I was just wondering. Has anyone built one of the 'Fran CISCO' firewalls?
Read this and enjoy:
(in Spanish)
http://www.ofp-spain.com/franCISCO/
(english translation by Google)
http://translate.google.com/translate?u=http%3A%2F%2Fwww.ofp-spain.com%2FfranCISCO%2F&langpair=es%7Cen&hl=es&ie=UTF-8&oe=U
JAJAJAA esta cool el proyecto, tambien deberian checar el de lirc.org,
es de infrarojos, que onda pongan mas links de estos!
ehehe this rulz,you also shoud check the lirc, is about a FREE irda
device, i wish more links like this!
Have a nice day;)
El mar, 10-12-2002 a las 02:56, Javier Fernández
On Tue, 3 Dec 2002 21:19:28 EST
[EMAIL PROTECTED] wrote:
> Hi. Can you help me. Who do I report the above to. I have 2 firewalls running
> and tonight I was attacked from the same address 172 times in less than an
> hour. These people want banning off the net. It is certainly a violation of
> m
Ariel Graneros <[EMAIL PROTECTED]> writes:
> On Tue, 3 Dec 2002 21:19:28 EST [EMAIL PROTECTED] wrote:
>
>> Hi. Can you help me. Who do I report the above to. I have 2 firewalls
>> running and tonight I was attacked from the same address 172 times in
>> less than an hour. These people want banning
On Tue, 10 Dec 2002 at 10:24:08AM -0300, Ariel Graneros wrote:
> A good solution is portsentry:
>
> http://www.psionic.com/products/portsentry.html
>
> PortSentry is part of the TriSentry suite of security tools. It is a program
> designed to detect and respond to port scans against a target ho
Quoting Tim Haynes <[EMAIL PROTECTED]> on Tue, Dec 10 13:44:
>
> c) having to have no firewall, or extra holes in a firewall, in order to
>detect a finite set of events seems daft when you could just be blocking
>them already by default.
So don't poke extra holes in the firewall, but inste
Estimado (a) , friend:
Te invitamos a conocer nuestras terapias , y si no te gusta nuestro servicio NO
PAGAS!! Promoción valida todo el mes de Diciembre.
Al Sur.
Centro Relax
Av. Patriotismo 888-b
Col. Insurgentes Mixcoac
Tel. 8500-5000
Al Poniente
Bosques Massage
Av. Stim No. 101 Interior 2
C
Am Die, 2002-12-10 um 14.44 schrieb Tim Haynes:
> Ariel Graneros <[EMAIL PROTECTED]> writes:
>
> > On Tue, 3 Dec 2002 21:19:28 EST [EMAIL PROTECTED] wrote:
> >
> >> Hi. Can you help me. Who do I report the above to. I have 2 firewalls
> >> running and tonight I was attacked from the same address 1
Matthias Hentges <[EMAIL PROTECTED]> writes:
[snip]
>> I've just explained over on comp.os.linux.security why portsentry is a
>> lousy idea, but to summarize:
>>
>> a) "dynamic" means nothing when the packets shouldn't have permeated to
>> user-space at all;
>>
>> b) risk of auto-DoS if someone
On Fri, 2002-12-06 at 17:42, Matt Zimmerman wrote:
> On Thu, Dec 05, 2002 at 11:55:02PM -0500, Noah L. Meyerhans wrote:
>
> > This has been discussed before. The thing is, I think that if you're
> > serious about using snort, you should not even consider using the one in
> > Debian. snort.org d
On Fri, 2002-12-06 at 18:29, Albert Cervera Areny wrote:
> I've read in slashdot
> (http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd has
> included stack-smashing protection using the ProPolice
> (http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2
>
> I think
On Tue, Dec 10, 2002 at 04:36:08PM -0200, Gustavo Franco wrote:
> No, you can't rebuild snort version from unstable.
Who can't? You can't? I just did, and it was not only possible, but easy.
apt-get build-dep snort && apt-get source -b snort
> And the snort updates?
Yes, they are built from
On Thu, 2002-12-05 at 00:44, Johannes Graumann wrote:
> Hello,
>
> I'm looking at this triade:
> Tripwire
> Aide
> Fcheck
> and was wondering as to what this group is prefering and why or whether there
> are other more trusted alternatives.
> My main argument ageinst tripwire is
I decided to go with popa3d, along with stunnel. Thanks to Tim van
Erven for inspiring this. Now I have some security questions in regards
to Exim. I see no reason to broadcast to the world exactly what version
of exim I am running, or even that I am running exim for smtp services.
I've already
On Tue, 10 Dec 2002 at 02:21:46PM -0800, Ted Roby wrote:
> I decided to go with popa3d, along with stunnel. Thanks to Tim van
> Erven for inspiring this. Now I have some security questions in regards
> to Exim. I see no reason to broadcast to the world exactly what version
> of exim I am running
On Tue, Dec 10, 2002 at 02:21:46PM -0800, Ted Roby wrote:
> I see no reason to broadcast to the world exactly what version of
> exim I am running, or even that I am running exim for smtp services.
