On Thursday 22 May 2003 15:16, Simon Huggins wrote:
> On Thu, May 22, 2003 at 01:50:51PM -0600, xbud wrote:
> > FYI, http://marc.theaimsgroup.com/?|=linux-kernel&m=105271679705571&w=2
>
> You say 2.4 in the subject and it says 2.5 in that report.
>
> Is 2.4 vulnerab
FYI,
http://marc.theaimsgroup.com/?|=linux-kernel&m=105271679705571&w=2
--
--
Orlando Padilla
http://www.g0thead.com/xbud.asc
"I only drink to make other people interesting"
--
On Wednesday 14 May 2003 10:23, Nathan E Norman wrote:
> On Wed, May 14, 2003 at 03:33:36PM +0100, Michael Parkinson wrote:
> > Dear All,
> >
> > Currently implementing a number of modifications to our internal security
> > policies and one addition I am attempting to add is the full logging of
>
Yes,
It's somewhat of a new bug that spawned from the media service advisory on
user enumeration via a timing issue if OpenSSH is compiled with PAM support.
It's not a remote root per say, but mainly an enumeration weakness.
By applying 'nodelay' option for pam_unix.so, this 'feature' is remedie
While that is an option, it's probably unfeasable for his wantings. (Unless
he's the only one connecting to the server).
Anyway a simple stunnel portfoward will do the trick.
WebServer listens on port 80 locally.
stunnel -r 127.0.0.1:80 -d 443
*Note: A valid server certificate and private key
tar up your /proc/ directory
to save a copy of your kcore - it should have useful information unless he
managed to zero out all the memory that was being utilized during the break
in.
turn the box off but make sure it don't delete crap, watch out for logic bombs
or what not.
remove the disk a
Hi Dale,
Stress testing networks can be quite tedious depending on what type of 'real
simulation' you have to abide by.
If you have a budget take a look at an appliance called 'Flame Thrower' I
forget who the vendor is ATM, but it was complete in regaurds to stress
testing IDS's. We used it at
http://www.coresecurity.com/common/showdoc.php?idx=313&idxseccion=10
This went accross several lists a few days ago, I'm forwarding it in case
anyone missed it.
--
--
Orlando Padilla
http://www.g0thead.com/xbud.asc
--
On Wednesday 19 March 2003 09:18, Martynas Domarkas wrote:
> Grsecurity patch can limit ordinary user use ptrace. Can it help avoid
> ptrace exploit?
>
>
> Martynas
yes for the most part limiting access to /proc/self/exe breaks the exploit.
http://www.hardrock.org/kernel/2.4.20/linux-2.4.20-ptrac
On Wednesday 19 March 2003 09:18, Martynas Domarkas wrote:
> Grsecurity patch can limit ordinary user use ptrace. Can it help avoid
> ptrace exploit?
>
>
> Martynas
yes for the most part limiting access to /proc/self/exe breaks the exploit.
http://www.hardrock.org/kernel/2.4.20/linux-2.4.20-ptrac
New one.
The attached module seems to block the currently circulating exploit, I didn't
write it so don't email me if it breaks your system.
On Tuesday 18 March 2003 17:39, Steve Meyer wrote:
> Correct me if I am wrong but is the ptrace vulnerability not a fairly old
> one. By old I mean like a
New one.
The attached module seems to block the currently circulating exploit, I didn't
write it so don't email me if it breaks your system.
On Tuesday 18 March 2003 17:39, Steve Meyer wrote:
> Correct me if I am wrong but is the ptrace vulnerability not a fairly old
> one. By old I mean like a
Your situation is pretty vague, but my guess would be iptables rule is
invalid or just not doing what you want it to do . The reason ftp might
still be working through it is because it uses a high port to do the actual
file transfer.
test your rule with something other than ft protocol nc perh
On Wednesday 29 May 2002 04:38 pm, Rauno Linnam?e wrote:
> On Wed, May 29, 2002 at 03:37:50AM -0500, xbud wrote:
> > On Wednesday 29 May 2002 11:16 am, Rauno Linnamäe wrote:
> > > Hello,
> > >
> > > We are running a Debian (potato) box with Samba as PDC fo
On Wednesday 29 May 2002 11:16 am, Rauno Linnamäe wrote:
> Hello,
>
> We are running a Debian (potato) box with Samba as PDC for user
> authentication and file server for W2k LAN clients. Recently one of our
> notebooks was stolen. As I can identify all the users who have ever logged
> in via that
On Wednesday 29 May 2002 04:38 pm, Rauno Linnam?e wrote:
> On Wed, May 29, 2002 at 03:37:50AM -0500, xbud wrote:
> > On Wednesday 29 May 2002 11:16 am, Rauno Linnamäe wrote:
> > > Hello,
> > >
> > > We are running a Debian (potato) box with Samba as PDC fo
On Wednesday 29 May 2002 11:30 am, Rishi L Khan wrote:
> I looked into shorewall. It doesn't support ipchains, but seawall does.
