On Wed, May 07, 2003 at 01:14:04AM +0200, Tim van Erven wrote:
> On Tue, 06/05/2003 13:07 -0500, Mark Edgington wrote:
> > incorporate functionality into inetd/xinetd/rinetd which listens for a
> > predefined sequence of connection attempts on certain ports. Upon noticing
> > the correct sequenc
On Tue May 06, 2003 at 01:0724PM -0500, Mark Edgington wrote:
> Hi,
> I'm not sure whether this idea has been considered or implemented
> anywhere, but I have been thinking about it, and believe it would provide a
> fairly high-level of security for systems which only run a few public
> serv
Mark Edgington wrote:
Hi,
[..]
Guess it's not a very good idea. An attacker could find out your
sequence, by listening your trafic. So you there is no additional
security by your trigger.
There is a very simple Denial-Of-Service Attack to such a system, for
someone who can listen to you
Hi all,
Probably a stupid question, but one I don't know the answer for. Is
there any simple way of telling apt or dpkg to *only* download and
install security patches instead of other changes to a release [thinking
testing or unstable here]. For example on one of my "stable" machines,
the followi
Rudolph van Graan wrote:
Hi all,
Probably a stupid question, but one I don't know the answer for. Is
there any simple way of telling apt or dpkg to *only* download and
install security patches instead of other changes to a release [thinking
testing or unstable here]. For example on one of my "s
Rudolph van Graan wrote:
Hi all,
Probably a stupid question, but one I don't know the answer for. Is
there any simple way of telling apt or dpkg to *only* download and
install security patches instead of other changes to a release [thinking
testing or unstable here]. For example on one of my "s
On Wednesday, 2003-05-07 at 10:35:45 +0200, Rudolph van Graan wrote:
> The following packages will be upgraded
> kdewallpapers mime-support
> Obviously neither is of real security importance, but will be updated
> nevertheless. [I don't want to remove the standard stable source from
> sources.l
On Wed, 07/05/2003 07:40 +0200, Hans Spaans wrote:
> On Wed, May 07, 2003 at 01:14:04AM +0200, Tim van Erven wrote:
>> On Tue, 06/05/2003 13:07 -0500, Mark Edgington wrote:
>>> incorporate functionality into inetd/xinetd/rinetd which listens for a
>>> predefined sequence of connection attempts on
* Rudolph van Graan <[EMAIL PROTECTED]>:
> Hi all,
>
> Probably a stupid question, but one I don't know the answer for. Is
> there any simple way of telling apt or dpkg to *only* download and
> install security patches instead of other changes to a release [thinking
> testing or unstable here]. F
my idea is to add some rules to iptables eg
iptables -A INPUT -p tcp --dport 1985 -j LOG --prefix "key port 1:"
iptables -A INPUT -p tcp --dport 1985 -j DROP
iptables -A INPUT -p tcp --dport 12731 -j LOG --prefix "key port 2:"
iptables -A INPUT -p tcp --dport 12731 -j DROP
iptables -A INPUT -p
Hi
On Tue, May 06, 2003 at 10:05:49PM -0400, Robert B Wilson wrote:
> On Tue, 06 May 2003 20:13:41 + Deger Cenk Erdil
> <[EMAIL PROTECTED]> writes:
> > But, if I can intercept your "trigger sequence messages" as an
> > attacker
> > on your subnet, or even on the Net, I can replicate the same
Hi
On Tue, May 06, 2003 at 06:22:54PM -0600, Will Aoki wrote:
> I believe that there are rootkits in the wild which do this.
Yepp. Found some standard rootkits with that thing as addition.
> Although I can't find the reference I had to it, I believe that some
> listen for traffic on a rare or una
Hi
On Tue, May 06, 2003 at 11:26:35PM +0200, Horst Pflugstaedt wrote:
> On Tue, May 06, 2003 at 01:07:24PM -0500, Mark Edgington wrote:
> > 2) the port(s) to make available upon receiving this trigger sequence
> > 3) whether the ports to be made available are available for a) the next n
> > conne
Hi,
may I be allowed to ask some questions?
I am a little bit confused about the latest discussions on the ptrace
kernel bug.
