want to chime in here also, I too was unhappy that I did not know
> > about a local root exploit in 2.4.22 until the Debian machines were
> > compromised in this manner. I think
On Tue, 02 Dec 2003, Michael Stone wrote:
> On Tue, Dec 02, 2003 at 01:35:51PM -0600, Micah Anderson wrote:
> >I want to chime in here also, I too was unhappy that I did not know
> >about a local root exploit in 2.4.22 until the Debian machines were
> >compromised in this man
On Tue, 02 Dec 2003, Rick Moen wrote:
> Quoting Micah Anderson ([EMAIL PROTECTED]):
>
> > I want to chime in here also, I too was unhappy that I did not know
> > about a local root exploit in 2.4.22 until the Debian machines were
> > compromised in this manner. I think
On Tue, 02 Dec 2003, Michael Stone wrote:
> On Tue, Dec 02, 2003 at 01:35:51PM -0600, Micah Anderson wrote:
> >I want to chime in here also, I too was unhappy that I did not know
> >about a local root exploit in 2.4.22 until the Debian machines were
> >compromised in this man
I want to chime in here also, I too was unhappy that I did not know
about a local root exploit in 2.4.22 until the Debian machines were
compromised in this manner. I think a lot of people were in the same
boat (not to mention the debian folks). I watch kerneltrap, kernel
traffic, and slashdot fairl
I want to chime in here also, I too was unhappy that I did not know
about a local root exploit in 2.4.22 until the Debian machines were
compromised in this manner. I think a lot of people were in the same
boat (not to mention the debian folks). I watch kerneltrap, kernel
traffic, and slashdot fairl
Try the package "falselogin"
micah
Javier Fern?ndez-Sanguino Pe?a schrieb am Thursday, den 23. October 2003:
> On Wed, Oct 22, 2003 at 09:45:24AM +0200, Tobias Reckhard wrote:
> > Hi
> >
> > We recently noticed that a stock woody install produces an /etc/passwd
> > in which most, if not all, s
Try the package "falselogin"
micah
Javier Fern?ndez-Sanguino Pe?a schrieb am Thursday, den 23. October 2003:
> On Wed, Oct 22, 2003 at 09:45:24AM +0200, Tobias Reckhard wrote:
> > Hi
> >
> > We recently noticed that a stock woody install produces an /etc/passwd
> > in which most, if not all, s
Pretty exciting... is there any place that we can track the progress
of this? I'm very interested to make an assessment of what is going on
to determine if I should just patch the existing logcheck so that it
stops sending me attack alerts, or if I should wait for this overhaul
to come out.
Thanks
Pretty exciting... is there any place that we can track the progress
of this? I'm very interested to make an assessment of what is going on
to determine if I should just patch the existing logcheck so that it
stops sending me attack alerts, or if I should wait for this overhaul
to come out.
Thanks
On Mon, 06 Oct 2003, Noah L. Meyerhans wrote:
>
> You don't have much evidence that it's a security issue at this point.
> Logcheck's "active system attack" messages rarely indicate such a thing.
> Don't do anything drastic like reinstall the system until you've got
> better evidence that you've b
On Mon, 06 Oct 2003, Noah L. Meyerhans wrote:
>
> You don't have much evidence that it's a security issue at this point.
> Logcheck's "active system attack" messages rarely indicate such a thing.
> Don't do anything drastic like reinstall the system until you've got
> better evidence that you've b
This is not a security issue, as far as I can tell. Take a look at
/etc/cron.daily/man-db and see what it does. You will see something
like this:
# regenerate man database
if [ -x /usr/bin/mandb ]; then
# --pidfile /dev/null so it always starts; mandb isn't really a
# but we want to start
This is not a security issue, as far as I can tell. Take a look at
/etc/cron.daily/man-db and see what it does. You will see something
like this:
# regenerate man database
if [ -x /usr/bin/mandb ]; then
# --pidfile /dev/null so it always starts; mandb isn't really a
# but we want to start
On Mon, 14 Jan 2002, Daniel Polombo wrote:
> Adam Warner wrote:
> Well, maybe you should follow Tim's advice and go check the security team's
> FAQ :
>
>Q: How is security handled for testing and unstable?
>
>A: The short answer is: it's not. Testing and unstable are rapidly moving
>
On Mon, 14 Jan 2002, Daniel Polombo wrote:
> Adam Warner wrote:
> Well, maybe you should follow Tim's advice and go check the security team's
> FAQ :
>
>Q: How is security handled for testing and unstable?
