Re: Strongest linux

ed for the "best". IMHO best means good security for the amount of effort it takes to set up, plus stable, reliable, well documented, etc. Some of the other options probably meet those criteria, but I wouldn't know, not having looked at them. All I can do is say that I'm happy

Re: Strongest linux - kernel patches

7;t belong on deb-sec. Further discussion about politics, rather than specifically about selinux, should probably happen on a newgroup like alt.impeach.bush, for example. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) "The gods confound the man who first found o

Re: Strongest linux - kernel patches

ep on trying to merge the two patches > together. Luckily, that's a solved problem. Con Kolivas's -ck3 patch for 2.4.21 includes grsecurity and XFS. (I didn't mention it before because I didn't realize it was significant. (I'm not using ACLs).) Con's webpage is http://me

Re: Strongest linux - kernel patches

0.0 0.0 00 ?RW Jul02 0:08 [kswapd] (I don't use my machine constantly, so it probably doesn't swap as much as a desktop used all day.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) "The gods confound the man who first found out how to di

Re: configure ssh-access

.222.*. (It listens on ipv6, so v4 connections are seen as coming from v4-mapped addresses.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a

Re: configure ssh-access

the real world, to back up the extreme paranoia in the virtual world. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and

Re: configure ssh-access

(I'm replying to the list, hope you don't mind.) On Thu, Jul 10, 2003 at 01:52:13PM +0200, Christian Kurz wrote: > On [09/07/03 16:12], Peter Cordes wrote: > > On Mon, Jul 07, 2003 at 07:38:17PM +0200, Fran?ois TOURDE wrote: > > > Le 12240i?me jour apr?s Epoch, &

Re: execute permissions in /tmp

http://www.muppetlabs.com/~breadbox/software/tiny/teensy.html http://developers.slashdot.org/article.pl?sid=02/10/19/1233250 -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) "The gods confound the man who first found out how to distinguish the hours! Confound h

Re: execute permissions in /tmp

hich entails some complications that a noexec /tmp wouldn't) for clues: http://lists.debian.org/debian-devel/2001/debian-devel-200111/msg00212.html Happy hacking, -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) "The gods confound the man who first found out

Re: execute permissions in /tmp

On Sun, Jul 13, 2003 at 01:33:52AM -0400, Noah L. Meyerhans wrote: > On Sat, Jul 12, 2003 at 11:43:02PM -0300, Peter Cordes wrote: > > This is at least the third time this has come up that I remember. However, > > absolute statements like *can not* get me thinking: Is there any

Re: execute permissions in /tmp

mount flag, or integrating with TPE would make it easier to get started with. Otherwise, you'd have to make sure all libraries on the system were chmod +x, and check every new software package you installed.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , s.ca) &

Re: execute permissions in /tmp

ce files that don't contain machine code wouldn't need to be mapped with PROT_EXEC. In fact, I straced perl, and it uses read(2) instead of mmap(2) to load the code. Unless grsec is really clever, perl programs would still work, by running /usr/bin/perl /tmp/foo.pl, as long as you can re

Re: How to reduce sid security

If you really don't care about security, you can just install rlogin. I always use ssh even on my trusted LAN at home (except for big file transfers) because one tool for everything is easier. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound

Re: Debian Stable server hacked

the IP address for those did not receive id connections inside your site, or does it belong to an ISP somewhere, or what? If it's a local address, and not a computer lab, that might give you some clues about whose door to knock on... -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL

Re: How to reduce sid security

made, so it didn't even get to the point of trying to authenticate with xauth. BTW, ssh -X sets up xauth correctly. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, t

Re: Debian + Verisign's .com/.net hijack

com kjlasjlasdf.com A 64.94.110.11 -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly

Re: bugs #212357 and #212358: could we have a 'deprecated' priority?

indicate the quality of the package, like not-working, alpha, beta, or stable. Err, I'm probably not the first person to have said the above, probably just the first to clutter up deb-sec with it, so I suppose I should really go search the deb-devel archives to see if anyone has any plans ab

Re: services installed and running "out of the box"

t; init.d/dhttpd file name. > > What is so difficult? No web server is installed by default. If you don't > want one, don't install one. Dependencies. I've had the same annoying experience as Dale. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca)

Re: The same debian - different packages

http://security.debian.org woody/updates/main Packages > 1:3.4p1-1 0 > 500 http://http.us.debian.org woody/main Packages > > We can see the differences. But how to change it ? Try apt-get install ssh/stable. That should force a downgrade to the stable version. --

Re: Verisign again...