> I've already modified the received_header_text variable in exim.conf
> to reflect the information I
Hello,
I am using shorewall as firewall for my system. It has got 2 ethernet
cards one connected to internet and one for internal network.
init.d/networking script is linked as S35networking and init.d/shorewall
script is linked as S90shorewall.
In my opinion shorewall must be started as soon as
Yogesh Sharma wrote:
Hello,
I am using shorewall as firewall for my system. It has got 2 ethernet
cards one connected to internet and one for internal network.
init.d/networking script is linked as S35networking and init.d/shorewall
script is linked as S90shorewall.
In my opinion shorewall must
On Tue, Dec 10, 2002 at 03:39:35PM -0800, Yogesh Sharma wrote:
>
> In my opinion shorewall must be started as soon as network is up.
>
> What does list sugguests ? Is this a security problem ?
Yes this is a security issue, if you take iptables, for example, it is run
in S10. Any firewalling scri
On Tue, 10 Dec 2002 13:52:06 -0500, Matt Zimmerman wrote:
[re: installing the snort binary from unstable]
>... And I prefer not to
>install unstable glibc on my stable systems.
Yeah - I thought there was a big problem with installing any unstable
*binary* on a stable box, for exactly that reason
I am working on adding a high score list to a game written in C.
(It's already packaged.) The high score list will be 664 root:games
and the game binary will be sgid games --- nothing special here.
I want to dump and undump the list. Allowing everyone to undump
the list will lead to cheating or e
Hello,
Some documentation I found helpful when I was doing something similar in
a little game I was making.
http://www.cs.utah.edu/dept/old/texinfo/glibc-manual-0.02/library_25.html#SEC429
Chris Shafer
Live Slow. Sail Fast
On Tue, 2002-12-10 at 21:07, Oohara Yuuma wrote:
> I am working on addi
On Wed, Dec 11, 2002 at 11:07:11AM +0900, Oohara Yuuma wrote:
> The problem is that there is fakeroot. getuid() == 0 or
> geteuid() == 0 is not enough. PAM is an overkill.
> I think seteuid(0) == 0 is the best approach.
> Any opinion?
i may be mistaken, but if you link statically against the libr
I was just wondering. Has anyone built one of the 'Fran CISCO' firewalls?
Read this and enjoy:
(in Spanish)
http://www.ofp-spain.com/franCISCO/
(english translation by Google)
http://translate.google.com/translate?u=http%3A%2F%2Fwww.ofp-spain.com%2FfranCISCO%2F&langpair=es%7Cen&hl=es&ie=UTF-8&oe=U
JAJAJAA esta cool el proyecto, tambien deberian checar el de lirc.org,
es de infrarojos, que onda pongan mas links de estos!
ehehe this rulz,you also shoud check the lirc, is about a FREE irda
device, i wish more links like this!
Have a nice day;)
El mar, 10-12-2002 a las 02:56, Javier Fernández
On Tue, 3 Dec 2002 21:19:28 EST
[EMAIL PROTECTED] wrote:
> Hi. Can you help me. Who do I report the above to. I have 2 firewalls running
> and tonight I was attacked from the same address 172 times in less than an
> hour. These people want banning off the net. It is certainly a violation of
> m
Ariel Graneros <[EMAIL PROTECTED]> writes:
> On Tue, 3 Dec 2002 21:19:28 EST [EMAIL PROTECTED] wrote:
>
>> Hi. Can you help me. Who do I report the above to. I have 2 firewalls
>> running and tonight I was attacked from the same address 172 times in
>> less than an hour. These people want banning
On Tue, 10 Dec 2002 at 10:24:08AM -0300, Ariel Graneros wrote:
> A good solution is portsentry:
>
> http://www.psionic.com/products/portsentry.html
>
> PortSentry is part of the TriSentry suite of security tools. It is a program
>designed to detect and respond to port scans against a target hos
Quoting Tim Haynes <[EMAIL PROTECTED]> on Tue, Dec 10 13:44:
>
> c) having to have no firewall, or extra holes in a firewall, in order to
>detect a finite set of events seems daft when you could just be blocking
>them already by default.
So don't poke extra holes in the firewall, but inste
Estimado (a) , friend:
Te invitamos a conocer nuestras terapias , y si no te gusta nuestro servicio NO
PAGAS!! Promoción valida todo el mes de Diciembre.
Al Sur.
