r actually told me
anything, so I suppose it isn't really configured. I'm trying a Nessus
attack against the poor box now, but it is very slow...
Thanks for reading this far, and, well, your ideas on what I can do
would be much appreciated.
Best,
Kjetil
- --
Kjetil Kjernsmo
Astr
17.77.34.162 is, but I wouldn't be
surprised if it sits in the same server room as my box... Does this
tell you anything.
Thanks a lot for the help!
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC
s actually up, and that I
still don't understand the traffic pattern,
> and that you want them to pay for the traffic they are causing you.
Well, it is more the time I've been wasting, I spent almost two full
days, in a very critical period... But I do not expect to be charged
for t
On torsdag 13. mai 2004, 20:37, Gian Piero Carrubba wrote:
> Il gio, 2004-05-13 alle 19:53, Kjetil Kjernsmo ha scritto:
>
> [...]
>
> > 19:41:32.083993 217.77.34.162.2090 > 226.58.55.41.1434: udp 376
> > [ttl 1] 19:41:32.192344 217.77.34.162.2090 > 234.247.236.46.14
On torsdag 13. mai 2004, 22:10, Florian Weimer wrote:
> * Kjetil Kjernsmo:
> > Oh, I see. But one thing I do not understand, it doesn't seem like
> > this traffic is directed at me, since it's not my address that's
> > the destination...? Are they routing their
On tirsdag 18. mai 2004, 14:17, Javier Fernández-Sanguino Peña wrote:
> On Thu, May 13, 2004 at 09:02:45PM +0200, Kjetil Kjernsmo wrote:
> > Hm, chkrootkit says that eth0 is not promiscuous... And as I said,
> > I don't think I ever got Snort to work right... :-)
>
> Are
teristic. SA will also give
hammy scores, so even if there is one spammy thing about the message, a
few hammy things can let it pass through nevertheless.
It is straightforward to set this up using the Exim4 backports and SA.
Vennlig Tiddeli-bom,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT C
On torsdag 3. juni 2004, 20:53, Alvin Oga wrote:
> you have to post process your emails
> after you already received it.
...and then it is a bit late to bounce, isn't it...?
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountai
who knows, etc... If FOAF becomes as widespread as personal
homepages, it could be really useful.
So, let me also plug another bug report of mine, let KAddressbook export
FOAF:
http://bugs.kde.org/show_bug.cgi?id=72653
If I only had time to write the code... :-)
Cheers,
Kjetil
--
Kjetil
e, so, indeed, it may be a
reasonable path to remove the security upgrade and instead suggest the
workaround.
Best,
Kjetil
--
Kjetil Kjernsmo
Information Systems Developer
Opera Software ASA
pgpQXF0ABTsYf.pgp
Description: PGP signature
is to be alarmed, so I am... :-) And it seems it found
these holes to be real (as opposed to a Qpopper hole it also reported,
but that was based on the version number only, and I guess the patch
there hsa been backported), so I'm seeking advice on what to do with
this
Best,
Kj
On Tuesday 15 October 2002 13:56, Yven Leist wrote:
> On Tuesday 15 October 2002 13:33, Kjetil Kjernsmo wrote:
> > And I haven't been able to
> > downgrade (hints are welcome! :-) ), but I do not have any testing
> > or unstable
>
> Just put the following
esn't
> then it's a bug in the plugin: report to the nessus development team.
Uh-oh, slowly now, I'm a complete newbie in these things... :-)
How do I see if it breaks?
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountainee
On Tuesday 15 October 2002 14:59, Javier Fernández-Sanguino Peña wrote:
> jOn Tue, Oct 15, 2002 at 02:11:51PM +0200, Kjetil Kjernsmo wrote:
> > On Tuesday 15 October 2002 13:59, Javier Fernández-Sanguino Peña
wrote:
> > > Try to reproduce this behavior. You can launch
a new
database to compare with the old, but then, I should keep the old,
because there are too many changes for me to keep up and be certain
that nothing Bad[tm] as slipped in But if I do, the problem just
keeps growing...
So I hope the kind folks here can offer some advice... :-)
t*.
>
> Anyone got any HOWTOs for this with exim? :)
Isn't this just about what Marc does with Exim and Spamassassin...?
http://marc.merlins.org/linux/exim/sa.html
He's even got Exim-4 debs with this stuff there. Or was it something
else you had in mind?
