Re: Creating a logfile for Netfilter

> Not much else gets logged at level alert so it should be OK and not > > > upset other logging. > > Isn't there a problem? Logs at level notice (5) and below are sent to > the console. If host activity is too high, console will become unusable > (kind of DoS). U

Re: rxvt exploit

nd you could potentially exploit other programs through utmp. This is especially important if these other programs are being run by root. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! C

Re: A question about Knark and modules

figuration info, would do the job for X11. (BTW, AGP acts like another PCI bus). Limiting things to only PCI-reported memory spaces would stop access from user space to ISA memory, but who would want to do that anyway... I like this idea. It would kick ass, so we should do it. -- #define X(x,y)

Re: A question about Knark and modules

On Sun, Jun 17, 2001 at 10:42:17PM -0800, Ethan Benson wrote: > On Mon, Jun 18, 2001 at 01:38:16AM -0300, Peter Cordes wrote: > > I like the package signing idea. That would be cool. That way, you > > could still load and unload modules. I like being able to do that. > >

Re: gnupg problem

s it. If not, then the updated packages that the new security-fix package depends on must become part of potato somehow. IMHO, security fixes should still go into security.d.o ASAP, without waiting for packages that depend on them to be updated, but those packages _do_ need to be updated. --

Re: rlinetd security

will break if you turn it off, turn it off and see if something breaks. If nothing breaks, leave it off. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this pl

Re: A question about Knark and modules

code, you lose. (That's another reason why the module signing + user-space memory access stuff would be good.) Of course, unless the password is very long and strong, the brute for attack will be much cheaper than breaking MD5 usually is. -- #define X(x,y) x##y Peter Cordes ; e-mail: X

Re: Basic question about ipchains being useful

u do something about it to keep your machine safe, or at least check that it already is safe. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a su

Re: shared root account

ing to get the workstation > security boosted up as well - being behind one firewall does not seem > to be enough in an environment where a whole class B network is behind > that one fw... -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound

Re: read-write to stdin-stdout or to a file?

ame. There is now kernel support for generic user-space access to the parallel port (i.e. do-anything access, not just send/receive bytes like the lp devices.) This is in 2.4.x. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first fou

Re: Locking down a guest account - need help.

etc. a lot less worrisome. (you still might want to block the guest account out of a lot of stuff...) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this pla

Re: File transfer using ssh

key on the remote machine already. SSH is only vulnerable to man-in-the-middle when you first connect to a host, and accept the host-key. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours!

Re: UP2DATE

mes, with main, contrib, non-free) That probably took more time to type than I'll ever save by doing it my way, but whatever... > #deb http:///debian testing main > #deb http:///debian-non-US testing non-US/main > #deb http:///debian unstable main > #deb http:///debian-

Re: File transfer using ssh

On Fri, Aug 24, 2001 at 11:12:11PM -0600, Hubert Chan wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > >>>>> "Peter" == Peter Cordes <[EMAIL PROTECTED]> writes: > > Peter> It is secure when you have put the public key on the rem

Re: Is ident secure?

but he's already replied to the spam itself, so if we spammers, we would know his email address works. Duh! -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who

Re: SSH install in Woody

-- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: chroot

can't execute setuid binaries that aren't in the chroot, which may have security problems with exploits known only to certain black-hats. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish th

Re: ssh vulernability

ysadmin. Just as you automate everything you can, in the name of laziness, you can wait until stuff falls into your lap instead of going out and fixing it yourself, if the problem is not at all likely to lead to any real problems for your system. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([E

Re: ssh vulernability

On Mon, Oct 22, 2001 at 06:21:51AM -0300, Peter Cordes wrote: > On Fri, Oct 19, 2001 at 05:06:03PM -0700, Garrett Ellis wrote: > > I run Debian; and I applied the OpenSSH patch myself as soon as it was posted. > > Does anybody know of the advantages of waiting for a new .