> Would you suggest updating to iptables or using seawall?
>
> Do you think that Linux 2.4.x is stable yet? If so, which version?
>
The kernel overall I believe is cons
On Wednesday 29 May 2002 11:16 am, Rauno Linnamäe wrote:
> Hello,
>
> We are running a Debian (potato) box with Samba as PDC for user
> authentication and file server for W2k LAN clients. Recently one of our
> notebooks was stolen. As I can identify all the users who have ever logged
> in via that
On Wednesday 29 May 2002 11:30 am, Rishi L Khan wrote:
> I looked into shorewall. It doesn't support ipchains, but seawall does.
> Would you suggest updating to iptables or using seawall?
>
> Do you think that Linux 2.4.x is stable yet? If so, which version?
>
The kernel overall I believe is con
at this very moment in time yes.. if your zlib is up to date..
there is currently no working exploit for this bug.. but one will popup
sooner or later.
-xbud
On Tuesday 12 March 2002 02:19 pm, Martin Hermanowski wrote:
> On bugtraq I read something about openssh being vulnerable to the
>
at this very moment in time yes.. if your zlib is up to date..
there is currently no working exploit for this bug.. but one will popup
sooner or later.
-xbud
On Tuesday 12 March 2002 02:19 pm, Martin Hermanowski wrote:
> On bugtraq I read something about openssh being vulnerable to the
>
Not sure if this made to this list.
I haven't confirmed the following, but thought it was worth forwarding.
-xbud
-- Forwarded Message --
Subject: Exim 3.34 and lower (fwd)
Date: Wed, 13 Feb 2002 11:19:49 -0700 (MST)
From: Dave Ahmad <[EMAIL PROTECTED]>
Not sure if this made to this list.
I haven't confirmed the following, but thought it was worth forwarding.
-xbud
-- Forwarded Message --
Subject: Exim 3.34 and lower (fwd)
Date: Wed, 13 Feb 2002 11:19:49 -0700 (MST)
From: Dave Ahmad <[EMAIL PROTECTED]>
To: [EMAI
ourse this might not be the solution you are
looking for.
-xbud
On Thursday 27 December 2001 09:27 am, Pedro Zorzenon Neto wrote:
> Hi Friends,
>
> I am developing a software to provide access control to users of a
> network.
> The gateway has ipchains rules to DENY packet
ourse this might not be the solution you are
looking for.
-xbud
On Thursday 27 December 2001 09:27 am, Pedro Zorzenon Neto wrote:
> Hi Friends,
>
> I am developing a software to provide access control to users of a
> network.
> The gateway has ipchains rules to DENY packet
n't be monitoring a heavy load there.
g'luck
-xbud
n't be monitoring a heavy load there.
g'luck
-xbud
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
---
I cut the actual attack out cause it gets lengthy
and the IPs are blocked for obvious reasons, I also noticed none of the IP's
were duplicates.
Note all of them are in one day time span... =)
I contacted as many of the Company's I could using their IP
block.
- xbud
'Nicely' probably isn't a prefered word but you
all know what I mean.
Here are some numbers.
- Snip
-----
xbud@natas:~$ cat
/var/log/boa/access_log | grep /default.ida | cut -f1-4 -d ' '
bla.bla.bla.bla
- - [19/Jul/2001:16:18:23bla.bla.bla.b
g set somewhere.
If the values on your box are set to 0... let them be. Unless you are
running a routed daemon and need to route mc addressed frames.
-xbud
-Original Message-
From: Vineet Kumar <[EMAIL PROTECTED]>
To: debian-security@lists.debian.org
Date: Tuesday, July 17, 2001 12:56 AM
g set somewhere.
If the values on your box are set to 0... let them be. Unless you are
running a routed daemon and need to route mc addressed frames.
-xbud
-Original Message-
From: Vineet Kumar <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Tuesday, July 17, 2001
31 matches
Mail list logo