Cheers,
Kjetil
--
Kjetil
ter was so unelegantly shut
down, so I assume that it has something to do with that, and not
actually an intrusion attempt, but just to be sure:
Are these modules known to change if a computer is shut down like this?
(BTW, I'm hardly using any of them).
Cheers,
Kjetil
--
Kjetil Kjernsmo
As
I might as well do it in this release.
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/
all
I want to conserve as much as I can.
But, is there something I _should_ do in this situation, like including
some text in the bounce saying that this address has never existed, and
is being abused by spammers? If yes, _how_ should I do it?
I hope this is the right forum to ask...
Cheers,
omain name in it, so I risk getting some trouble with it.
Thanks for the reply anyway!
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/
urgent.
Of course, it won't guarantee that no trojan will be inserted, but at
least there is human looking at the code before s/he signs it, at that
does help a lot.
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mount
alue of the system?
If this is true, it could also account for the obvious lack of
intelligence... :-)
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/
nk we're in a arms-race with the spammers
that requires the spam-tools to updated more frequently than the normal
release-cycle would accomodate for, but that's another story.
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mount
, specifically section 5.14.3.1
http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-firewall-setup
(wow, that has been updated since I did this... :-) )
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EM
package these things in separate packages, which is
made available in a separate archive, and people can apt-get them from
there as they do with security updates.
Just a thought.
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTE
On Monday 10 March 2003 21:41, Jeremy Drake wrote:
> I can ping security.debian.org, but cannot use http or ftp. It just
> hangs. non-us.debian.org is the same box, and having the same
> troubles. Is this just me?
AOL... No response on port 80. I'm in Oslo, Norway.
Best,
Kje
than that, but a 1
GHz with 256 MB is cool, if that is what you've got.
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC
to insert some non-uniformity in the
network, but couldn't make too much sense of it...
[1] http://www.coyotelinux.com/
[2] http://people.freebsd.org/~picobsd/picobsd.html
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PR
valid or
useless keys from a GPG keyring, in batch?
I once downloaded the 4500 keys that were closest to me, but many of
them are invalid now, and I'd like to remove those in a quick way? Are
there possibly any scripts lying around?
Cheers,
Kjetil
- --
Kjetil Kjernsmo
Astrophysicist/IT
On Thursday 27 March 2003 08:53, Lars Ellenberg wrote:
> On Wed, Mar 26, 2003 at 05:28:35PM +0100, Kjetil Kjernsmo wrote:
> > Is there a way to remove revoked/expired and otherwise invalid or
> > useless keys from a GPG keyring, in batch?
>
> well, I do not know how to au
ideas?
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC
imes, but I've failed... Is there a Very
Verbose Guide to Passwordless Authentication with SSH somewhere...? :-)
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTEC
d nothing that is not
stored on the Linux workstation). Then, I have taken it upon myself to
make sure that the box will not hurt the internal network or the rest
of the Internet.
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL
zor for this kind of stuff...?
So, I'm wondering, does anybody know about any such approach?
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC
I don't want
to bother anyone else with bounces that go to the wrong person...
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC
ssin)
OK, so if I get this correctly, a double bounce would result in that I
get the bounce, but that that's unlikely to occur. But it is still not
clear to me who gets the bounce, it would be the the sender on the
envelope, but that's [EMAIL PROTECTED] in this case,
right? And th
Vennlig Tiddeli-bom,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC
On Sunday 07 September 2003 18:59, Kjetil Kjernsmo wrote:
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe".
Damn, damn, damn! I can't believe I actually did this Me, who get so
irritated by people who don't manage to read the final c
or always vulnerable depending on how you see it.., But I
mean, /.! :-)
I bet there are a lot of users running around scared, not knowing what
to do really... Any advices for us??
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAI
On Tuesday 25 November 2003 13:29, Alan James wrote:
> On Tue, 25 Nov 2003 12:09:11 +0100, Kjetil Kjernsmo
> <[EMAIL PROTECTED]>
>
> wrote:
> >I bet there are a lot of users running around scared, not knowing
> > what to do really... Any advices for us??
>
> K
n the
Debian servers is very relevant to the security of all users. And that
was the information I was missing earlier, to what extent I would
myself be vulnerable.