>
>A: The short answer is: it's not. Testing and unstable are rapidly moving
>
Potato has 1.2-14 as its latest for poppasswd... I agree that
v1.8-ceti would be a better solution, especially considering the
security issues you cited. What does it take to get this version into
the security updates? A bug filed?
Micah
On Wed, 09 Jan 2002, Steve Mickeler wrote:
>
> I'm using
Potato has 1.2-14 as its latest for poppasswd... I agree that
v1.8-ceti would be a better solution, especially considering the
security issues you cited. What does it take to get this version into
the security updates? A bug filed?
Micah
On Wed, 09 Jan 2002, Steve Mickeler wrote:
>
> I'm usin
On Fri, 16 Nov 2001, Mathias Gygax wrote:
> > well, i thought this is the definition of root.
>
> no. with LIDS you can protect files and syscalls even from root. in my
> setup, root cannot even write to his own home directory.
No, you can't. No matter how you cut it, root can install a new
kern
On Fri, 16 Nov 2001, Mathias Gygax wrote:
> > well, i thought this is the definition of root.
>
> no. with LIDS you can protect files and syscalls even from root. in my
> setup, root cannot even write to his own home directory.
No, you can't. No matter how you cut it, root can install a new
ker
Got what appears to be a "crc32 compensation attack in my logs today,
about 10 minutes worth of these types of messages should I be
worried? Should I laugh at this feable attempt to break in? Should I
gnaw my fingernails with my shotgun on my lap?
> Active System Attack Alerts
> =-=-=-=-=-=-=
Got what appears to be a "crc32 compensation attack in my logs today,
about 10 minutes worth of these types of messages should I be
worried? Should I laugh at this feable attempt to break in? Should I
gnaw my fingernails with my shotgun on my lap?
> Active System Attack Alerts
> =-=-=-=-=-=-
I was thinking it would be nice to see what sort of new setuid
programs show up on my box each day... then I noticed that these are
already being logged in /var/log/setuid.today and
/var/log/setuid.yesterday. What makes these? It appears they come from
/etc/cron.daily/standard which runs /usr/sbin/
I was thinking it would be nice to see what sort of new setuid
programs show up on my box each day... then I noticed that these are
already being logged in /var/log/setuid.today and
/var/log/setuid.yesterday. What makes these? It appears they come from
/etc/cron.daily/standard which runs /usr/sbin
Not all mutt users use vi, as a pager I use most, as an editor I use
jed. These things can be configured.
On Tue, 18 Sep 2001, Andres Salomon wrote:
> Aside from the fact that it's a pretty big IF; I'm not aware of too many
> mail clients that use pagers. mutt uses vi, pine uses pico, X based M
Not all mutt users use vi, as a pager I use most, as an editor I use
jed. These things can be configured.
On Tue, 18 Sep 2001, Andres Salomon wrote:
> Aside from the fact that it's a pretty big IF; I'm not aware of too many
> mail clients that use pagers. mutt uses vi, pine uses pico, X based
On Mon, 09 Jul 2001, Jason Healy wrote:
> About the best you can hope for is to log to another machine (so
> sudoers can't hose your logfiles), and be vigilant about checking what
> they do.
>
> Anyway, to your point about passwords, I say again (do we detect a
> theme?): use PAM and make them us
On Mon, 09 Jul 2001, Jason Healy wrote:
> About the best you can hope for is to log to another machine (so
> sudoers can't hose your logfiles), and be vigilant about checking what
> they do.
>
> Anyway, to your point about passwords, I say again (do we detect a
> theme?): use PAM and make them u
I agree with this assessment of Andreas' - in fact this is what we use in
our organization. Unfortunately we don't have the luxury of fully trusting
admins, so I am a little paranoid about giving out full-on sudo to people,
but this is mostly a personnel issue having to do with the nature of the
in
I agree with this assessment of Andreas' - in fact this is what we use in
our organization. Unfortunately we don't have the luxury of fully trusting
admins, so I am a little paranoid about giving out full-on sudo to people,
but this is mostly a personnel issue having to do with the nature of the
i
I am interested in finding a way to make apache be pseudo-anonymous in its
logging. Your actions would be traced to your pseudonym, but NEVER to
your actual identity. I've got some php scripts that currently act on IP
addresses to see if you've already done something so you don't do it
I am interested in finding a way to make apache be pseudo-anonymous in its
logging. Your actions would be traced to your pseudonym, but NEVER to
your actual identity. I've got some php scripts that currently act on IP
addresses to see if you've already done something so you don't do it
One additional tweak which falls into line with the security setups, that I
think is a good idea is to made the log files in /var/log to be chattr +a
(append only) so logfiles cannot be modified or removed altogether to cover
up tracks. This isn't the the biggest security trick because all it does
One additional tweak which falls into line with the security setups, that I
think is a good idea is to made the log files in /var/log to be chattr +a
(append only) so logfiles cannot be modified or removed altogether to cover
up tracks. This isn't the the biggest security trick because all it does
Noticed a weird entry in my firewall logs, it is listed as protocol 54, but
according to /etc/protocols that doens't exist, anyone know what this is?
