On Tue, Apr 01, 2003 at 09:43:38PM +0200, Dariush Pietrzak wrote:
> > One reason is security:
> > it's relatively easy for an intruder to install a kernel module based
> > rootkit, and then hide her processes, files or connections.
> isn't it security-by-obscurity?
No, that's stretching the defini
Hi, does anyone know if its possible to setup
this:
Clients - NAT - Internet - NAT - Clients with
iptelephony without opening your NAT servers to the world.
Any software suggestions / tricks /
ideas?
--
Daniel
Hi, does anyone know if its possible to setup this:
Clients - NAT - Internet - NAT - Clients with iptelephony without opening
your NAT servers to the world.
Any software suggestions / tricks / ideas?
(sorry about that, just reinstalled and forgot that outlook uses HTML as
default)
--
Daniel
* Quoting Daniel Husand ([EMAIL PROTECTED]):
> Hi, does anyone know if its possible to setup this:
>
> Clients - NAT - Internet - NAT - Clients with iptelephony without opening
> your NAT servers to the world.
> Any software suggestions / tricks / ideas?
You can use the ip_conntrack_h323 module
> of proportion... Some things in security _have_ to be obscure. Your
> password, for example. Or the primes used to generate your PGP private
There's a difference between 'obscure' and 'secret'.
All you gain by removing kernel-loading capability from your kernel is to
force cracker to search memo
> You can use the ip_conntrack_h323 module from
> netfilters patch-o-matic or a tunnel (ipsec, cipe,
> ...) between the to networks.
Last I heard about this, this module was rather crude and could cause
corruption to passing packets. If situation has changed i'd be happy to
hear about it.
--
Dar
a vpn between the 2 lans / clients
On Wed, Apr 02, 2003 at 09:07:51AM +0200, Daniel Husand wrote:
> Hi, does anyone know if its possible to setup this:
>
> Clients - NAT - Internet - NAT - Clients with iptelephony without opening
> your NAT servers to the world.
> Any software suggestions / tric
On Wed, Apr 02, 2003 at 09:07:51AM +0200, Daniel Husand wrote:
> Hi, does anyone know if its possible to setup this:
>
> Clients - NAT - Internet - NAT - Clients with iptelephony without
> opening your NAT servers to the world. Any software suggestions /
> tricks / ideas?
>
I need to do this al
On Wed, Apr 02, 2003 at 09:46:52AM +0200, Dariush Pietrzak wrote:
> > of proportion... Some things in security _have_ to be obscure. Your
> > password, for example. Or the primes used to generate your PGP private
> There's a difference between 'obscure' and 'secret'.
This is true.
> All you gain
On Wed, Apr 02, 2003 at 03:44:56AM -0600, Warren Turkal wrote:
> > I need to do this also, so I prepared a backport to woody of
> > opengate-proxy, an h323 proxy present in sid. I will test this soon
> > (this week probably).
> >
> >
> > deb http://debian.home-dn.net/woody opengate-proxy/
>
> Why,
On Wed, 02 Apr 2003 at 09:35:08AM +0200, Daniel Husand wrote:
> (sorry about that, just reinstalled and forgot that outlook uses HTML as
> default)
Fortunately, Outlook is a compliant (good Lord, something from MS being
compliant?) MUA and it makes a multi-part message. One part clear, the
other
On Wed, Apr 02, 2003 at 07:57:35AM -0700, Tom Clements wrote:
> --Sendmail Users Face Second Major Security Flaw
> (31 March 2003)
Yes, it's on its way. Expect it very soon. I think the updated
packages have all (or almost all) completed building.
> Most versions of sendmail do not adequately c
On Wed, Apr 02, 2003 at 09:46:52AM +0200, Dariush Pietrzak wrote:
> > of proportion... Some things in security _have_ to be obscure. Your
> > password, for example. Or the primes used to generate your PGP private
> There's a difference between 'obscure' and 'secret'.
In this context, I'd suggest
Anyway to tell portsentry to remove all routes it added? or to expire
added deny routes after a period of time?
