On Wed, Dec 21, 2005 at 08:48:19PM +0100, Davide Prina wrote:
> steve ha scritto:
>
> >connection time, so she simply refused. Moreover, in Italy you have to
> >give an ID (they do a photocopy of it; she couldn't tell me how long they
> >keep it..) to be able to use a computer in an Internet Ca
steve ha scritto:
connection time, so she simply refused. Moreover, in Italy you have to give
an ID (they do a photocopy of it; she couldn't tell me how long they keep
it..) to be able to use a computer in an Internet Café (terrorism you
know...).
yes. All data (only your person identificat
Alvin Oga wrote:
italians just passed a law that all isp and internet cafe etc are required
to ask for ID of "ALL" visitors and users of their PCs and services
it shouldnt matter to that if we reboot etc, etc... but it's their
computers... and you might get stiffed with a fine/penalty if oyu do
On Wed, 21 Dec 2005, Johannes Wiedersich wrote:
> > Wrong. I was in Milano (Italy) a few month ago, and I wanted to do exactly
> > that. The person at the desk looked at me as if I were a Martien when I ask
italians just passed a law that all isp and internet cafe etc are required
to ask for
Le Mercredi, 21 Décembre 2005 12.40, Johannes Wiedersich a écrit :
> steve wrote:
> > Le Mardi, 20 Décembre 2005 16.18, Michelle Konzack a écrit :
> >>But in ALL Internet Cafes I can use my own (selfmade) Debian Live-System
> >>with my prefered Desktop. In all Internet Cafes i get an IP via DHCP.
steve wrote:
Le Mardi, 20 Décembre 2005 16.18, Michelle Konzack a écrit :
But in ALL Internet Cafes I can use my own (selfmade) Debian Live-System
with my prefered Desktop. In all Internet Cafes i get an IP via DHCP.
Wrong. I was in Milano (Italy) a few month ago, and I wanted to do exactl
Le Mardi, 20 Décembre 2005 16.18, Michelle Konzack a écrit :
> But in ALL Internet Cafes I can use my own (selfmade) Debian Live-System
> with my prefered Desktop. In all Internet Cafes i get an IP via DHCP.
Wrong. I was in Milano (Italy) a few month ago, and I wanted to do exactly
that. The pe
On Tue, Dec 20, 2005 at 04:18:12PM +0100, Michelle Konzack wrote:
> Hi Kevin,
>
> Am 2005-12-15 12:27:01, schrieb kevin bailey:
> > hi,
>
> > 4. enhance authentication
> >
> > maybe set up ssh access by authorised keys only - but again this has a
> > problem when i need to log in to the server f
Hi Kevin,
Am 2005-12-15 12:27:01, schrieb kevin bailey:
> hi,
> 4. enhance authentication
>
> maybe set up ssh access by authorised keys only - but again this has a
> problem when i need to log in to the server from a putty session on a PC in
> an internet cafe .
>
> certainly check the strengt
In article <[EMAIL PROTECTED]> you wrote:
> Actually, iptables -A INPUT will _append_ a rule to your INPUT chain
> (iptables(8)), and this won't help you if your connection is matched by
> an earlier blocking rule. To really make sure that you can reach the
> machine after a failed firewall-reconfi
Hi,
> > */3 * * * * rootiptables -A INPUT -i eth0 -p tcp -s
> > MY_WORKSTATION_IP --dport 22 -j ACCEPT && echo "issued iptables cmd"
> >
> > | mail -a "From: [EMAIL PROTECTED]" -s "[iptables-keepalive]"
> >
> > [EMAIL PROTECTED]
> >
> > That does 2 things:
> >
> > 1. guarantees my acce
On Thu, 15 Dec 2005, kevin bailey wrote:
> Alvin Oga wrote:
>
> > On Thu, 15 Dec 2005, kevin bailey wrote:
> >
> >> was recently rootkitted on a debian machine because i'd left an obscure
> >> service running.
> >
> > if you know how they got in .. i assume oyu have since fixed it
>
> my gue
* alex black <[EMAIL PROTECTED]> [2005-12-15 23:50:42]:
> I use this line:
>
> */3 * * * * rootiptables -A INPUT -i eth0 -p tcp -s
> MY_WORKSTATION_IP --dport 22 -j ACCEPT && echo "issued iptables cmd"
> | mail -a "From: [EMAIL PROTECTED]" -s "[iptables-keepalive]"
> [EMAIL PROTECTED]
On Thu, Dec 15, 2005 at 10:02:46PM +, kevin bailey wrote:
> >
> >> - i may need to access the server over ssh from anywhere.
> >
> > bad idea... what you can do .. the cracker can also do from "anywhere"
> >
> > at least, lock down incoming ssh from certain ip#
> > vi hosts.deny
> > ALL : AL
On Thu, Dec 15, 2005 at 05:20:19PM +, kevin bailey wrote:
> > get DDOSed in retaliation (I am guessing really). Anyways on a
> > multi-user web server it difficult to track down the vulnerable cgi
> > unless you run the cgi's as the account owner (as apposed to all running
> > as www-data), and
In article <[EMAIL PROTECTED]> you wrote:
> BTW - FTP *has* to be available - many of the users only know how to use
> FTP.
give them WinSCP :)
Gruss
Bernd
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
I use this line:
*/3 * * * * root iptables -A INPUT -i eth0 -p tcp -s
MY_WORKSTATION_IP --dport 22 -j ACCEPT && echo "issued iptables cmd"
| mail -a "From: [EMAIL PROTECTED]" -s "[iptables-keepalive]"
[EMAIL PROTECTED]
That does 2 things:
1. guarantees my access to the machine no matter
Dale Amon wrote:
> On Thu, Dec 15, 2005 at 12:27:01PM +, kevin bailey wrote:
>> 2. firewall
>> not i'm not sure about the need for a firewall - i may need to access the
>> server over ssh from anywhere. also, to run FTP doesn't the server need
>> to be able to open up a varying number of port
Will Maier wrote:
> On Thu, Dec 15, 2005 at 12:27:01PM +, kevin bailey wrote:
>> now i've generally relied on debian issuing security patches but i
>> thought i should be more proactive RE security.