Centro Relax
Av. Patriotismo 888-b
Col. Insurgentes Mixcoac
Tel. 8500-5000
Al Poniente
Bosques Massage
Av. Stim No. 101 Interior 2
Co
Am Die, 2002-12-10 um 14.44 schrieb Tim Haynes:
> Ariel Graneros <[EMAIL PROTECTED]> writes:
>
> > On Tue, 3 Dec 2002 21:19:28 EST [EMAIL PROTECTED] wrote:
> >
> >> Hi. Can you help me. Who do I report the above to. I have 2 firewalls
> >> running and tonight I was attacked from the same address 1
Matthias Hentges <[EMAIL PROTECTED]> writes:
[snip]
>> I've just explained over on comp.os.linux.security why portsentry is a
>> lousy idea, but to summarize:
>>
>> a) "dynamic" means nothing when the packets shouldn't have permeated to
>> user-space at all;
>>
>> b) risk of auto-DoS if someone
On Fri, 2002-12-06 at 17:42, Matt Zimmerman wrote:
> On Thu, Dec 05, 2002 at 11:55:02PM -0500, Noah L. Meyerhans wrote:
>
> > This has been discussed before. The thing is, I think that if you're
> > serious about using snort, you should not even consider using the one in
> > Debian. snort.org d
On Fri, 2002-12-06 at 18:29, Albert Cervera Areny wrote:
> I've read in slashdot
> (http://bsd.slashdot.org/article.pl?sid=02/12/02/2035207) that openbsd has
> included stack-smashing protection using the ProPolice
> (http://www.trl.ibm.com/projects/security/ssp/) patch for GCC 3.2
>
> I think
On Tue, Dec 10, 2002 at 04:36:08PM -0200, Gustavo Franco wrote:
> No, you can't rebuild snort version from unstable.
Who can't? You can't? I just did, and it was not only possible, but easy.
apt-get build-dep snort && apt-get source -b snort
> And the snort updates?
Yes, they are built from
On Thu, 2002-12-05 at 00:44, Johannes Graumann wrote:
> Hello,
>
> I'm looking at this triade:
> Tripwire
> Aide
> Fcheck
> and was wondering as to what this group is prefering and why or whether there are
>other more trusted alternatives.
> My main argument ageinst tripwire is
I decided to go with popa3d, along with stunnel. Thanks to Tim van
Erven for inspiring this. Now I have some security questions in regards
to Exim. I see no reason to broadcast to the world exactly what version
of exim I am running, or even that I am running exim for smtp services.
I've already
On Tue, 10 Dec 2002 at 02:21:46PM -0800, Ted Roby wrote:
> I decided to go with popa3d, along with stunnel. Thanks to Tim van
> Erven for inspiring this. Now I have some security questions in regards
> to Exim. I see no reason to broadcast to the world exactly what version
> of exim I am running
On Tue, Dec 10, 2002 at 02:21:46PM -0800, Ted Roby wrote:
> I see no reason to broadcast to the world exactly what version of
> exim I am running, or even that I am running exim for smtp services.
> I've already modified the received_header_text variable in exim.conf
> to reflect the information I
Hello,
I am using shorewall as firewall for my system. It has got 2 ethernet
cards one connected to internet and one for internal network.
init.d/networking script is linked as S35networking and init.d/shorewall
script is linked as S90shorewall.
In my opinion shorewall must be started as soon as
Yogesh Sharma wrote:
Hello,
I am using shorewall as firewall for my system. It has got 2 ethernet
cards one connected to internet and one for internal network.
init.d/networking script is linked as S35networking and init.d/shorewall
script is linked as S90shorewall.
In my opinion shorewall must
On Tue, Dec 10, 2002 at 03:39:35PM -0800, Yogesh Sharma wrote:
>
> In my opinion shorewall must be started as soon as network is up.
>
> What does list sugguests ? Is this a security problem ?
Yes this is a security issue, if you take iptables, for example, it is run
in S10. Any firewalling scri
On Tue, 10 Dec 2002 13:52:06 -0500, Matt Zimmerman wrote:
[re: installing the snort binary from unstable]
>... And I prefer not to
>install unstable glibc on my stable systems.
Yeah - I thought there was a big problem with installing any unstable
*binary* on a stable box, for exactly that reason
I am working on adding a high score list to a game written in C.
(It's already packaged.) The high score list will be 664 root:games
and the game binary will be sgid games --- nothing special here.
I want to dump and undump the list. Allowing everyone to undump
the list will lead to cheating or e
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Hello,
Some documentation I found helpful when I was doing something similar in
a little game I was making.
http://www.cs.utah.edu/dept/old/texinfo/glibc-manual-0.02/library_25.html#SEC429
Chris Shafer
Live Slow. Sail Fast
On Tue, 2002-12-10 at 21:07, Oohara Yuuma wrote:
> I am working on addi
On Wed, Dec 11, 2002 at 11:07:11AM +0900, Oohara Yuuma wrote:
> The problem is that there is fakeroot. getuid() == 0 or
> geteuid() == 0 is not enough. PAM is an overkill.
> I think seteuid(0) == 0 is the best approach.
> Any opinion?
i may be mistaken, but if you link statically against the libr
On Tue, 2002-12-10 at 16:37, Kuba Jakubik wrote:
> Yogesh Sharma wrote:
> > In my opinion shorewall must be started as soon as network is up.
> can't you just mv S90shorewall S35shorewall ?
Yes, I can move this link but question is for security. In my opinion
this should be fixed in package install
Hello!
I've recently compiled pine 4.5 on my woody system and when I use it, I
get every time the notification:
"Folder vulnerable - directory /var/spool/mail must have 1777 protection"
/var/spool/mail is a link to /var/mail, wich has the permissions:
drwxrwsr-x2 root mail 1
50 matches
Mail list logo
