Re: Scanning with reverse connections?

2003-06-06 Thread Florian Weimer
Hamish Marson <[EMAIL PROTECTED]> writes: > I've noticed some strange traffic on our firewalls recently. Someone > (Or multiple someones) are attempting to send tcp packets inbound to > our network FROM well known ports (e.g. port 80) to multiple port > numbers, and usually multiple addresses as w

OPENSSL

2003-06-06 Thread Van Wyk Leroux, Mr <[EMAIL PROTECTED]>
Hi there I'm trying to generate a 40-bit certificate using OPENSSL.Can anybody tell me if this is possible and with which package? Thanx LeRoux

Re: kernel-source 2.4.20 + grsecurity + freeswan

2003-06-06 Thread DI Peter Burgstaller
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, I have debian (stable) with a stock kernel from kernel.org (2.4.20) with FreeSwan 1.99 and grsecurity 1.99h. Worked without a problem so far. The order of pachtes was first FreeSwan, then grsec, if that makes any difference... Good luck,

Re: Scanning with reverse connections?

2003-06-06 Thread Hamish Marson
Noah Meyerhans wrote: On Thu, Jun 05, 2003 at 10:02:53PM +0200, Christoph Haas wrote: So most probably you see just the second. That's the way TCP works. Sequential port numbers may show up because the counter of used high-ports (1024 ff.) is just increased. No, it's not at all uncomm

Re: Scanning with reverse connections?

2003-06-06 Thread Florian Weimer
Hamish Marson <[EMAIL PROTECTED]> writes: > But does nmap generate the packets WITHOUT the SYN flag set? Which is > what these are... In this case, it's probably backscatter. Could you tell us a few source/destination pairs? I could have a look at our flow database at work and look for similar

Re: Scanning with reverse connections?

2003-06-06 Thread Noah Meyerhans
On Fri, Jun 06, 2003 at 10:12:05PM +0200, Florian Weimer wrote: > > But does nmap generate the packets WITHOUT the SYN flag set? Which is > > what these are... > > In this case, it's probably backscatter. Could you tell us a few > source/destination pairs? I could have a look at our flow databas

Default Apache install not fit for multiple domains/users

2003-06-06 Thread Juan Antonio Agudo
Okay, I already posted this message to debian-users, but please don't flame me - i just figured that maybe debian-security is the better place to post a request for help like this. Clearly enough this is a security concern, after all. So maybe you could be so kind and help me out on this one:

Re: Default Apache install not fit for multiple domains/users

2003-06-06 Thread Tim Cunningham
Is there some reason why you can't give each user an account and have them put their files in ~/public_html? That would have their page show up at domain.net/~username/. Sorry if you already knew this and I'm misunderstanding the problem. On Sat, 07 Jun 2003 00:03:59 +0200 Juan Antonio Agudo <

Re: Default Apache install not fit for multiple domains/users

2003-06-06 Thread Wade Richards
Hi, On Sat, 07 Jun 2003 00:03:59 +0200, Juan Antonio Agudo writes: >I want to enable some friends of mine to host their web pages on >my woody server. It has Apache LAMP running in great shape and it >suits my Web page just fine. The Problem that I have now is, that >the apache user is www-data. W

Re: OPENSSL

2003-06-06 Thread Theo Cabrerizo Diem
Hi ! apt-get install openssl There is two text files in /usr/share/doc/openssl-(version)/docs/HOWTO Shows how to create an RSA key and a certificate request/self signed certificate ... []'s On Fri, 2003-06-06 at 05:27, Van Wyk Leroux, Mr wrote: > Hi there > > I'm trying to generate a 40-bit c

Re: Default Apache install not fit for multiple domains/users

2003-06-06 Thread Jon
On Fri, 2003-06-06 at 15:42, Tim Cunningham wrote: > Is there some reason why you can't give each user an account and have them > put their files in ~/public_html? That would have their page show up at > domain.net/~username/. > > Sorry if you already knew this and I'm misunderstanding the prob

Re: Keeping files away from users - THANKS!!

