On Wed, Dec 14, 2005 at 11:18:29PM -0600, Jeffrey L. Taylor wrote:
>Quoting Alex Pankratz <[EMAIL PROTECTED]>:
>[snip]
>>Did, and that made both 111 and 699 not show up in nmap scan. sweet,
>>thanks Jeffery. I could swear that in the past I saw 111 open and I
>>sort of ignored it, why would 699 be
Hi.
FYI, there seems to be a contradiction between message subject and
package in contents :
Le mercredi 14 décembre 2005 à 23:34 +0100, Martin Schulze a écrit :
> Package: kernel-source-2.4.27
Best regards,
--
Olivier BERGER <[EMAIL PROTECTED]>
Ingénieur Recherche - Dept INF
INT Evry
hi,
was recently rootkitted on a debian machine because i'd left an obscure
service running.
now i've generally relied on debian issuing security patches but i thought i
should be more proactive RE security.
here's my proposed checklist to carry out for securing a domain server -
i.e. one which
hi,
these ports seem to be open by default on a standard sarge setup
PORT STATESERVICE
9/tcpopen discard
13/tcp open daytime
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
37/tcp open time
80/tcp open http
110/tcp open pop3
111/tcp open
On Thu, Dec 15, 2005 at 12:27:01PM +, kevin bailey wrote:
> 2. firewall
> not i'm not sure about the need for a firewall - i may need to access the
> server over ssh from anywhere. also, to run FTP doesn't the server need to
> be able to open up a varying number of ports.
There is a way aroun
On Thu, Dec 15, 2005 at 12:35:09PM +, kevin bailey wrote:
> these ports seem to be open by default on a standard sarge setup
[...]
Not a standard, default setup; you've installed and enabled other
services which aren't turned on by default.
> the server will just be serving email and website
On Thu, Dec 15, 2005 at 12:35:09PM +, kevin bailey wrote:
> what is
> 1720/tcp filtered H.323/Q.931
Are you running any VOIP? H323 is the standard for telephone
interchanges.
> and how do i turn it off if it is uneccessary.
netstat, lsof, fuser, the usual suspects...
--
--
On Thu, Dec 15, 2005 at 12:27:01PM +, kevin bailey wrote:
> now i've generally relied on debian issuing security patches but i
> thought i should be more proactive RE security.
This is very important, as you're now aware. The most secure OS in
the world is only as secure as the admin makes it.
kevin bailey wrote:
hi,
was recently rootkitted on a debian machine because i'd left an obscure
service running.
which one?
2. firewall
not i'm not sure about the need for a firewall - i may need to access the
server over ssh from anywhere. also, to run FTP doesn't the server need to
be abl
Kevin -
kevin bailey wrote:
1. before attaching server to network install and configure tripwire.
and could possibly put key executables on to CD-ROM and leave them in the
server.
In todays same day exploits, using something like tripwire for H.I.D.S.
may not prove useful... By the time tripwi
On Thu, 15 Dec 2005, kevin bailey wrote:
> was recently rootkitted on a debian machine because i'd left an obscure
> service running.
if you know how they got in .. i assume oyu have since fixed it
if you do not know how they got in ...
- time to change security policy big time to prev
* Quoting kevin bailey ([EMAIL PROTECTED]):
> hi,
>
> these ports seem to be open by default on a standard sarge setup
>
> PORT STATESERVICE
> 21/tcp open ftp
This is not part of the default install.
> 25/tcp open smtp
This is only open to localhost.
> 80/tcp open
kevin bailey wrote:
2. firewall
not i'm not sure about the need for a firewall - i may need to access the
server over ssh from anywhere. also, to run FTP doesn't the server need to
be able to open up a varying number of ports.
You can limit your FTP server to listen for data connections on a
Quoting kevin bailey <[EMAIL PROTECTED]>:
[snip]
> 4. enhance authentication
>
> maybe set up ssh access by authorised keys only - but again this has a
> problem when i need to log in to the server from a putty session on a PC in
> an internet cafe .