.hrz.uni-bielefeld.de A 129.70.4.66 -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly in

Re: The same debian - different packages

g like this? (I never use dselect) Is that what dpkg --forget-old-unavail is for? Maybe --clear-avail? -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this p

Re: How efficient is mounting /usr ro?

dmins do. If a particular system would really benefit from it, the admin probably just needs to see the idea mentioned, not see a big list of effects on systems in general. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found ou

Re: passwd character limitations

ked ttys. (Maybe you could stty raw < /dev/pts/x, from another session, type your password, and then stty cooked < /dev/pts/x.) > but there shouldn't be any limits on the input to the hash > function whose output is stored in the shadow file.[0] -- #define X(x,y) x##y Peter Cor

Re: Q. Should one mirror debian.security.org? Good or Bad Idea?

Anyway, it seems to work, and packages only get downloaded once. I know that apt does enough locking that NFS sharing /var/cache/apt is safe. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours

Re: What will be old configurations if new kernel installed

.old, if any. There won't be one if you only have one kernel-image package installed (and you haven't manually changed the symlinks). lilo skips entries that are marked as optional when the kernel file isn't there. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTE

Re: 2.6.1 CryptoAPI woes

vice. However, if the underlying filesystem preserves data ordering, it can satisfy the requirements of the journaling filesystem that's on top of it. I'm not sure if you need data=journal on the underlying filesystem for data=journal on the loopback filesystem to make sense, but I don

Re: 2.6.1 CryptoAPI woes

on. (ext3 is fine, but you need to patch reiserfs for ordered data.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and

Re: Crypto-Swap questions

ou wouldn't have to worry about crap like that. :) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so

Re: Web based password changer

at's correct, you can't just use chpasswd. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , des.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day

Re: [SECURITY] [DSA 479-1] New Linux 2.4.18 packages fix local root exploit (source+alpha+i386+powerpc)

ngs won't help. (Debian's package scripts usually leave the /boot symlinks broken when I remove a kernel package, even if it was totally obsolete and the links weren't pointing to any files from that package...) Your best bet is to look at the symlinks yourself, and get them pointing to

Re: [sec] Re: failed root login attempts

gging in entirely, I might see if I can get something to use iptables to block that IP for 15minutes after seeing that sequence, since it's a perfect signal that it's a bogus attack, and that it will try a bunch of logins right away, then never come back. Has anyone logged the passwords these

Re: [OT] Collective memory query

to be a limit, but as you point out, busybox might have one. > In any case, using the while loop will pipeline the operations so you get > full benefit from multitasking. Yeah, that's an elegant idiom. I'll have to remember to use it in the future. :) -- #define X(x,y) x##y Peter

Re: DSL router and security

; My knowledge of the function of this router is rudimentary. Better leave the firewall up, then. -- #define X(x,y) x##y DUPS Secretary ; http://is2.dal.ca/~dups/ Peter Cordes ; e-mail: X([EMAIL PROTECTED] , dal.ca) "The gods confound the man who first found out how to distinguish

Re: denial of service attack for X/esound?

script.) [ $make-x = yes ] && mkdir --mode=1777 .X11-unix [ $make-esd = yes ] && mkdir --mode=1777 .esd -- #define X(x,y) x##y DUPS Secretary ; http://is2.dal.ca/~dups/ Peter Cordes ; e-mail: X([EMAIL PROTECTED] , dal.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: denial of service attack for X/esound?

On Wed, Feb 16, 2000 at 09:33:57AM +1100, Brian May wrote: > >>>>> "Peter" == Peter Cordes <[EMAIL PROTECTED]> writes: > > Peter> Oh... even better idea: bootmisc.sh could check for the > Peter> existence of /tmp/.X11-unix before cleaning

Re: your mail

ense when you are protecting a bunch of machines, especially ones which you don't run directly, but for a machine filtering traffic for only itself, it seems like a waste. Thanks, -- #define X(x,y) x##y DUPS Secretary ; http://is2.dal.ca/~dups/ Peter Cordes ; e-mail: X([EMAIL PROTECTED] , d

Re: your mail

en one tries to ident the other one, you've got a packet storm brewing. -- #define X(x,y) x##y DUPS Secretary ; http://is2.dal.ca/~dups/ Peter Cordes ; e-mail: X([EMAIL PROTECTED] , dal.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, w

Re: your mail

On Thu, Mar 16, 2000 at 02:19:53PM -0800, Brian Kimball wrote: > Peter Cordes wrote: > > > This isn't specific to identd, but I'm wondering why you would bother > > filtering the port instead of just not running identd? (I assume you would > > have/do turn off