Also, I'm not a regular IRC user, so it didn't occur to me at the time
that it was an alternative for gathering informa
On Wednesday 03 December 2003 20:57, Phillip Hofmeister wrote:
> You may wish to look at the make-kpkg(kernel-package) package. It
> takes your stock 2.4.23 source and makes it into a nice .deb file for
> you.
>
> Note: This option is for those who have a working .config file.
> Experience in maki
On Friday 05 December 2003 08:22, Mo Zhen Guang wrote:
> Hi,
>
> I am going to install a few new debian servers, but I worry about the
> integratity of the packages because of the incident of compromised debian
> servers some days ago.
>
> Can anybody confirm me if these servers are clean now?
The
On Thursday 04 December 2003 18:48, Eric D Nielsen wrote:
> I'm a little confused as to how/when I should upgrade my kernel. I'm not
> subscribed to this list a present, so please include me in the cc.
OK. I'm a rather new user myself, but to ease the workload on the security
team, who allready
these messages have been tagged with
BAYES_99.
However, it seems like SA has no other rules that match these spams, so
they seldom get above my reject-at-smtp threshold. Is it possible to
make a rule to match this practice?
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skepti
ernel, but I can't see anything about this, at
least not in boldface as it should be... :-)
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC
ll see a kernel-source-2.4.24 package?
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC
d situation.
Again, I'm fine with backports for many packages, and I'm fine with the
general release cycle, it's just the small number of critical
security-related packages that I feel needs some discussion.
Best,
Kjetil
- --
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skept
ussed to death. I'm rather new
here. But I respectfully disagree that the type of package is
irrelevant to the discussion.
Basically, I just like to hear your thoughts, because I really haven't
found any good answers.
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC
down so often, an occasional fuse is just one-in-many... Oh well...:
On Thursday 15 January 2004 19:51, Rich Puhek wrote:
> Kjetil Kjernsmo wrote:
> > Again, that's not how I read DSA-297.
>
> They advise using newer versions of snort because it recognizes newer
> attacks.
x27;m not currently subscribed to this list, please keep me on the CC)
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/
--
To UNSUBSCRIBE, e
ey did
> > something very careless with other packages.
>
> How would the admin be warned?
Oh, wasn't that the point with the harden-clients package? If you
attempt to install a Bad[tm] client, you will be told, because it
conflicts with harden-clients?
Best,
Kjetil
--
Kjetil
is to be alarmed, so I am... :-) And it seems it found
these holes to be real (as opposed to a Qpopper hole it also reported,
but that was based on the version number only, and I guess the patch
there hsa been backported), so I'm seeking advice on what to do with
this
Best,
Kj
On Tuesday 15 October 2002 13:56, Yven Leist wrote:
> On Tuesday 15 October 2002 13:33, Kjetil Kjernsmo wrote:
> > And I haven't been able to
> > downgrade (hints are welcome! :-) ), but I do not have any testing
> > or unstable
>
> Just put the following
esn't
> then it's a bug in the plugin: report to the nessus development team.
Uh-oh, slowly now, I'm a complete newbie in these things... :-)
How do I see if it breaks?
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountainee
On Tuesday 15 October 2002 14:59, Javier Fernández-Sanguino Peña wrote:
> jOn Tue, Oct 15, 2002 at 02:11:51PM +0200, Kjetil Kjernsmo wrote:
> > On Tuesday 15 October 2002 13:59, Javier Fernández-Sanguino Peña
wrote:
> > > Try to reproduce this behavior. You can launch
a new
database to compare with the old, but then, I should keep the old,
because there are too many changes for me to keep up and be certain
that nothing Bad[tm] as slipped in But if I do, the problem just
keeps growing...
So I hope the kind folks here can offer some advice... :-)
t*.
>
> Anyone got any HOWTOs for this with exim? :)
Isn't this just about what Marc does with Exim and Spamassassin...?
http://marc.merlins.org/linux/exim/sa.html
He's even got Exim-4 debs with this stuff there. Or was it something
else you had in mind?
Cheers,
Kjetil
--
Kjetil
ter was so unelegantly shut
down, so I assume that it has something to do with that, and not
actually an intrusion attempt, but just to be sure:
Are these modules known to change if a computer is shut down like this?
(BTW, I'm hardly using any of them).
Cheers,
Kjetil
--
Kjetil Kjernsmo
As
I might as well do it in this release.
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a
all
I want to conserve as much as I can.
