Le 12989ième jour après Epoch,
Nejc Novak écrivait:
> i checked crontabs and i haven't found anything. but new processess started
> www-data 6705 0.0 0.1 1616 600 ?S21:31 0:00
> /tmp/dlciiqlno x
> www-data 6762 0.0 0.0 00 ?Z22:10 0:00 [sh]
> www-dat
Le 13639ième jour après Epoch,
Lubos Rendek écrivait:
> Hello,
> Recently I have played with ftpd package from stable repository and I
> have discovered that every time the package gets installed it connects
> to certain IP address on port 80.
> running reverse dig command:
> dig -x 203.8.
exactly the names) of firewalling ruleset.
My 2 cents.
THE OLD POOL SHOOTER had won many a game in his life. But now it was time
to hang up the cue. When he did, all the other cues came crashing go the floor.
"Sorry," he said with a smile.
-- Jack Handley, The New Mexi
other "shell access" services
But globally the modification of /etc/passwd is not so bad :)
You may be marching to the beat of a different drummer, but you're
still in the parade.
François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE
Tél: 0
alse no.
It's an old style ftpaccess technique, but still running.
Graduate students and most professors are no smarter than undergrads.
They're just older.
François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE
Tél: 01 49 35 96 69 - Mob: 06 81 01 81 80
Posted on announce on error... Here is my original post for security:
[EMAIL PROTECTED] (François TOURDE) writes:
> I.R.van Dongen <[EMAIL PROTECTED]> writes:
> > On Tue, 11 Mar 2003 14:48:20 -
> > "Ian Goodall" <[EMAIL PROTECTED]> wrote:
or a pppd in some case
- /*/ftpd to allow (/bin/true) or disallow (/bin/false) ftp access
- probably lot of others programs.
Reality always seems harsher in the early morning.
François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE
Tél: 01 49 35 96 69 - Mob: 06 81
Matthias Kestenholz <[EMAIL PROTECTED]> writes:
> btw, s/!!!/!/g, thank you
No, it's a mistake... 's/.*//g' is more adapted to this kind of message
François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE
Tél: 01 49 35 96 69 - Mob: 06 81 01 81
progs and as source files.
But you can symlink to a .txt file too, removing any other extensions.
If all the salmon caught in Canada in one year were laid end to end
across the Sahara Desert, the smell would be absolutely awful.
François TOURD
Le 12166ième jour après Epoch,
Nicolas Sulek écrivait:
Please, please, please... No HTML in text messages... Even if you run NT on your
box :)
"What I like most about myself is that I'm so understanding
when I mess things up.&q
stable, some evil
problems may occurs. Remember the libc6 problem on testing/unstable weeks ago.
Mathias, sorry for the question, but are you a parent of the well known Gary?
If so, your family is responsible of most of my nightmares :)
Romeo wasn't bilked in a day.
lish some weird job. And it's 4.9 mins more than needed :)
DOS: n., A small annoying boot virus that causes random spontaneous system
crashes, usually just before saving a massive project. Easily cured by
(from David Vicker's .plan)
mechanism: One ping, followed by
two telnet packets, then 4 ftp or whatever packets, and then your ip is allowed
to try a ssh connection...
Bon courage ;)
"Jesus saves...but Gretzky gets the rebound!"
-- Daniel Hinojosa ([EMAIL PROTECTED])
François TOURDE - tourde.or
Le 12286ième jour après Epoch,
Sanjukta Guha Thakurta écrivait:
> Hello
> I am using telnet in IIT bombay. I want to block few e-mail ids in my
> telnet. How to block those id ?
What do you mean exactly by "blocking few email ids in telnet" ? If you want
to disallow some of your users sendi
Le 12328ième jour après Epoch,
Ricardo Abrantes écrivait:
> Hello,
> I found on my apache´s log a lot of messages like
> *.*.*.* - - [Date] "GET http://someStrangeOrExternalDomain.com
> HTP1.0/" 404 206 "-" "-"
If *.*.*.* is your IP, then it's probably a proxy problem. Otherwise, there
is somebo
Le 12368ième jour après Epoch,
Eduard Ballester écrivait:
> Hi
> Do you know why Apache has this behavior? Why Apache initiates the
> connections with src_port 80 and random dst_port?