>
Buy a laptop. Trusting an unknown PC in an
On Thu, 2005-12-15 at 12:27 +, kevin bailey wrote:
> hi,
>
> was recently rootkitted on a debian machine because i'd left an obscure
> service running.
>
> now i've generally relied on debian issuing security patches but i thought i
> should be more proactive RE security.
>
> here's my propo
On Thu, Dec 15, 2005 at 12:35:09PM +, kevin bailey wrote:
> the service:
> 443/tcp open https
> is used to protect the webmail service. it is meant to stop the email
> passwords from being sniffed.
If you're concerned about passwords being sniffed, you better shut off
pop3 and imap, too
Am Donnerstag, 15. Dezember 2005 14:26 schrieb Dale Amon:
> On Thu, Dec 15, 2005 at 12:27:01PM +, kevin bailey wrote:
> > 2. firewall
> > not i'm not sure about the need for a firewall - i may need to access the
> > server over ssh from anywhere. also, to run FTP doesn't the server need
> > to
* Noah Meyerhans:
>> what is
>> 1720/tcp filtered H.323/Q.931
>> ?
>>
>> and how do i turn it off if it is uneccessary.
>
> It may be nothing. The fact that it showed up as filterd in the nmap
> output indicates that nmap didn't received a TCP RST packet back when it
> tried to contact that por
On Thu, Dec 15, 2005 at 06:46:02PM +0100, Florian Weimer wrote:
> > It may be nothing. The fact that it showed up as filterd in the nmap
> > output indicates that nmap didn't received a TCP RST packet back when it
> > tried to contact that port. That may mean you have iptables configured
> > to D
>
> I suggest you set up host based firewalling, where iptables limits
> incoming/forwarding/outgoing traffic to whatever services you are
> running. This is especially important if your running a webserver and
> allow user cgi uploads, or cgi's with vulnerabilities are already
> installed. For ex
Jeffrey L. Taylor wrote:
> Quoting kevin bailey <[EMAIL PROTECTED]>:
> [snip]
>> 4. enhance authentication
>>
>> maybe set up ssh access by authorised keys only - but again this has a
>> problem when i need to log in to the server from a putty session on a PC
>> in an internet cafe .
>>
>
> Buy
Hello!
Please pardon the intrusion. You are receiving this invitation because at one
time or another, you expressed an interest in music on the internet. Since
then, we paid someone for your email address. It's that simple.
Since you like music, we thought you might be interested in subscribing
On Thu, Dec 15, 2005 at 07:43:39AM -0600, Will Maier wrote:
> > 4. enhance authentication
> > maybe set up ssh access by authorised keys only - but again this
> > has a problem when i need to log in to the server from a putty
> > session on a PC in an internet cafe .
> You could keep your key on a
> You can limit your FTP server to listen for data connections on a
> specific port only (eg, ftp-data, or 20). Then you only have to allow
> connections to ports 20 and 21.
but after the initial connection doesn't the server then wait for the data
connection on a port in a range above 1065?
>
Alvin Oga wrote:
>
>
> On Thu, 15 Dec 2005, kevin bailey wrote:
>
>> was recently rootkitted on a debian machine because i'd left an obscure
>> service running.
>
> if you know how they got in .. i assume oyu have since fixed it
my guess it was the miniserv.pl run by webmin - it had a securit
Matt wrote:
> Kevin -
>
> kevin bailey wrote:
>> 1. before attaching server to network install and configure tripwire.
>>
>> and could possibly put key executables on to CD-ROM and leave them in the
>> server.
> In todays same day exploits, using something like tripwire for H.I.D.S.
> may not pro
tomasz abramowicz wrote:
> kevin bailey wrote:
>> hi,
>>
>> was recently rootkitted on a debian machine because i'd left an obscure
>> service running.
>
> which one?
>
i though it was webmin - but now i'm not so sure - i thought there was a
vulnerability in webmin in 2005 which was not in the
Will Maier wrote:
> On Thu, Dec 15, 2005 at 12:27:01PM +, kevin bailey wrote:
>> now i've generally relied on debian issuing security patches but i
>> thought i should be more proactive RE security.