Re: Automatic password changing

t to know why the root password is getting accidentally changed every now and then! That sounds _really_ bad!! Shouldn't you be finding out why it's changing? Or do your cat sometimes fall across your keyboard in such a way that it sets a new password for you? -- #define X(x,y) x##y DUPS

Re: Automatic password changing

ngs :( ) -- #define X(x,y) x##y DUPS Secretary ; http://is2.dal.ca/~dups/ Peter Cordes ; e-mail: X([EMAIL PROTECTED] , dal.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: GNOME security.

u to run a server within a server; this is occasionally useful for testing new window managers and other X clients. . Xnest relies upon its parent X server for font services. -- #define X(x,y) x##y DUPS Secretary ; http://is2.dal.ca/~dups/ Peter Cordes ; e-mail: X([EMAIL PROTECTED] , dal.c

Re: Automatic password changing

X(x,y) x##y DUPS Secretary ; http://is2.dal.ca/~dups/ Peter Cordes ; e-mail: X([EMAIL PROTECTED] , dal.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: One Time Password support in debian

that on every box you want to use might make you a bit unpopular!) Using one-time passwords in combination with ssh would make a crackers job a lot harder, though. -- #define X(x,y) x##y DUPS Secretary ; http://is2.dal.ca/~dups/ Peter Cordes ; e-mail: X([EMAIL PROTECTED] , dal.ca) "The gods

Re: Newbie Admin: Query about xconsole output

indicating that it was the process trying to make an ident request. (you can turn off this behaviour). I didn't think closed ports normally generated ICMP traffic, but I don't know. Go look it up in an RFC if it bugs you. -- #define X(x,y) x##y DUPS Secretary ; http://is2.dal.ca/~dup

Re: ipchains X ipfw compatibility

ions, please? look up --syn in ipchains(8). TCP connections are initiated with a SYN packet, so allowing any ! --syn packet allows any established connections through. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first fou

Re: Checksums on ftp

ou wouldn't find any changed, which would mean a _very_ sophisticated cracker, or you would find every file she changed. (the chance of one changed file randomly staying unchanged is 1/(2^128)) Happy hacking :) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: On the security of e-mails

the way to address collection. > I think the idea is that the general public might want to see what the intelligent people on the mailing list have to say. There is a lot of good info on solving specific problems that can be found in mailing list archives. -- #define X(x,y) x##y Pete

Re: SECURITY PROBLEM: autofs [all versions]

ng a little overboard here... ;) Heck no, wire the MGs to CTRL+ALT+Delete, and to the reset button. The level of security gained far outweighs the tiny number of casualties from Linux actually hanging and needing a reboot :) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.c

Re: possible security flaw in screen 3.9.5-9

f the disk reserved, so you could fill it to that point (or as far as your quota allowed) and wait for normal log activity to fill the rest of the disk. > -- > Ethan Benson > http://www.alaska.net/~erbenson/ -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) &q

Re: ICMP Source routed packets

MP is a protocol on the level of UDP or TCP. It is sent inside IP. Thus, a source routed ICMP packet _is_ a source routed IP packet. Obviously, the answer to your question is that it will apply. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confou

Re: GNOME'e nterm service: use lsof to find what PID

files (sockets in this case) that have a port number of 1026. It also tells you what PID and command own the file. This is what you really want to know. Let us know what program is actually listening here. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The g

Re: GNOME'e nterm service: use lsof to find what PID

On Sat, Oct 21, 2000 at 03:09:20AM -0300, Peter Cordes wrote: > On Thu, Oct 19, 2000 at 05:32:47PM +, Jim Breton wrote: > > On Thu, Oct 19, 2000 at 11:55:55AM +0100, Sergio Brandano wrote: > > > -- Description of Bug > > > GNOME-SESSION makes available the "nt

Re: Postfix is spammer-friendly by default on potato and woody

s for holes.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: I want to try something for freedom.

It is supposedly documented in an RFC about NMB. Microsoft doesn't adhere to that standard, so the challenge is that the protocol is really convoluted and hard to deal with, not that there are any legal obstacles. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca)

Re: restricted bash (rbash)

, and just want to protect them from themselves, more or less, restricted shell is the way to go. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up

Re: task-unstable-security-updates?