As I am not a regular reader of this mailing list but heavily relying
on the debian security announce mailing list and apt-get, I was really
wondering why I could not f
On Tuesday 06 May 2003 06:29 pm, Alain Tesio wrote:
> On Tue, 06 May 2003 13:07:24 -0500
>
> Mark Edgington <[EMAIL PROTECTED]> wrote:
> > it doesn't matter if others are
> > connecting to port 80, etc. while he is doing these connections, as long
> > as no-one else is trying to connect to any of t
I am running a debian woody server and when I checked the last users
yesterday I a large number of logins in the list. On running the command
today I get the following:
dev1:/home/ian# last
ian pts/0172.16.3.195 Wed May 7 14:49 still logged in
team1pts/0blue99.ex.ac
On Wednesday 07 May 2003 13:54, Jay Kline wrote:
> This is still prety complex, if the end result is just to allow access to
> port 22.
>
> SSH is pretty secure, there have been very few problems with ssh that allow
> someone without an account to gain access to the system its on. If you
> take a
On Wed, 7 May 2003, Rudolph van Graan wrote:
> The following packages will be upgraded
> kdewallpapers mime-support
> 2 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
> Need to get 0B/1030kB of archives. After unpacking 105kB will be freed.
> Do you want to continue? [Y/n
Check if your program have rotated the logs...
cd /var/log
ls -l wtmp*
and, check in /etc/cron* or do a crontab -l (in user root)
E.
--
Eric LeBlanc
[EMAIL PROTECTED]
--
UNIX is user friendly.
It's just selective about who its friends are.
=
You are teh ian login, right?
know anyone at the domain blue99.ex.ac.uk? or anyplace similar?
did you hever create an id of "team1"?
Ian Goodall wrote:
I am running a debian woody server and when I checked the last users
yesterday I a large number of logins in the list. On running the command
to
> I am running a debian woody server and when I checked the last users
> yesterday I a large number of logins in the list. On running the command
> today I get the following:
>
> dev1:/home/ian# last
> ian pts/0172.16.3.195 Wed May 7 14:49 still logged in
> team1pts/0
On Wed, May 07, 2003 at 02:51:39PM +0100, Ian Goodall wrote:
> I am running a debian woody server and when I checked the last users
> yesterday I a large number of logins in the list. On running the command
> today I get the following:
>
> dev1:/home/ian# last
> ian pts/0172.16.3.195
Check in /var/log and you should see a file called wtmp.1 or something
similar. The logs just get rotated.
You can view it with the -f flag to last.
last -f /var/log/wtmp.1
Jason Antheunis
-Original Message-
From: Ian Goodall [mailto:[EMAIL PROTECTED]
Sent: Wednesday, May 07, 2003 9:52
Hello,
Check /var/log/messages to see if anything happened before 14:49 on 7 May... are
you running "logcheck"?? It emails you daily reports of important goings on...
like user's crontab changes, logins, su's and other important things. it's very
very useful for spotting non-normal operations like
Thanks for your help Guys.
It now says this:
> wtmp begins Wed May 7 13:21:47 2003
I think that is what had happened. I am new to this and this just looked
dodgy to me!
A friend also has ssh shell access to the box and got the following error
message when connecting to the same my box:
@@
On Wed May 07, 2003 at 02:5139PM +0100, Ian Goodall wrote:
> I am running a debian woody server and when I checked the last users
> yesterday I a large number of logins in the list. On running the command
> today I get the following:
>
> dev1:/home/ian# last
> ian pts/0172.16.3.195
just lots of
May 7 06:03:06 dev1 -- MARK --
- Original Message -
From: "Hobbs, Richard" <[EMAIL PROTECTED]>
To: "Ian Goodall" <[EMAIL PROTECTED]>
Cc:
Sent: Wednesday, May 07, 2003 3:27 PM
Subject: Re: Have I been hacked?
> Hello,
>
> Check /var/log/messages to see if anything happene
On Wednesday 07 May 2003 14:53, Peter Holm wrote:
> The actual kernel sources that one can get via apt-get, are they
> already patched?
I have to admit that I didn't follow this issue closely, you'll have to get
this info elsewhere.
> And: which informtion sources do I have to follow to become
Check the shell history file of team1 user...
if exists
On (07/05/03 14:51), Ian Goodall wrote:
> I am running a debian woody server and when I checked the last users
> yesterday I a large number of logins in the list. On running the command
> today I get the following:
>
Hello,
The SSH error is usually caused by the SSH server (your machine) being
reformatted, or having SSH uninstalled and reinstalled, or have the
public/private keys regenerated for some reason. have you recently made any
changes to SSH, or reinstalled your system??
It could also happen if he has
Thanks everyone for your help.
