On Mon, 2003-06-16 at 23:32, Tomasz Papszun wrote:
> On Mon, 16 Jun 2003 at 14:26:33 +0200, Stefan Neufeind wrote:
> > On 16 Jun 2003 at 7:00, Halil Demirezen wrote:
> >
> > > To be brief, I don't usually come accross that there is an exploit for
> > > only effective to debian boxes. Plus, There a
On Tue, 17 Jun 2003 at 11:56:36PM +1000, Mark Devin wrote:
> I was going to say exactly this earlier in the thread. I put this in My
> Apache config quite some time ago when I realised I could. There should
> be something similar in the sshd_config in my opinion.
File a wishlist bug with the ssh
Hi,
On Tue Jun 17, 2003 at 10:44:01 -0400, Phillip Hofmeister wrote:
> On Tue, 17 Jun 2003 at 11:56:36PM +1000, Mark Devin wrote:
> > I was going to say exactly this earlier in the thread. I put this
> > in My
> > Apache config quite some time ago when I realised I could. There
> > should
> > be
On Sun, Jun 15, 2003 at 09:01:00AM +0200, Florian Weimer wrote:
> Tim Peeler <[EMAIL PROTECTED]> writes:
>
> > I've come to the conclusion that the SSH1 protocol is the most
> > likely cause of this problem.
>
> Attacks on the SSH v1 protocol are relatively sophisticated. It's
> more likely that
Mark Devin <[EMAIL PROTECTED]> writes:
> On Mon, 2003-06-16 at 23:32, Tomasz Papszun wrote:
>> ServerTokens ProductOnly
>> ServerSignature Off
>>
> I was going to say exactly this earlier in the thread. I put this in My
> Apache config quite some time ago when I realised I could. There should
>
Nick Boyce <[EMAIL PROTECTED]> writes:
>>These attacks require wiretapping and traffic
>>manipulation capabilities.
>
> I'd be interested if you could expand on this - do you mean a
> connection to the victim's LAN is necessary ?
LAN or WAN. Actually, access to any transmission link suffices.
Tim Peeler <[EMAIL PROTECTED]> writes:
> I've done some research and have seen reports on several "kits"
> available to exploit the SSH1 protocol.
Can you send me a few links? I can only remember attacks which
required (a) eavesdropping, (b) huge amounts of traffic (you would
have noticed it), (
On Tue, Jun 17, 2003 at 09:45:28PM +0200, Florian Weimer wrote:
> Tim Peeler <[EMAIL PROTECTED]> writes:
>
> > I've done some research and have seen reports on several "kits"
> > available to exploit the SSH1 protocol.
>
> Can you send me a few links? I can only remember attacks which
> required
Hallo,
ist zwar schon einen moment her, aber hier die Antwort auf
Deine Frage.
Ja!
Du kannst hier im Internet Geld verdienen ohne was für zahlen
zu müssen. Die beiden einfachste Möglichkeit.
Melde Dich bei http://www.klamm.de/?id=40705 an.
Klamm ist eine Startseite. Hier bekommst du für jede
Tim Peeler <[EMAIL PROTECTED]> writes:
> As we have yet to see any indication that this is related to the crc32
> compensation detector yet, I'm finding it more and more difficult
> to believe that this was truely the problem.
Yes, indeed. This particular problem has been fixed, but there are
ot
Is there a app , another than linuxbsm, within Linux that can get the level of
security auditing down to a very granular level, equivalent to the BSM
auditing in Solaris?
i.e. logging security policy changes, file deletions, etc
linuxbsm is very old, and I did not discover if it has support for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 16 Jun 2003, John Holroyd wrote:
>On Mon, 2003-06-16 at 15:26, Omaha Steaks wrote:
>> Dear Friend,
>>
>
>
>Seriously,
>
>Does Debian have much success in forcing these spammers to pay the
>fin fees mentioned on the mailing list pages?
non
On Tue, 17 Jun 2003 21:34:32 +0200, Florian Weimer wrote:
>Nick Boyce <[EMAIL PROTECTED]> writes:
>
>>>These attacks require wiretapping and traffic
>>>manipulation capabilities.
>>
>> I'd be interested if you could expand on this - do you mean a
>> connection to the victim's LAN is necessary ?