#x27;t any security critical things (except for local-user stuff, which I don't bust my butt about since the only people who have accounts are my family, and they have physical access anyway. (err, also there's the fact that I trust them:) ) Happy hacking. -- #define X(x,y) x##y Peter

Re: [SECURITY] New version of ghostscript released

sr/bin/xpdf I notice that this list includes dpkg! Somebody should have a look... -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, t

Temp file attack auditing

On Thu, Nov 23, 2000 at 05:50:06PM -0500, Daniel Burrows wrote: > On Thu, Nov 23, 2000 at 06:35:54PM -0400, Peter Cordes <[EMAIL PROTECTED]> > was heard to say: > > > ghostscript uses temporary files to do some of its work. Unfortunately > > > the method used to cr

Re: [OT?] Replacing hacked binaries

on ls are to make it not do anything more than verify existence. (it uses lstat). I use \ls so bash doesn't alias expand it. (I think my system was trying to tell me something, since one of the missing files is /sbin/hdparm itself :) Happy hacking, -- #define X(x,y) x##y Peter Cordes ; e-m

Re: System log monitor

x27;s a good idea. It wouldn't eliminate the work, but would make lessen it. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: System log monitor

t log message formats, which is probably a good thing. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so

Re: Debian audititing tool?

n in October 1995. MD5 isn't looking as secure as it used to. I think a signed database of stuff that's supposed to be in Debian, and a decent way to make a bootable CD that downloads what it needs, and checks what's on your drive, is a good start. If the MD5 sum lists are sign

Re: Debian audititing tool?

why you run the checker from a known-good floppy or CD. The bogus kernel can't protect itself if it isn't running :) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours!

Re: Debian audititing tool?

On Fri, Dec 22, 2000 at 11:05:32PM -0900, Ethan Benson wrote: > On Fri, Dec 22, 2000 at 05:54:55PM -0400, Peter Cordes wrote: > > > > That's why you run the checker from a known-good floppy or CD. The bogus > > kernel can't protect itself if it isn't runn

Re: Debian audititing tool?

nk this was due to an an honest mistake on your part, since most people spend their time getting other stuff done, instead of learning about crypto. (If I screwed up any facts in the above, somebody please correct me. If I didn't, then I don't think there is anything more to flame anyo

Re: port-scanning. advise?

ble > for the resulting DoS. > > But I should not be responsible if I scan someone who's system is so flaky > that it can't take the scan. I think the only time you can ever be in the wrong when port scanning is when you are actively trying to cause damage, by DoS or otherwis

Re: port-scanning. advise?

On Sun, Jan 14, 2001 at 04:22:48AM -0400, Peter Cordes wrote: > On Sat, Jan 13, 2001 at 08:25:00PM -0600, Jordan Bettis wrote: > > [snippage] > > > revisions of MacOS 9. The moral of the story? Be careful who you scan, > > > they > > > may care, and be

Re: port-scanning. advise?

mba listen on 0.0.0.0, instead of just the internal IPs.) I'm not too concerned about attacks, since I'm not running anything very complicated. I check on my log messages every now and then, though :) BTW, I did think twice before admitting the above on a public list, but I'll ta

Re: Clear screan question

- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: connecting to my box

d to do it by hand. Also, the default config files for almost all packages have been set up so that they work well with the rest of the Debian system, instead of just leaving them as they were in the source tarball (which usually means you need to change them to get them to work, or to get them

Re: portsentry dangerous? hardly; RTFM. (was Re: checking security logs)

from ever reaching the spoofed host. However, another way to accomplish the blocking is to DoS the spoofed host. I don't remember where I read this, either in an RFC, or in the book "Practical Unix and Internet Security". -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROT

Re: portsentry dangerous? hardly

r email address?) The best practice is to notify a human of the situation, so they can do something intelligent :) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too,

Re: ISPs offering ssl-encrypted e-mail?

A news story that said, "... your email is insecure ... run this to make it better http://debian.org/ :)", might get some people using non-outlook, esp if the URI was for a decent windoze email client instead of a whole new OS :) (I've never checked email from 'doze in my lif

Re: Quick update ?

separate packages, e.g. xntp -> ntpdate, ntp or the netkit split. dist-upgrade will do everything it can to upgrade as much as possible, but it does make sure nothing has broken dependencies once it's all done.) BTW, before the upgrade would be a good time to backup the whole system :

Re: snort problem

27;t have to do anything. If you build it into the kernel proper, you still don't have to do anything :) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in th

Re: Mac most secure servers?

ut investing some of your time to learn the system and keep up with security announcements. (choosing a system which has good security announcements is obviously important, or you might not hear about problems until it's too late.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PR