Where can you see apache is initiating the connection? It seems that
this is only a reply from apache to c
Le 12379ième jour après Epoch,
Jim Hubbard écrivait:
> After the Linux kernel server got hacked a few weeks ago, and now
> this successful attack at Debian, my confidence is shaken.
What kind of confidence? You can trust that every system, every OS,
every program can be hacked/cracked. Nothing is
Le 12383ième jour après Epoch,
Haim Ashkenazi écrivait:
> Hi
> I've got a server at our ISP's server farm which rebooted last night. I've
> contact my ISP and no one there did nothing, also it wasn't a power failure
> because the reboot is written in '/var/log/syslog':
> ...
> ov 26 22:26:16 n
Le 12386ième jour après Epoch,
Andrew Pollock écrivait:
> On Sun, Nov 30, 2003 at 12:51:45AM +0200, Haim Ashkenazi wrote:
>> Bernd Eckenfels wrote:
>> >
>> > BTW: i recommend you disable CAD :)
>> I would but that is the only way I can let them safely reboot the machine
>> (If I'll need them
Le 12386ième jour après Epoch,
Haim Ashkenazi écrivait:
> François TOURDE wrote:
>> Le 12386ième jour après Epoch,
>> Andrew Pollock écrivait:
>>> On Sun, Nov 30, 2003 at 12:51:45AM +0200, Haim Ashkenazi wrote:
>>>> Bernd Eckenfels wrote:
Le 12390ième jour après Epoch,
Bradley Alexander écrivait:
> I just wanted to take the opportunity to thank everyone in the Debian
> community for their hard work on the cleanup and forensic analysis of the
> recent system compromise.
I'm joining you to thanks everyone too. More than great job !
Le 12438ième jour après Epoch,
> Hi,
>> can you tell me what the following means in an apache error.log and
> The log is the out put of wget command.Most probably the command which
> resulted in this entry is "wget
> http://www.geocities.com/fonias28/psybnc.tgz -o
Le 12449ième jour après Epoch,
Hideki Yamane écrivait:
> Hi list,
> Does anyone know about if security.debian.org is down or not?
Seems to be down... Yesterday I was unable to fetch packages, but ping
was ok. Now, ping doesn't work. :(
The best cure for insomnia is to get a lot of sleep
Le 12451ième jour après Epoch,
Richard Atterer écrivait:
> On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
>> No, with REJECT they would show up as "closed". DROP produces "filtered".
> FWIW, you also need "--reject-with tcp-reset" to fool nmap.
But I think DROP is the best way
Le 12451ième jour après Epoch,
Rolf Kutz écrivait:
> * Quoting François TOURDE ([EMAIL PROTECTED]):
>> But I think DROP is the best way, 'cause it slow down NMAP or other
>> sniffers. Sniffers must wait packet timeout, then retry, then wait,
>> etc.
> Y
Le 12452ième jour après Epoch,
George Georgalis écrivait:
> On Tue, Feb 03, 2004 at 03:48:46PM +0100, Fran?ois TOURDE wrote:
>>Ok, but I don't want somebody debug on *my* machine. It's only allowed
>>for me :)
> As long as your machine is working, I guess you don't need to debug
> it!
Right! So
Le 12466ième jour après Epoch,
Michael Stone écrivait:
> On Wed, Feb 18, 2004 at 11:50:27PM +1100, Russell Coker wrote:
>> The other way of doing it properly is to write a program that open's
>> each file, calls fstat() to check the UID/GID, then uses fchown() or
>> fchmod().
>> It would be nic
Le 12519ième jour après Epoch,
Jaroslaw Tabor écrivait:
> Hello!
> I''ve strange problem with one of my servers. From time to time (once
> per 2-3 months), something strange happends, and server starts working
> very slow. What is strange, CPU load (from top) is about 5%, but
> response ti
Le 12521ième jour après Epoch,
peace bwitchu écrivait:
> Is apache and apache-ssl susceptible to the latest
> vulnerabilities released on bugtraq?