>
> This is very important, as you're now aware. The most secure OS in
> the world is only as
Dale Amon wrote:
> On Thu, Dec 15, 2005 at 12:27:01PM +, kevin bailey wrote:
>> 2. firewall
>> not i'm not sure about the need for a firewall - i may need to access the
>> server over ssh from anywhere. also, to run FTP doesn't the server need
>> to be able to open up a varying number of port
Noah Meyerhans wrote:
> On Thu, Dec 15, 2005 at 12:35:09PM +, kevin bailey wrote:
>> the service:
>> 443/tcp open https
>> is used to protect the webmail service. it is meant to stop the email
>> passwords from being sniffed.
>
> If you're concerned about passwords being sniffed, you be
Dale Amon wrote:
> On Thu, Dec 15, 2005 at 12:35:09PM +, kevin bailey wrote:
>> what is
>> 1720/tcp filtered H.323/Q.931
>
> Are you running any VOIP? H323 is the standard for telephone
> interchanges.
>
>> and how do i turn it off if it is uneccessary.
>
> netstat, lsof, fuser, the usual s
Will Maier wrote:
> On Thu, Dec 15, 2005 at 12:35:09PM +, kevin bailey wrote:
>> these ports seem to be open by default on a standard sarge setup
> [...]
>
> Not a standard, default setup; you've installed and enabled other
> services which aren't turned on by default.
>
>> the server will j
I use this line:
*/3 * * * * root iptables -A INPUT -i eth0 -p tcp -s
MY_WORKSTATION_IP --dport 22 -j ACCEPT && echo "issued iptables cmd"
| mail -a "From: [EMAIL PROTECTED]" -s "[iptables-keepalive]"
[EMAIL PROTECTED]
That does 2 things:
1. guarantees my access to the machine no matter
On Thu, Dec 15, 2005 at 10:19:48PM +, kevin bailey wrote:
> good point - also the fact that the users stick their email passwords to
> their monitors using postits!
Well, at least there's still *some* level of physical security there;
an attacker has to be at your user's desk to get the passwo
Noah Meyerhans wrote:
> On Thu, Dec 15, 2005 at 06:46:02PM +0100, Florian Weimer wrote:
>> > It may be nothing. The fact that it showed up as filterd in the nmap
>> > output indicates that nmap didn't received a TCP RST packet back when
>> > it
>> > tried to contact that port. That may mean you
>
>On Thu, Dec 15, 2005 at 12:35:09PM +, kevin bailey wrote:
>} hi,
>}
>} these ports seem to be open by default on a standard sarge setup
>}
>} PORT STATESERVICE
>} 9/tcpopen discard
Useless. Turn it off.
will do
} 13/tcp open daytime
Useless. Time in text form
Quoting kevin bailey ([EMAIL PROTECTED]):
> } 21/tcp open ftp
>
> Off. Security hole if passwords are sent, they aren't encrypted.
Even in deployments where the only login supported is "anonymous"? ;->
P.S.: http://linuxmafia.com/faq/Network_Other/ftp-justification.html
--
To UNSUBSCR
In article <[EMAIL PROTECTED]> you wrote:
> BTW - FTP *has* to be available - many of the users only know how to use
> FTP.
give them WinSCP :)
Gruss
Bernd
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Thu, Dec 15, 2005 at 05:20:19PM +, kevin bailey wrote:
> > get DDOSed in retaliation (I am guessing really). Anyways on a
> > multi-user web server it difficult to track down the vulnerable cgi
> > unless you run the cgi's as the account owner (as apposed to all running
> > as www-data), and
On Thu, Dec 15, 2005 at 10:02:46PM +, kevin bailey wrote:
> >
> >> - i may need to access the server over ssh from anywhere.
> >
> > bad idea... what you can do .. the cracker can also do from "anywhere"
> >
> > at least, lock down incoming ssh from certain ip#
> > vi hosts.deny
> > ALL : AL
40 matches
Mail list logo
