Hi Guys
Having a few problems with setting up a VPN gateway on Linux,
specifically a debian firewall box and having windows 2000
boxes authenticate using certs.
I have generated a cert for the gateway machine using the openssl packages
and installed it. I have also configured freeswan to the be
We've had a number of hacked boxen recently. It appears a certain
person (Romanian we think) is specifically targeting us and our
customers (looks like he hit a machine and found connections from others
in their logs, went from there).
We have no idea how he's getting in, but we've got his rootki
Sunday, May 25, 2003, 2:04:30 PM, Jayson Vantuyl (Jayson) wrote:
Jayson> We've had a number of hacked boxen recently. It appears a certain
Jayson> person (Romanian we think) is specifically targeting us and our
Jayson> customers (looks like he hit a machine and found connections from others
Jayso
On Sun, May 25, 2003 at 01:04:30PM -0500, Jayson Vantuyl wrote:
> We have no idea how he's getting in, but we've got his rootkit fairly
> nailed down (he uses a few slightly different ones).
If you believe he'll be back, it might be worth it to set up a honeypot
and a box running tcpdump and captu
On Sunday 25 May 2003 20:04, Jayson Vantuyl wrote:
Hi Jayson,
> We've had a number of hacked boxen recently. It appears a certain
> person (Romanian we think) is specifically targeting us and our
> customers (looks like he hit a machine and found connections from others
> in their logs, went fro
On Sun, 2003-05-25 at 19:04, Jayson Vantuyl wrote:
> We've had a number of hacked boxen recently. It appears a certain
> person (Romanian we think) is specifically targeting us and our
> customers (looks like he hit a machine and found connections from others
> in their logs, went from there).
>
One point I would make is to absolutely take the hacked boxes out of
service and _completely_ rebuild them. Fdisk and format the drives and
only run services which you want on them. The more extra stuff you put
in there, the more the chance of missing something. I would also
consider running iptabl
> 25 - It is entirely possible this is how the attacker got in. If you can
> avoid ftp (by using scp/sftp), do so. This will close 25% of your known
> open ports. And anonymous ftp is especially vulnerable.
If you want to sound credible you should probably at least know what
listens on port 25. (
> On Sun, 2003-05-25 at 14:04, Jayson Vantuyl wrote:
> > We've had a number of hacked boxen recently. It appears a certain
> > person (Romanian we think) is specifically targeting us and our
> > customers (looks like he hit a machine and found connections from others
> > in their logs, went from t
Noah is correct. I apologize for misstepping on this one. (was talking
on the phone while replying, but thats no excuse).
Port 25 is email/smtp. For this, I would recommend postfix. I know
Debian ships with Exim, but for any configurations beyond basic email, I
have had abyssmal luck getting Exim
On Sun, 25 May 2003 13:04:30 -0500
Jayson Vantuyl <[EMAIL PROTECTED]> wrote:
> We have no idea how he's getting in, but we've got his rootkit fairly
> nailed down (he uses a few slightly different ones).
Good god man! Include them in your post. There may be a new, unknown
vulnerability. Not to men
Did you already check out documentation at the following URL?
http://www.freeswan.org/freeswan_trees/freeswan-1.99/doc/interop.html#microsoft
I've got several FreeS/WAN 1.99 gateways with Windows 2K or XP clients
but I don't use the built-in IPSec for 2K or XP but rather use SSH S
12 matches
Mail list logo