It must be his computer as all the computers I usually log in from are all
fine. I am still quite new to all of this but we all have to start somewhere
:)
Cheers,
ijg0
>= Original Message From "Hobbs, Richard" <[EMAIL PROTECTED]> =
>Hello,
>
>The SSH e
Hello,
yeah, but they don't mean anything... i think they are just markers to say "yes
- the daemon is still running".
what is the first thing before all of those --MARK--'s, and when is it?
Richard.
Quoting Ian Goodall <[EMAIL PROTECTED]>:
> just lots of
>
> May 7 06:03:06 dev1 -- MARK --
Hi,
which kernel are you using? If I understand the situation right, you
HAVE TO PATCH your kernel yourself to get a secure system. Do it right
know. Here
http://sinuspl.net/ptrace/
is an exploit and the kernel patch. If you did not patch your kernel,
every user on your machine will be able to
You can check the fingerprint. Use
ssh-keygen -l -f /etc/ssh/ssh_host_rsa_key (or similar) to print the
fingerprint of your RSA key to the screen.
If it is '51:bd:cd:2e:6a:b7:35:b9:54:33:a8:e2:9a:57:95:0d' then your
friend has cached an old key you have used in the past (fx. before a
re-installat
Am Mit, 2003-05-07 um 17.05 schrieb Adrian 'Dagurashibanipal' von
Bidder:
> On Wednesday 07 May 2003 14:53, Peter Holm wrote:
>
> > The actual kernel sources that one can get via apt-get, are they
> > already patched?
kernel-source-2.4.20 in unstable is patched.
> I fear there's no such place.
On Wed, May 07, 2003 at 02:51:39PM +0100, Ian Goodall wrote:
> I am running a debian woody server and when I checked the last users
> yesterday I a large number of logins in the list. On running the command
> today I get the following:
>
> dev1:/home/ian# last
> ian pts/0172.16.3.195
On Wed, 7 May 2003 08:53:40 +0200 Michael Bergbauer
<[EMAIL PROTECTED]> writes:
If you
> think SSH (or any other component) is not trustworthy, just look for
> alternatives (or create them yourself).
what would be a more secure alternative to ssh?
> Michael Bergbauer <[EMAIL PROTECTED]>
--
Ro
On Wed, 7 May 2003 12:48:45 +0200 Alexander Reelsen <[EMAIL PROTECTED]>
writes:
> > what if the trigger sequence changed each time? then if someone
> > intercepted the trigger sequence, it wouldn't do them any good,
> unless
> > they collected enough trigger sequences to be able to determine
>
* Quoting Ian Goodall ([EMAIL PROTECTED]):
> Thanks everyone for your help.
>
> It must be his computer as all the computers I usually log in from are all
> fine. I am still quite new to all of this but we all have to start somewhere
> :)
Check the Fingerprint against the one from your
machine
HI,
>This is unfortunate, but I guess it cannot be changed as the security team
>reputedly is quite heavily loaded even now.
so is the debian project facing a kind of DOS-Attack on an
organizatory level? This seems to be a "social vulnerability" then.
Have a nice thread,
Peter
On Wed, May 07, 2003 at 11:27:16AM +0200, Tim van Erven wrote:
> On Wed, 07/05/2003 07:40 +0200, Hans Spaans wrote:
> >
> > How are you going to handle firewalls and stuff? This because you need
> > to accept traffic for those ports.
>
> You always need to let the trigger through your firewall.
The error can also happen if there are a few boxes with ssh that have dynamic
IPs..
On Wednesday 07 May 2003 10:36 am, Hobbs, Richard wrote:
> Hello,
>
> The SSH error is usually caused by the SSH server (your machine) being
> reformatted, or having SSH uninstalled and reinstalled, or have the
On Wed, May 07, 2003 at 10:03:40AM -0400, Mike Dresser said:
> Actually, mime-support had a security fix not all that long ago. You
> should let that one go through.
>
> http://www.debian.org/security/2003/dsa-292
>
> I'm trying to picture how there could be a security hole in kdewallpapers,
> b
On Wed, 7 May 2003 10:35:45 +0200, Rudolph van Graan wrote:
>... For example on one of my "stable" machines,
>the following happens when I do apt-get upgrade -u:
>
>The following packages will be upgraded
> kdewallpapers mime-support
>2 packages upgraded, 0 newly installed, 0 to remove and 0 not
I think you'll find the bugtraq list at http://securityfocus.com/ to
be the leading edge for security information. I like focus-linux too.
http://securityfocus.com/archive
To find more current news on issues / exploits, you would probably need
to follow some particular IRC or whatever the evil sid
45 matches
Mail list logo