--
=
= Management is doing things right; leadership is doing the =
= right things.- Peter Drucker
Hi!
I use iptables to block hosts denied by portsentry (you can configure
it
in porsentry.conf; KILL_ROUTE="/sbin/iptables -I INPUT -s $TARGET$ -j
DROP"). Also, i have a script for setting up my firewall rules. All that i
do to expire denied hosts was configure cron to flush my firewal
* Quoting Daniel Husand ([EMAIL PROTECTED]):
> Hi, does anyone know if its possible to setup this:
>
> Clients - NAT - Internet - NAT - Clients with iptelephony without opening your NAT
> servers to the world.
> Any software suggestions / tricks / ideas?
You can use the ip_conntrack_h323 module
> of proportion... Some things in security _have_ to be obscure. Your
> password, for example. Or the primes used to generate your PGP private
There's a difference between 'obscure' and 'secret'.
All you gain by removing kernel-loading capability from your kernel is to
force cracker to search memo
> You can use the ip_conntrack_h323 module from
> netfilters patch-o-matic or a tunnel (ipsec, cipe,
> ...) between the to networks.
Last I heard about this, this module was rather crude and could cause
corruption to passing packets. If situation has changed i'd be happy to
hear about it.
--
Dar
a vpn between the 2 lans / clients
On Wed, Apr 02, 2003 at 09:07:51AM +0200, Daniel Husand wrote:
> Hi, does anyone know if its possible to setup this:
>
> Clients - NAT - Internet - NAT - Clients with iptelephony without opening your NAT
> servers to the world.
> Any software suggestions / tric
On Wed, Apr 02, 2003 at 09:07:51AM +0200, Daniel Husand wrote:
> Hi, does anyone know if its possible to setup this:
>
> Clients - NAT - Internet - NAT - Clients with iptelephony without
> opening your NAT servers to the world. Any software suggestions /
> tricks / ideas?
>
I need to do this al
On Wed, Apr 02, 2003 at 09:46:52AM +0200, Dariush Pietrzak wrote:
> > of proportion... Some things in security _have_ to be obscure. Your
> > password, for example. Or the primes used to generate your PGP private
> There's a difference between 'obscure' and 'secret'.
This is true.
> All you gain
On Wed, Apr 02, 2003 at 03:44:56AM -0600, Warren Turkal wrote:
> > I need to do this also, so I prepared a backport to woody of
> > opengate-proxy, an h323 proxy present in sid. I will test this soon
> > (this week probably).
> >
> >
> > deb http://debian.home-dn.net/woody opengate-proxy/
>
> Why,
On Wed, 02 Apr 2003 at 09:35:08AM +0200, Daniel Husand wrote:
> (sorry about that, just reinstalled and forgot that outlook uses HTML as
> default)
Fortunately, Outlook is a compliant (good Lord, something from MS being
compliant?) MUA and it makes a multi-part message. One part clear, the
other
On Wed, Apr 02, 2003 at 07:57:35AM -0700, Tom Clements wrote:
> --Sendmail Users Face Second Major Security Flaw
> (31 March 2003)
Yes, it's on its way. Expect it very soon. I think the updated
packages have all (or almost all) completed building.
> Most versions of sendmail do not adequately c
On Wed, Apr 02, 2003 at 09:46:52AM +0200, Dariush Pietrzak wrote:
> > of proportion... Some things in security _have_ to be obscure. Your
> > password, for example. Or the primes used to generate your PGP private
> There's a difference between 'obscure' and 'secret'.
In this context, I'd suggest
Anyway to tell portsentry to remove all routes it added? or to expire
added deny routes after a period of time?
--
=
= Management is doing things right; leadership is doing the =
= right things.- Peter Drucker
Hi!
I use iptables to block hosts denied by portsentry (you can configure it
in porsentry.conf; KILL_ROUTE="/sbin/iptables -I INPUT -s $TARGET$ -j
DROP"). Also, i have a script for setting up my firewall rules. All that i
do to expire denied hosts was configure cron to flush my firewall
27 matches
Mail list logo