2003-06-06 Thread Steve Meyer
From: Luis Gomez - InfoEmergencias <[EMAIL PROTECTED]> To: debian-security@lists.debian.org Subject: Re: Keeping files away from users - THANKS!! Date: Thu, 5 Jun 2003 20:58:43 +0200 MIME-Version: 1.0 Received: from murphy.debian.org ([146.82.138.6]) by mc5-f31.law1.hotmail.com with Microsoft

Re: Default Apache install not fit for multiple domains/users

2003-06-06 Thread Wade Richards
On 06 Jun 2003 16:15:37 PDT, Jon writes: >I believe Apache would still be executing php/cgi scripts as www-data, >so users could snoop on other users's scripts, session files, etc. > >Something like: > I suggest you look up the suEXEC Apache module, it seems to do exactly what you want. --- W

Re: Keeping files away from users

2003-06-06 Thread Peter Cordes
On Thu, Jun 05, 2003 at 09:30:51AM +0200, Luis Gomez - InfoEmergencias wrote: > We'd like to protect that content, so that even if someone unplugs the machine > and connects the HD to another Linux box, they can't access that information. > Of course it's difficult to do, but we think there might

Re: Keeping files away from users

2003-06-06 Thread Koba
You can encode your php scripts (in standalone cgi mode or apache served) with the open source gpl php encoder/optimizer turck mmcache. The readme says that the encoding it's not recommended for production use yet, but it works like a charm. Good Luck, Koba On Thu, 5 Jun 2003 09:30:51 +0200, Lu

Re: Keeping files away from users

2003-06-06 Thread Ross
> Against a sophisticated attacker, it's totally impossible to do what you > want. They could run bochs an boot the x86 emulator from the new hard > drive, and examine the contents of the system's memory whenever they wanted. > Obviously, that's not easy, since you have to figure out where the >

Re: Keeping files away from users

2003-06-06 Thread Harry Brueckner
Hey there, --On Thursday, June 05, 2003 11:14:36 AM +0200 Marcel Weber <[EMAIL PROTECTED]> wrote: Luis Gomez - InfoEmergencias wrote: We're already looking at that (btw, IIRC loop-aes is included into the cryptoapi of kerneli.org). The problem is what Dariush points: if your machine has the pass

Re: Keeping files away from users

2003-06-06 Thread Koba
Think about this: Use a encrypted loopback. To get the key without storing it on the computer: Get some kind of unique combined fingerprint of the computer and hd through a c/c++ programmed algorithm and sending them to a secure "password" server using some kind of (variable server provided s

Re: Keeping files away from users

2003-06-06 Thread Marcel Weber
Harry Brueckner wrote: Hey there, Making the encryption key hardware dependent would make it a hard job to decrypt the harddrive in another computer... On the other hand - what will you do if your server gets a hardware problem and you have to replace/expand the system with a new NIC, add ano

Re: Keeping files away from users

2003-06-06 Thread Adrian 'Dagurashibanipal' von Bidder
On Thursday 05 June 2003 17:16, Peter Cordes wrote: > kernel. (Even if you put the password in the kernel, you want to hide the > initrd, because it will have mount(8) getting a password from /proc/sekret, > or something.) Use some sort of encrypted filesystem on the hard drive. When you're hac

Re: Keeping files away from users

2003-06-06 Thread Marcel Weber
Harry Brueckner wrote: On the other hand - what will you do if your server gets a hardware problem and you have to replace/expand the system with a new NIC, add another CPU, exchange anything in the box. So after a simple hardware problem all your own data is lost as well, even if the harddriv

Re: Keeping files away from users

2003-06-06 Thread Peter Cordes
On Thu, Jun 05, 2003 at 12:53:43PM -0300, Koba wrote: > Think about this: > Use a encrypted loopback. To get the key without storing it on > the computer: > Get some kind of unique combined fingerprint of the computer and hd > through a c/c++ programmed algorithm and sendi

Re: Keeping files away from users

2003-06-06 Thread Koba
On Thu, 5 Jun 2003 14:15:45 -0300, Peter Cordes <[EMAIL PROTECTED]> wrote: If the attacker runs it under an x86 emulator like bochs, they don't need to sniff the network, just look at memory after it's decrypted. Also, what I suggested was an attempt to avoid dependence on a network. I'd be p

Re: Keeping files away from users - THANKS!!