>
> This is very important, as you're now aware. The most secure OS in
> the world is only as
tomasz abramowicz wrote:
> kevin bailey wrote:
>> hi,
>>
>> was recently rootkitted on a debian machine because i'd left an obscure
>> service running.
>
> which one?
>
i though it was webmin - but now i'm not so sure - i thought there was a
vulnerability in webmin in 2005 which was not in the
Matt wrote:
> Kevin -
>
> kevin bailey wrote:
>> 1. before attaching server to network install and configure tripwire.
>>
>> and could possibly put key executables on to CD-ROM and leave them in the
>> server.
> In todays same day exploits, using something like tripwire for H.I.D.S.
> may not pro
Alvin Oga wrote:
>
>
> On Thu, 15 Dec 2005, kevin bailey wrote:
>
>> was recently rootkitted on a debian machine because i'd left an obscure
>> service running.
>
> if you know how they got in .. i assume oyu have since fixed it
my guess it was the miniserv.pl run by webmin - it had a securit
> You can limit your FTP server to listen for data connections on a
> specific port only (eg, ftp-data, or 20). Then you only have to allow
> connections to ports 20 and 21.
but after the initial connection doesn't the server then wait for the data
connection on a port in a range above 1065?
>
On Thu, Dec 15, 2005 at 07:43:39AM -0600, Will Maier wrote:
> > 4. enhance authentication
> > maybe set up ssh access by authorised keys only - but again this
> > has a problem when i need to log in to the server from a putty
> > session on a PC in an internet cafe .
> You could keep your key on a
Jeffrey L. Taylor wrote:
> Quoting kevin bailey <[EMAIL PROTECTED]>:
> [snip]
>> 4. enhance authentication
>>
>> maybe set up ssh access by authorised keys only - but again this has a
>> problem when i need to log in to the server from a putty session on a PC
>> in an internet cafe .
>>
>
> Buy
>
> I suggest you set up host based firewalling, where iptables limits
> incoming/forwarding/outgoing traffic to whatever services you are
> running. This is especially important if your running a webserver and
> allow user cgi uploads, or cgi's with vulnerabilities are already
> installed. For ex
Am Donnerstag, 15. Dezember 2005 14:26 schrieb Dale Amon:
> On Thu, Dec 15, 2005 at 12:27:01PM +, kevin bailey wrote:
> > 2. firewall
> > not i'm not sure about the need for a firewall - i may need to access the
> > server over ssh from anywhere. also, to run FTP doesn't the server need
> > to
On Thu, 2005-12-15 at 12:27 +, kevin bailey wrote:
> hi,
>
> was recently rootkitted on a debian machine because i'd left an obscure
> service running.
>
> now i've generally relied on debian issuing security patches but i thought i
> should be more proactive RE security.
>
> here's my propo
Quoting kevin bailey <[EMAIL PROTECTED]>:
[snip]
> 4. enhance authentication
>
> maybe set up ssh access by authorised keys only - but again this has a
> problem when i need to log in to the server from a putty session on a PC in
> an internet cafe .
>
Buy a laptop. Trusting an unknown PC in an
kevin bailey wrote:
2. firewall
not i'm not sure about the need for a firewall - i may need to access the
server over ssh from anywhere. also, to run FTP doesn't the server need to
be able to open up a varying number of ports.
You can limit your FTP server to listen for data connections on a
On Thu, 15 Dec 2005, kevin bailey wrote:
> was recently rootkitted on a debian machine because i'd left an obscure
> service running.
if you know how they got in .. i assume oyu have since fixed it
if you do not know how they got in ...
- time to change security policy big time to prev
Kevin -
kevin bailey wrote:
1. before attaching server to network install and configure tripwire.
and could possibly put key executables on to CD-ROM and leave them in the
server.
In todays same day exploits, using something like tripwire for H.I.D.S.
may not prove useful... By the time tripwi
kevin bailey wrote:
hi,
was recently rootkitted on a debian machine because i'd left an obscure
service running.
which one?
2. firewall
not i'm not sure about the need for a firewall - i may need to access the
server over ssh from anywhere. also, to run FTP doesn't the server need to
be abl
On Thu, Dec 15, 2005 at 12:27:01PM +, kevin bailey wrote:
> now i've generally relied on debian issuing security patches but i
> thought i should be more proactive RE security.
This is very important, as you're now aware. The most secure OS in
the world is only as secure as the admin makes it.
On Thu, Dec 15, 2005 at 12:27:01PM +, kevin bailey wrote:
> 2. firewall
> not i'm not sure about the need for a firewall - i may need to access the
> server over ssh from anywhere. also, to run FTP doesn't the server need to
> be able to open up a varying number of ports.
There is a way aroun
hi,
was recently rootkitted on a debian machine because i'd left an obscure
service running.
now i've generally relied on debian issuing security patches but i thought i
should be more proactive RE security.
here's my proposed checklist to carry out for securing a domain server -
i.e. one which
36 matches
Mail list logo