On Mon, 2003-06-16 at 23:32, Tomasz Papszun wrote:
> On Mon, 16 Jun 2003 at 14:26:33 +0200, Stefan Neufeind wrote:
> > On 16 Jun 2003 at 7:00, Halil Demirezen wrote:
> >
> > > To be brief, I don't usually come accross that there is an exploit for
> > > only effective to debian boxes. Plus, There a
On Tue, 17 Jun 2003 at 11:56:36PM +1000, Mark Devin wrote:
> I was going to say exactly this earlier in the thread. I put this in My
> Apache config quite some time ago when I realised I could. There should
> be something similar in the sshd_config in my opinion.
File a wishlist bug with the ssh
Hi,
On Tue Jun 17, 2003 at 10:44:01 -0400, Phillip Hofmeister wrote:
> On Tue, 17 Jun 2003 at 11:56:36PM +1000, Mark Devin wrote:
> > I was going to say exactly this earlier in the thread. I put this
> > in My
> > Apache config quite some time ago when I realised I could. There
> > should
> > be
On Sun, Jun 15, 2003 at 09:01:00AM +0200, Florian Weimer wrote:
> Tim Peeler <[EMAIL PROTECTED]> writes:
>
> > I've come to the conclusion that the SSH1 protocol is the most
> > likely cause of this problem.
>
> Attacks on the SSH v1 protocol are relatively sophisticated. It's
> more likely that
Mark Devin <[EMAIL PROTECTED]> writes:
> On Mon, 2003-06-16 at 23:32, Tomasz Papszun wrote:
>> ServerTokens ProductOnly
>> ServerSignature Off
>>
> I was going to say exactly this earlier in the thread. I put this in My
> Apache config quite some time ago when I realised I could. There should
>
Nick Boyce <[EMAIL PROTECTED]> writes:
>>These attacks require wiretapping and traffic
>>manipulation capabilities.
>
> I'd be interested if you could expand on this - do you mean a
> connection to the victim's LAN is necessary ?
LAN or WAN. Actually, access to any transmission link suffices.
Tim Peeler <[EMAIL PROTECTED]> writes:
> I've done some research and have seen reports on several "kits"
> available to exploit the SSH1 protocol.
Can you send me a few links? I can only remember attacks which
required (a) eavesdropping, (b) huge amounts of traffic (you would
have noticed it), (
On Tue, Jun 17, 2003 at 09:45:28PM +0200, Florian Weimer wrote:
> Tim Peeler <[EMAIL PROTECTED]> writes:
>
> > I've done some research and have seen reports on several "kits"
> > available to exploit the SSH1 protocol.
>
> Can you send me a few links? I can only remember attacks which
> required
Hallo,
ist zwar schon einen moment her, aber hier die Antwort auf
Deine Frage.
Ja!
Du kannst hier im Internet Geld verdienen ohne was für zahlen
zu müssen. Die beiden einfachste Möglichkeit.
Melde Dich bei http://www.klamm.de/?id=40705 an.
Klamm ist eine Startseite. Hier bekommst du für jede
Tim Peeler <[EMAIL PROTECTED]> writes:
> As we have yet to see any indication that this is related to the crc32
> compensation detector yet, I'm finding it more and more difficult
> to believe that this was truely the problem.
Yes, indeed. This particular problem has been fixed, but there are
ot
Is there a app , another than linuxbsm, within Linux that can get the level of
security auditing down to a very granular level, equivalent to the BSM
auditing in Solaris?
i.e. logging security policy changes, file deletions, etc
linuxbsm is very old, and I did not discover if it has support for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Mon, 16 Jun 2003, John Holroyd wrote:
>On Mon, 2003-06-16 at 15:26, Omaha Steaks wrote:
>> Dear Friend,
>>
>
>
>Seriously,
>
>Does Debian have much success in forcing these spammers to pay the
>fin fees mentioned on the mailing list pages?
non
On Tue, 17 Jun 2003 21:34:32 +0200, Florian Weimer wrote:
>Nick Boyce <[EMAIL PROTECTED]> writes:
>
>>>These attacks require wiretapping and traffic
>>>manipulation capabilities.
>>
>> I'd be interested if you could expand on this - do you mean a
>> connection to the victim's LAN is necessary ?
26 matches
Mail list logo