2003-06-06 Thread Luis Gomez - InfoEmergencias
Good evening (here in Spain) to all of you. I want to sincerely thank you all for the great feedback received on this topic. I would never have expected to receive some 20 answers in such a short time! Let me take my time to write your names, because you deserve it: Thank you Dariush, Adam, Marc

Re: Keeping files away from users

2003-06-06 Thread Jaroslaw Tabor
W liƛcie z czw, 05-06-2003, godz. 07:30, Luis Gomez - InfoEmergencias pisze: Hello! > We'd like to protect that content, so that even if someone unplugs the machine > and connects the HD to another Linux box, they can't access that information. > Of course it's difficult to do, but we think th

Scanning with reverse connections?

2003-06-06 Thread Hamish Marson
I've noticed some strange traffic on our firewalls recently. Someone (Or multiple someones) are attempting to send tcp packets inbound to our network FROM well known ports (e.g. port 80) to multiple port numbers, and usually multiple addresses as well. Sometimes they are randomised, (Port and/o

Re: Scanning with reverse connections?

2003-06-06 Thread Christoph Haas
On Thu, Jun 05, 2003 at 08:29:10PM +0100, Hamish Marson wrote: > I've noticed some strange traffic on our firewalls recently. Someone (Or > multiple someones) are attempting to send tcp packets inbound to our > network FROM well known ports (e.g. port 80) to multiple port numbers, > and usually

Re: Scanning with reverse connections?

2003-06-06 Thread Blars Blarson
In article <[EMAIL PROTECTED]> [EMAIL PROTECTED] writes: >I've noticed some strange traffic on our firewalls recently. Someone (Or >multiple someones) are attempting to send tcp packets inbound to our >network FROM well known ports (e.g. port 80) Some firewalls that don't do proper connection

kernel-source 2.4.20 + grsecurity + freeswan

2003-06-06 Thread Vinai Kopp
Hi, currently I'm setting up a gateway machine for a small office network. After the recent threads about rooted woody boxes I feel it would be iresponsible to set up a box without a grsecurity patched kernel. The problem is I also need the box to be a VPN gateway. One of the reasons I got the d

Re: Scanning with reverse connections?

2003-06-06 Thread Noah Meyerhans
On Thu, Jun 05, 2003 at 10:02:53PM +0200, Christoph Haas wrote: > So most probably you see just the second. That's the way TCP works. > Sequential port numbers may show up because the counter of used > high-ports (1024 ff.) is just increased. No, it's not at all uncommon to see incoming traffic fr

Re: kernel-source 2.4.20 + grsecurity + freeswan

2003-06-06 Thread Marc-Christian Petersen
On Thursday 05 June 2003 22:32, Vinai Kopp wrote: Hi Vinai, > There seem to be problems using both the grsecurity and the freeswan > patches (at least I haven't been successfull applying the patches - I > tried the debian versions and the "official" ones from the different > project sites of the

Re: Keeping files away from users - THANKS!!

2003-06-06 Thread Geoff Crompton
On Thu, Jun 05, 2003 at 08:58:43PM +0200, Luis Gomez - InfoEmergencias wrote: > Other interesting things to look at: > > - LICENSING ISSUES. As Peter Cordes commented, the kernel is GPL so if we > integrate code into it, we cannot provide a binary-only version, we should > also give away the sou

Re: kernel-source 2.4.20 + grsecurity + freeswan

2003-06-06 Thread Peter Hicks
On Thu, Jun 05, 2003 at 10:32:59PM +0200, Vinai Kopp wrote: >Hi, > >currently I'm setting up a gateway machine for a small office >network. After the recent threads about rooted woody boxes I feel it >would be iresponsible to set up a box without a grsecurity patched >kernel. >The problem is I als

Re: kernel-source 2.4.20 + grsecurity + freeswan

2003-06-06 Thread Hubert Chan
> "Vinai" == Vinai Kopp <[EMAIL PROTECTED]> writes: [...] Vinai> There seem to be problems using both the grsecurity and the Vinai> freeswan patches (at least I haven't been successfull applying Vinai> the patches - I tried the debian versions and the "official" ones Vinai> from the different

Re: Scanning with reverse connections?