> http://www.securityfocus.com/bid/8911/info/
Try 'apache -v' or 'apache-ssl -v' and check it yourself ...
For infos: 1.3.29 and 2.0.48 are safe. A
exactly the names) of firewalling ruleset.
My 2 cents.
THE OLD POOL SHOOTER had won many a game in his life. But now it was time
to hang up the cue. When he did, all the other cues came crashing go the floor.
"Sorry," he said with a smile.
-- Jack Handley, The New Mexi
quot;shell access" services
But globally the modification of /etc/passwd is not so bad :)
You may be marching to the beat of a different drummer, but you're
still in the parade.
François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE
Tél: 01 4
alse no.
It's an old style ftpaccess technique, but still running.
Graduate students and most professors are no smarter than undergrads.
They're just older.
François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE
Tél: 01 49 35 96 69 - Mob: 06 81 01 81 80
Posted on announce on error... Here is my original post for security:
[EMAIL PROTECTED] (François TOURDE) writes:
> I.R.van Dongen <[EMAIL PROTECTED]> writes:
> > On Tue, 11 Mar 2003 14:48:20 -
> > "Ian Goodall" <[EMAIL PROTECTED]> wrote:
or a pppd in some case
- /*/ftpd to allow (/bin/true) or disallow (/bin/false) ftp access
- probably lot of others programs.
Reality always seems harsher in the early morning.
François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE
Tél: 01 49 35 96 69 - Mob: 06 81
Matthias Kestenholz <[EMAIL PROTECTED]> writes:
> btw, s/!!!/!/g, thank you
No, it's a mistake... 's/.*//g' is more adapted to this kind of message
François TOURDE - tourde.org - 23 rue Bernard GANTE - 93250 VILLEMOMBLE
Tél: 01 49 35 96 69 - Mob: 06 81 01 81
progs and as source files.
But you can symlink to a .txt file too, removing any other extensions.
If all the salmon caught in Canada in one year were laid end to end
across the Sahara Desert, the smell would be absolutely awful.
François TOURD
ird job. And it's 4.9 mins more than needed :)
DOS: n., A small annoying boot virus that causes random spontaneous system
crashes, usually just before saving a massive project. Easily cured by
(from David Vicker's .plan)
mechanism: One ping, followed by
two telnet packets, then 4 ftp or whatever packets, and then your ip is allowed
to try a ssh connection...
Bon courage ;)
"Jesus saves...but Gretzky gets the rebound!"
-- Daniel Hinojosa ([EMAIL PROTECTED])
François TOURDE - tourde.or
Le 12286ième jour après Epoch,
Sanjukta Guha Thakurta écrivait:
> Hello
> I am using telnet in IIT bombay. I want to block few e-mail ids in my
> telnet. How to block those id ?
What do you mean exactly by "blocking few email ids in telnet" ? If you want
to disallow some of your users sendi
Le 12328ième jour après Epoch,
Ricardo Abrantes écrivait:
> Hello,
> I found on my apache´s log a lot of messages like
> *.*.*.* - - [Date] "GET http://someStrangeOrExternalDomain.com
> HTP1.0/" 404 206 "-" "-"
If *.*.*.* is your IP, then it's probably a proxy problem. Otherwise, there
is somebo
Le 12368ième jour après Epoch,
Eduard Ballester écrivait:
> Hi
> Do you know why Apache has this behavior? Why Apache initiates the
> connections with src_port 80 and random dst_port?
Where can you see apache is initiating the connection? It seems that
this is only a reply from apache to c
Le 12379ième jour après Epoch,
Jim Hubbard écrivait:
> After the Linux kernel server got hacked a few weeks ago, and now
> this successful attack at Debian, my confidence is shaken.
What kind of confidence? You can trust that every system, every OS,
every program can be hacked/cracked. Nothing is
Le 12383ième jour après Epoch,
Haim Ashkenazi écrivait:
> Hi
> I've got a server at our ISP's server farm which rebooted last night. I've
> contact my ISP and no one there did nothing, also it wasn't a power failure
> because the reboot is written in '/var/log/syslog':
> ...