But, is there something I _should_ do in this situation, like including
some text in the bounce saying that this address has never existed, and
is being abused by spammers? If yes, _how_ should I do it?
I hope this is the right forum to ask...
Cheers,
omain name in it, so I risk getting some trouble with it.
Thanks for the reply anyway!
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/
-
urgent.
Of course, it won't guarantee that no trojan will be inserted, but at
least there is human looking at the code before s/he signs it, at that
does help a lot.
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mount
alue of the system?
If this is true, it could also account for the obvious lack of
intelligence... :-)
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjer
nk we're in a arms-race with the spammers
that requires the spam-tools to updated more frequently than the normal
release-cycle would accomodate for, but that's another story.
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mount
, specifically section 5.14.3.1
http://www.debian.org/doc/manuals/securing-debian-howto/ch-sec-services.en.html#s-firewall-setup
(wow, that has been updated since I did this... :-) )
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EM
package these things in separate packages, which is
made available in a separate archive, and people can apt-get them from
there as they do with security updates.
Just a thought.
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTE
On Monday 10 March 2003 21:41, Jeremy Drake wrote:
> I can ping security.debian.org, but cannot use http or ftp. It just
> hangs. non-us.debian.org is the same box, and having the same
> troubles. Is this just me?
AOL... No response on port 80. I'm in Oslo, Norway.
Best,
Kje
than that, but a 1
GHz with 256 MB is cool, if that is what you've got.
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/OpenPGP
to insert some non-uniformity in the
network, but couldn't make too much sense of it...
[1] http://www.coyotelinux.com/
[2] http://people.freebsd.org/~picobsd/picobsd.html
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PR
valid or
useless keys from a GPG keyring, in batch?
I once downloaded the 4500 keys that were closest to me, but many of
them are invalid now, and I'd like to remove those in a quick way? Are
there possibly any scripts lying around?
Cheers,
Kjetil
- --
Kjetil Kjernsmo
Astrophysicist/IT
On Thursday 27 March 2003 08:53, Lars Ellenberg wrote:
> On Wed, Mar 26, 2003 at 05:28:35PM +0100, Kjetil Kjernsmo wrote:
> > Is there a way to remove revoked/expired and otherwise invalid or
> > useless keys from a GPG keyring, in batch?
>
> well, I do not know how to au
ideas?
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC
--
To UNSUBSCRIBE, email to [EMAIL PRO
imes, but I've failed... Is there a Very
Verbose Guide to Passwordless Authentication with SSH somewhere...? :-)
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTEC
d nothing that is not
stored on the Linux workstation). Then, I have taken it upon myself to
make sure that the box will not hurt the internal network or the rest
of the Internet.
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL
zor for this kind of stuff...?
So, I'm wondering, does anybody know about any such approach?
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjeti
I don't want
to bother anyone else with bounces that go to the wrong person...
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/
ssin)
OK, so if I get this correctly, a double bounce would result in that I
get the bounce, but that that's unlikely to occur. But it is still not
clear to me who gets the bounce, it would be the the sender on the
envelope, but that's [EMAIL PROTECTED] in this case,
right? And th
Vennlig Tiddeli-bom,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC
--
To UNSUBSCRIBE, email to [EMAIL
On Sunday 07 September 2003 18:59, Kjetil Kjernsmo wrote:
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe".
Damn, damn, damn! I can't believe I actually did this Me, who get so
irritated by people who don't manage to read the final c
or always vulnerable depending on how you see it.., But I
mean, /.! :-)
I bet there are a lot of users running around scared, not knowing what
to do really... Any advices for us??
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAI
On Tuesday 25 November 2003 13:29, Alan James wrote:
> On Tue, 25 Nov 2003 12:09:11 +0100, Kjetil Kjernsmo
> <[EMAIL PROTECTED]>
>
> wrote:
> >I bet there are a lot of users running around scared, not knowing
> > what to do really... Any advices for us??
>
> K
n the
Debian servers is very relevant to the security of all users. And that
was the information I was missing earlier, to what extent I would
myself be vulnerable.
Also, I'm not a regular IRC user, so it didn't occur to me at the time
that it was an alternative for gathering informa
On Wednesday 03 December 2003 20:57, Phillip Hofmeister wrote:
> You may wish to look at the make-kpkg(kernel-package) package. It
> takes your stock 2.4.23 source and makes it into a nice .deb file for
> you.