2003-06-06 Thread Florian Weimer
Hamish Marson <[EMAIL PROTECTED]> writes: > I've noticed some strange traffic on our firewalls recently. Someone > (Or multiple someones) are attempting to send tcp packets inbound to > our network FROM well known ports (e.g. port 80) to multiple port > numbers, and usually multiple addresses as w

OPENSSL

2003-06-06 Thread Van Wyk Leroux, Mr <[EMAIL PROTECTED]>
Hi there I'm trying to generate a 40-bit certificate using OPENSSL.Can anybody tell me if this is possible and with which package? Thanx LeRoux -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: kernel-source 2.4.20 + grsecurity + freeswan

2003-06-06 Thread DI Peter Burgstaller
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi there, I have debian (stable) with a stock kernel from kernel.org (2.4.20) with FreeSwan 1.99 and grsecurity 1.99h. Worked without a problem so far. The order of pachtes was first FreeSwan, then grsec, if that makes any difference... Good luck, Pe

Re: Scanning with reverse connections?

2003-06-06 Thread Hamish Marson
Noah Meyerhans wrote: On Thu, Jun 05, 2003 at 10:02:53PM +0200, Christoph Haas wrote: So most probably you see just the second. That's the way TCP works. Sequential port numbers may show up because the counter of used high-ports (1024 ff.) is just increased. No, it's not at all uncommon to

Re: Scanning with reverse connections?

2003-06-06 Thread Florian Weimer
Hamish Marson <[EMAIL PROTECTED]> writes: > But does nmap generate the packets WITHOUT the SYN flag set? Which is > what these are... In this case, it's probably backscatter. Could you tell us a few source/destination pairs? I could have a look at our flow database at work and look for similar

Re: Scanning with reverse connections?

2003-06-06 Thread Noah Meyerhans
On Fri, Jun 06, 2003 at 10:12:05PM +0200, Florian Weimer wrote: > > But does nmap generate the packets WITHOUT the SYN flag set? Which is > > what these are... > > In this case, it's probably backscatter. Could you tell us a few > source/destination pairs? I could have a look at our flow databas

Default Apache install not fit for multiple domains/users

2003-06-06 Thread Juan Antonio Agudo
Okay, I already posted this message to debian-users, but please don't flame me - i just figured that maybe debian-security is the better place to post a request for help like this. Clearly enough this is a security concern, after all. So maybe you could be so kind and help me out on this one:

Re: Default Apache install not fit for multiple domains/users

2003-06-06 Thread Tim Cunningham
Is there some reason why you can't give each user an account and have them put their files in ~/public_html? That would have their page show up at domain.net/~username/. Sorry if you already knew this and I'm misunderstanding the problem. On Sat, 07 Jun 2003 00:03:59 +0200 Juan Antonio Agudo <[

Re: Default Apache install not fit for multiple domains/users

2003-06-06 Thread Wade Richards
Hi, On Sat, 07 Jun 2003 00:03:59 +0200, Juan Antonio Agudo writes: >I want to enable some friends of mine to host their web pages on >my woody server. It has Apache LAMP running in great shape and it >suits my Web page just fine. The Problem that I have now is, that >the apache user is www-data. W

Re: OPENSSL

2003-06-06 Thread Theo Cabrerizo Diem
Hi ! apt-get install openssl There is two text files in /usr/share/doc/openssl-(version)/docs/HOWTO Shows how to create an RSA key and a certificate request/self signed certificate ... []'s On Fri, 2003-06-06 at 05:27, Van Wyk Leroux, Mr wrote: > Hi there > > I'm trying to generate a 40-bit c

Re: Default Apache install not fit for multiple domains/users

2003-06-06 Thread Jon
On Fri, 2003-06-06 at 15:42, Tim Cunningham wrote: > Is there some reason why you can't give each user an account and have them put their > files in ~/public_html? That would have their page show up at domain.net/~username/. > > Sorry if you already knew this and I'm misunderstanding the problem

Re: Keeping files away from users - THANKS!!

2003-06-06 Thread Steve Meyer
From: Luis Gomez - InfoEmergencias <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: Keeping files away from users - THANKS!! Date: Thu, 5 Jun 2003 20:58:43 +0200 MIME-Version: 1.0 Received: from murphy.debian.org ([146.82.138.6]) by mc5-f31.law1.hotmail.com with Microsoft SMTPSVC(5.0.2195

Re: Default Apache install not fit for multiple domains/users

2003-06-06 Thread Wade Richards
On 06 Jun 2003 16:15:37 PDT, Jon writes: >I believe Apache would still be executing php/cgi scripts as www-data, >so users could snoop on other users's scripts, session files, etc. > >Something like: > I suggest you look up the suEXEC Apache module, it seems to do exactly what you want. --- W