> ov 26 22:26:16 n
Le 12386ième jour après Epoch,
Andrew Pollock écrivait:
> On Sun, Nov 30, 2003 at 12:51:45AM +0200, Haim Ashkenazi wrote:
>> Bernd Eckenfels wrote:
>> >
>> > BTW: i recommend you disable CAD :)
>> I would but that is the only way I can let them safely reboot the machine
>> (If I'll need them
Le 12386ième jour après Epoch,
Haim Ashkenazi écrivait:
> François TOURDE wrote:
>> Le 12386ième jour après Epoch,
>> Andrew Pollock écrivait:
>>> On Sun, Nov 30, 2003 at 12:51:45AM +0200, Haim Ashkenazi wrote:
>>>> Bernd Eckenfels wrote:
Le 12390ième jour après Epoch,
Bradley Alexander écrivait:
> I just wanted to take the opportunity to thank everyone in the Debian
> community for their hard work on the cleanup and forensic analysis of the
> recent system compromise.
I'm joining you to thanks everyone too. More than great job !
Le 12438ième jour après Epoch,
> Hi,
>> can you tell me what the following means in an apache error.log and
> The log is the out put of wget command.Most probably the command which
> resulted in this entry is "wget
> http://www.geocities.com/fonias28/psybnc.tgz -o
Le 12449ième jour après Epoch,
Hideki Yamane écrivait:
> Hi list,
> Does anyone know about if security.debian.org is down or not?
Seems to be down... Yesterday I was unable to fetch packages, but ping
was ok. Now, ping doesn't work. :(
The best cure for insomnia is to get a lot of sleep
Le 12451ième jour après Epoch,
Richard Atterer écrivait:
> On Tue, Feb 03, 2004 at 05:38:40AM +0100, Philipp Schulte wrote:
>> No, with REJECT they would show up as "closed". DROP produces "filtered".
> FWIW, you also need "--reject-with tcp-reset" to fool nmap.
But I think DROP is the best way
Le 12451ième jour après Epoch,
Rolf Kutz écrivait:
> * Quoting François TOURDE ([EMAIL PROTECTED]):
>> But I think DROP is the best way, 'cause it slow down NMAP or other
>> sniffers. Sniffers must wait packet timeout, then retry, then wait,
>> etc.
> Y
Le 12452ième jour après Epoch,
George Georgalis écrivait:
> On Tue, Feb 03, 2004 at 03:48:46PM +0100, Fran?ois TOURDE wrote:
>>Ok, but I don't want somebody debug on *my* machine. It's only allowed
>>for me :)
> As long as your machine is working, I guess you don't need to debug
> it!
Right! So
Le 12466ième jour après Epoch,
Michael Stone écrivait:
> On Wed, Feb 18, 2004 at 11:50:27PM +1100, Russell Coker wrote:
>> The other way of doing it properly is to write a program that open's
>> each file, calls fstat() to check the UID/GID, then uses fchown() or
>> fchmod().
>> It would be nic
Le 12519ième jour après Epoch,
Jaroslaw Tabor écrivait:
> Hello!
> I''ve strange problem with one of my servers. From time to time (once
> per 2-3 months), something strange happends, and server starts working
> very slow. What is strange, CPU load (from top) is about 5%, but
> response ti
Le 12521ième jour après Epoch,
peace bwitchu écrivait:
> Is apache and apache-ssl susceptible to the latest
> vulnerabilities released on bugtraq?
> http://www.securityfocus.com/bid/8911/info/
Try 'apache -v' or 'apache-ssl -v' and check it yourself ...
For infos: 1.3.29 and 2.0.48 are safe. A
Le 15324ième jour après Epoch,
Marko Randjelovic écrivait:
> I have very disturbing problem, so I hope someone will be in situation
> to help me.
> As I said in title, su is not working in virtual console for any
> combination of from-to users. In gnome-terminal it is working. sudo is
> also wor
55 matches
Mail list logo