>
> Note: This option is for those who have a working .config file.
> Experience in maki
On Friday 05 December 2003 08:22, Mo Zhen Guang wrote:
> Hi,
>
> I am going to install a few new debian servers, but I worry about the
> integratity of the packages because of the incident of compromised debian
> servers some days ago.
>
> Can anybody confirm me if these servers are clean now?
The
On Thursday 04 December 2003 18:48, Eric D Nielsen wrote:
> I'm a little confused as to how/when I should upgrade my kernel. I'm not
> subscribed to this list a present, so please include me in the cc.
OK. I'm a rather new user myself, but to ease the workload on the security
team, who allready
these messages have been tagged with
BAYES_99.
However, it seems like SA has no other rules that match these spams, so
they seldom get above my reject-at-smtp threshold. Is it possible to
make a rule to match this practice?
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skepti
ernel, but I can't see anything about this, at
least not in boldface as it should be... :-)
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjerns
ll see a kernel-source-2.4.24 package?
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Homepage: http://www.kjetil.kjernsmo.net/OpenPGP KeyID: 6A6A0BBC
--
To UNSUBSCRIBE,
d situation.
Again, I'm fine with backports for many packages, and I'm fine with the
general release cycle, it's just the small number of critical
security-related packages that I feel needs some discussion.
Best,
Kjetil
- --
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skept
ussed to death. I'm rather new
here. But I respectfully disagree that the type of package is
irrelevant to the discussion.
Basically, I just like to hear your thoughts, because I really haven't
found any good answers.
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Ske
down so often, an occasional fuse is just one-in-many... Oh well...:
On Thursday 15 January 2004 19:51, Rich Puhek wrote:
> Kjetil Kjernsmo wrote:
> > Again, that's not how I read DSA-297.
>
> They advise using newer versions of snort because it recognizes newer
> attacks.
r actually told me
anything, so I suppose it isn't really configured. I'm trying a Nessus
attack against the poor box now, but it is very slow...
Thanks for reading this far, and, well, your ideas on what I can do
would be much appreciated.
Best,
Kjetil
- --
Kjetil Kjernsmo
Astr
17.77.34.162 is, but I wouldn't be
surprised if it sits in the same server room as my box... Does this
tell you anything.
Thanks a lot for the help!
Best,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountaineer
[EMAIL PROTECTED] [EMA
s actually up, and that I
still don't understand the traffic pattern,
> and that you want them to pay for the traffic they are causing you.
Well, it is more the time I've been wasting, I spent almost two full
days, in a very critical period... But I do not expect to be charged
for t
On torsdag 13. mai 2004, 20:37, Gian Piero Carrubba wrote:
> Il gio, 2004-05-13 alle 19:53, Kjetil Kjernsmo ha scritto:
>
> [...]
>
> > 19:41:32.083993 217.77.34.162.2090 > 226.58.55.41.1434: udp 376
> > [ttl 1] 19:41:32.192344 217.77.34.162.2090 > 234.247.236.46.14
On torsdag 13. mai 2004, 22:10, Florian Weimer wrote:
> * Kjetil Kjernsmo:
> > Oh, I see. But one thing I do not understand, it doesn't seem like
> > this traffic is directed at me, since it's not my address that's
> > the destination...? Are they routing their
On tirsdag 18. mai 2004, 14:17, Javier Fernández-Sanguino Peña wrote:
> On Thu, May 13, 2004 at 09:02:45PM +0200, Kjetil Kjernsmo wrote:
> > Hm, chkrootkit says that eth0 is not promiscuous... And as I said,
> > I don't think I ever got Snort to work right... :-)
>
> Are
teristic. SA will also give
hammy scores, so even if there is one spammy thing about the message, a
few hammy things can let it pass through nevertheless.
It is straightforward to set this up using the Exim4 backports and SA.
Vennlig Tiddeli-bom,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT C
On torsdag 3. juni 2004, 20:53, Alvin Oga wrote:
> you have to post process your emails
> after you already received it.
...and then it is a bit late to bounce, isn't it...?
Cheers,
Kjetil
--
Kjetil Kjernsmo
Astrophysicist/IT Consultant/Skeptic/Ski-orienteer/Orienteer/Mountai
1 - 100 of 112 matches
Mail list logo