Mar 5 23:12:20 stall kernel: Packet log: input REJECT eth0 PROTO=54
165.230.59.207:65535 x.x.x.x:65535 L=68 S=0x00 I=0 F=0x
T=10O=0x0494 (#
Noticed a weird entry in my firewall logs, it is listed as protocol 54, but
according to /etc/protocols that doens't exist, anyone know what this is?
Mar 5 23:12:20 stall kernel: Packet log: input REJECT eth0 PROTO=54
165.230.59.207:65535 x.x.x.x:65535 L=68 S=0x00 I=0 F=0x
T=10O=0x0494 (
We are currently running woody on a production machine (yes, I am not that
happy about that decision). Woody does not get potato's security updates,
and does not get new unstable security fixes in a timely fashion. This
leaves woody vulnerable to certain kinds of problems, particularly
distressing
We are currently running woody on a production machine (yes, I am not that
happy about that decision). Woody does not get potato's security updates,
and does not get new unstable security fixes in a timely fashion. This
leaves woody vulnerable to certain kinds of problems, particularly
distressing
Ah, looking at my firewall I've got:
-A output -s 127.0.0.1/255.0.0.0 -d 127.0.0.1/255.0.0.0 -p 17 -j ACCEPT
-A output -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j REJECT -l
-A output -s 0.0.0.0/0.0.0.0 -d 127.0.0.0/255.0.0.0 -j REJECT -l
-A input -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
I am getting a lot of entries in my logs with the following entries from
ipchains, I can't quite figure out what port 3 is supposed to be. After
searching for some time I seem to have found a solution on a site whose
explanation is only in Danish, which I am very inefficient in:
Feb 10 15:11:39 s
Ah, looking at my firewall I've got:
-A output -s 127.0.0.1/255.0.0.0 -d 127.0.0.1/255.0.0.0 -p 17 -j ACCEPT
-A output -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j REJECT -l
-A output -s 0.0.0.0/0.0.0.0 -d 127.0.0.0/255.0.0.0 -j REJECT -l
-A input -s 127.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j DENY
I am getting a lot of entries in my logs with the following entries from
ipchains, I can't quite figure out what port 3 is supposed to be. After
searching for some time I seem to have found a solution on a site whose
explanation is only in Danish, which I am very inefficient in:
Feb 10 15:11:39
Yeap, I did a little snooping around myself. I watched eth0 with tcpdump
and grepped for 10.0.0.1, after a bit I found one. It is coming in from my
external interface, probably is a machine over at my ISP's that was set up
with that IP... I might have to call them up.
Micah
On Fri, Aug 11, 200
ed, Aug 09, 2000 at 09:15:33PM +0200, Ron Rademaker wrote:
> Well, you are already telling it to 'shut up' by denying it. If you don't
> want the denies to show up in your logs, you'll just have to put off the
> logging option in ipchains.
>
> Ron Rademaker
Every few minutes I see the following show up in my log:
Aug 8 00:03:17 riseup kernel: Packet log: input DENY eth0 PROTO=17
+10.0.0.1:1999 255.255.255.255:1999 L=94 S=0x00 I=638 F=0x4000 T=1 (#4)
Aug 8 00:49:40 riseup kernel: Packet log: input DENY eth0 PROTO=17
+10.0.0.1:1999 255.255.25
Is there any detrimental effect to disabling broadcast ICMP on the Linux
side? Esseentiall doing a echo 1 >
/proc/sys/net/ipv4/icmp_echo_ignore_broadcasts?
On Thu, Jul 27, 2000 at 09:46:14AM -0400, Michael Stone wrote:
> On Thu, Jul 27, 2000 at 01:15:13PM +0100, Nuno Faria wrote:
> > Ranko Vesel
96 matches
Mail list logo