Re: Woody ssh exploit

oody machine? I installed ssh 2.3.0p1-1.11 from unstable on my woody machines at home. It works great. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in th

Re: publish a user & passwd: $1000 hack reward!

allow execution of arbitrary CGI programs, the CGI program could do anything, including start a shell listening on a TCP port, or even sshd, for someone to connect to. Allowing arbitrary CGI is equivalent to giving public shell access. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PRO

Re: publish a user & passwd: $1000 hack reward!

ntly installed CGI scripts. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: commandlogging

get everything. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: promiscuous eth0

s while you aren't doing anything with the network. See if your card is generating interrupts when there is network traffic that isn't to or from you (and isn't broadcast.) If it is, then the hardware is in promiscuous mode. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PRO

Re: i've been port scanned. now what

ldn't be punished unless it causes a DoS or something. If you feel otherwise, you might want to show the logs you have to the scanner's ISP, with timestamp, so they can figure out who had that IP at that time. I think that would be going to more trouble than it's worth, thoug

Re: 127.0.0.0/8 addresses from the network

s/proc.txt, in the kernel source tree.) Read /etc/init.d/networking to see what gets set up when you config networking. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, w

Re: 127.0.0.0/8 addresses from the network

symmetric routing setups, where packets do come in on a different interface from the one replies will be sent on, so you have to do it manually with ipchains for that case. Otherwise, you don't even need to compile ipchains into the kernel for rp_filter to work.) -- #define X(x,y) x##y

Re: NTP security

n the code. You would have to write and tweak some code to work around TCP's retransmission algorithm, since retransmitted packets are useless to you because of the unknown extra delay. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who fir

Re: 127.0.0.0/8 addresses from the network

On Mon, Mar 12, 2001 at 06:36:25PM +, Jim Breton wrote: > On Mon, Mar 12, 2001 at 02:31:57PM -0400, Peter Cordes wrote: > > Doesn't rp_filter do this, or am I missing something? It should make the > > kernel drop packets coming in on interfaces they shouldn't be,

Re: 127.0.0.0/8 addresses from the network

27;t start a connection. exim is listening on *:25, (i.e. INADDR_ANY, not the interface addresses). nc 10.0.0.1 25 connects to exim normally. It's not so easy to check what happens if you send a packet with a destination in 127.0.0.0/8, but I'd be surprised if it was accepted. -- #d

Re: 127.0.0.0/8 addresses from the network

oot and arp -s it > to point to llama? Here's why: bigfoot:~# ifconfig lo down bigfoot:~# arp Address HWtype HWaddress Flags Mask Iface llamaether 00:00:92:96:51:C0 C eth0 bigfoot:~# arp -s 127.0.0.1 00:00:92:96:51:C0 SIOCSARP: I

Re: 127.0.0.0/8 addresses from the network

On Wed, Mar 14, 2001 at 12:14:07AM +0100, Carel Fellinger wrote: > On Mon, Mar 12, 2001 at 10:14:17PM -0400, Peter Cordes wrote: > > I decided to check this out, > > For now I guess you wanted to check that Linux *does* filter on packet > *destinations* , but I can't fo

Re: anyone using telnet

;t be. (ssh won't let people talk to FTP or SMTP servers, though, unlike telnet. This is a good thing.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: anyone using telnet

s obsolete. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: Something Wicked happened! 001a.

t; > I'd say the malformed packet _is_ the wicked event. Right. See http://www.scyld.com/network/ethercard.html. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too

Re: Apt database screwed up.

-apt is pretty good. Also, aptitude is even more powerful than dselect (most of the time). -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a su

Re: How to Get on the security update notification list?

ling list, and I get updates from it. Is it not working or something? -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut an

Re: MD5 sums of individual files?

tching to make sure it was doing a "real" check. You can't use a possibly-cracked machine to check itself, unless you are checking for breakins on non-root accounts. (e.g. web page defacement if they got in through httpd.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PR

Re: MD5 sums of individual files?

orlds computers and a lot of time.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: [SECURITY] [DSA 045-1] ntp remote root exploit fixed

,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: [SECURITY] [DSA 045-1] ntp remote root exploit fixed

always funny when people leave their opinions in their software. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and ha

Re: sshd port config and security

as you said, you need to use the equiv. of -P. I fired up putty on my machine, and there doesn't look like an option to do that. I guess you'll have to download the source and recompile. All hail Free software :-) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED]

Re: empty log files

in and put klogd back where it belongs :-) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wr

<    1   2   3   4   5   >