Re: central administration techniques

n a shell script that runs rsync over ssh to bring things up to date. You would have to put in the necessary passwords for that to happen, but you only need to run it once a need for resyncing is detected. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods co

Re: ssh vulernability

On Tue, Oct 23, 2001 at 01:19:58PM +0200, Philipp Schulte wrote: > On Mon, Oct 22, 2001 at 06:21:51AM -0300, Peter Cordes wrote: > > > Just as you automate everything you can, in the name of laziness, you can > > wait until stuff falls into your lap instead of going

Re: Hard Disk Organization

out noticing that stuff is gone in time to save it. Of course, that will eat up disk space really fast if you rename big files or move them to different directories, etc. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found

Re: Debian security being trashed in Linux Today comments

d dealt with separately.) Of course, then we might need to make up excuses, or preferably find solutions, for the exceptionally long bugs. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours

Re: Debian security being trashed in Linux Today comments

escalation hole is found and when it's fixed. The more I think about it, the more I like my idea. :) Even if we don't worry about testing all the time, it should get some attention as a release approaches. Thanks to the security team for all the work you already do. It's much ap

Re: Debian security being trashed in Linux Today comments

he most useful thing would be multiple graphs according to a few interesting criteria. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sund

Re: Iptables config

n apt-get update (downloading stuff with ftp or http), you need to allow that with iptables. The rule you gave will let the replies to your SYN be dropped. I'm just learning iptables, and I haven't figured out the connection tracking stuff yet. -- #define X(x,y) x##y Peter Cordes ; e-

Re: Iptables config - new

t; pkts bytes target prot opt in out source > destination > -- > > And know i can telnet to port 25 from another machine. An important note > is that this problem is only with port 25, i can telnet to port 1

Re: Iptables config - new

On Mon, Apr 15, 2002 at 07:58:00PM +0200, Mathias Palm wrote: > ... > Looking at all these, people might say more about smtp-packages going > astry s/package/packet/g -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who f

Re: About user monitoring

x27;t have to, and this would be an uncommon attack channel, and thus not so likely to be well secured.) Err, happy hacking, Big Brother. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours!

Re: Iptables config

k_ftp module has code that understands the FTP protocol, so it can see when and FTP command which will use a new port is sent. I hope they have some kind of optimization, like only looking at port 21 traffic, to avoid the overhead of trying to parse every TCP stream as FTP commands, but I don

Re: does virus ELF.OSF.8759 affect debian?

shell, so you can do anything and everything. I think we all get the point :) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, t

Re: world readable log files and /etc/ files

t; /etc/smb/smb.conf > > This one can have user names, so I guess it would be better off with > tighter access modes. smbclient needs to read smb.conf, even when run by an unpriviledged user. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods

Re: APT-GET Problems

caching large files. (I've got plenty of space, and I do other web browsing through squid, so this helps keep .debs in the cache, I think.): cache_replacement_policy heap LFUDA I use GDSF for the memory-cache: memory_replacement_policy heap GDSF -- #define X(x,y) x##y Peter Cordes ; e-m

Re: Putty 0.45 vs. SSH Login

ikely. Having a useful security feature that's easy to use is a good idea, IMHO, since it will make a significant number of computers significantly more secure. (A lot of people are not very careful about security, so making it easy to implement things that are useful for most people is a go

Re: RE APT-GET Problems

read. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200

Re: Fixing file system privileges

t that should get most stuff. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small piec

Re: Fixing file system privileges

On Fri, May 10, 2002 at 04:31:24PM -0400, Matt Zimmerman wrote: > On Fri, May 10, 2002 at 04:08:24PM -0300, Peter Cordes wrote: > > > You can do something like > > apt-get install --reinstall $(dpgk --get-selections|cut -f1) > > > > You may have to grep out some

Re: Fixing file system privileges

On Sat, May 11, 2002 at 01:21:19AM +0200, martin f krafft wrote: > also sprach Peter Cordes <[EMAIL PROTECTED]> [2002.05.10.2333 +0200]: > > Err, I guess you would need get-selections|grep 'install$'|cut -f1 > > why not > > dpkg --get-selections|grep -v

Re: Fixing file system privileges

On Sat, May 11, 2002 at 08:16:28AM +0200, martin f krafft wrote: > also sprach Peter Cordes <[EMAIL PROTECTED]> [2002.05.11.0155 +0200]: > > nope, purge is a possible status too. > > since when? Probably a long time. I don't know when or why dpkg updates it'

Re: SSH Version mapper scan

t; May 12 15:59:04 lilypad sshd[3441]: Did not receive identification string > from -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial

Re: Fixing file system privileges

124423 Just stick with --get-selections. Let's please stop talking about this. This thread is getting less and less relevant to anything. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish t

Re: Fixing file system privileges

x27;t know if reinstalling packages fixes these or not, but I would guess that it would not affect /etc/shadow. I would try to copy the permissions on everything from another Debian system. I don't have any suggestions for a good way to do that. -- #define X(x,y) x##y Peter Cordes ; e-mail:

Re: syn flood attacked?

or max. burst number in a limited time? Any > examples? read /usr/src/linux/Documentation/filesystems/proc.txt. It describes some stuff you can do with /proc/sys/net/ipv4/* /usr/src/linux/Documentation/networking/ip-sysctl.txt describes everything. happy hacking, -- #define X(x,y)

Re: differences between iptstate and netstat

from internal addresses to external addresses? (i.e. neither end of the connection is your firewall's IP addr?) If so, then that's normal. netstat only shows connections from the local machine. iptstate reports the state of the netfilter connection tracking stuff. -- #define

Re: unssubscribe

On Mon, Sep 23, 2002 at 08:17:40AM +0200, Oliver Fuchs wrote: > > :0 > * ^Subject:.*unsubscribe$ > /dev/null That will miss messages Re: unsubscribe. I use: :0: * ^Subject: (un)?subscribe$ unsub-idiots -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] ,

Re: shared root account

ing to get the workstation > security boosted up as well - being behind one firewall does not seem > to be enough in an environment where a whole class B network is behind > that one fw... -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound

Re: read-write to stdin-stdout or to a file?

ame. There is now kernel support for generic user-space access to the parallel port (i.e. do-anything access, not just send/receive bytes like the lp devices.) This is in 2.4.x. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first fou

Re: Locking down a guest account - need help.

etc. a lot less worrisome. (you still might want to block the guest account out of a lot of stuff...) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this pla

Re: Package: ssh 1:1.2.3-9.3 (stable)

wapon -a > > Hopefully I have telnet > > still open and I was able to "/etc/init.d/ssh restart" and now it seems to > > work as normal. > > Having telnet around kind of defeats the purpose of ssh, not? You su > to root on your telnet connection and your roo

Re: File transfer using ssh

key on the remote machine already. SSH is only vulnerable to man-in-the-middle when you first connect to a host, and accept the host-key. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours!

Re: UP2DATE

mes, with main, contrib, non-free) That probably took more time to type than I'll ever save by doing it my way, but whatever... > #deb http:///debian testing main > #deb http:///debian-non-US testing > non-US/main > #deb http:///debian unstable main > #deb http:///d

Re: File transfer using ssh

On Fri, Aug 24, 2001 at 11:12:11PM -0600, Hubert Chan wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > >>>>> "Peter" == Peter Cordes <[EMAIL PROTECTED]> writes: > > Peter> It is secure when you have put the public key on the remote

Re: Is ident secure?

but he's already replied to the spam itself, so if we spammers, we would know his email address works. Duh! -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who

Re: SSH install in Woody

- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: chroot

can't execute setuid binaries that aren't in the chroot, which may have security problems with exploits known only to certain black-hats. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: ssh vulernability

ysadmin. Just as you automate everything you can, in the name of laziness, you can wait until stuff falls into your lap instead of going out and fixing it yourself, if the problem is not at all likely to lead to any real problems for your system. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([E

Re: ssh vulernability

On Mon, Oct 22, 2001 at 06:21:51AM -0300, Peter Cordes wrote: > On Fri, Oct 19, 2001 at 05:06:03PM -0700, Garrett Ellis wrote: > > I run Debian; and I applied the OpenSSH patch myself as soon as it was > > posted. > > Does anybody know of the advantages of waiting for a

Re: central administration techniques

n a shell script that runs rsync over ssh to bring things up to date. You would have to put in the necessary passwords for that to happen, but you only need to run it once a need for resyncing is detected. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods co

Re: ssh vulernability

On Tue, Oct 23, 2001 at 01:19:58PM +0200, Philipp Schulte wrote: > On Mon, Oct 22, 2001 at 06:21:51AM -0300, Peter Cordes wrote: > > > Just as you automate everything you can, in the name of laziness, you can > > wait until stuff falls into your lap instead of going

Re: Hard Disk Organization

out noticing that stuff is gone in time to save it. Of course, that will eat up disk space really fast if you rename big files or move them to different directories, etc. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found

Re: Debian security being trashed in Linux Today comments

d dealt with separately.) Of course, then we might need to make up excuses, or preferably find solutions, for the exceptionally long bugs. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! C

Re: Debian security being trashed in Linux Today comments

escalation hole is found and when it's fixed. The more I think about it, the more I like my idea. :) Even if we don't worry about testing all the time, it should get some attention as a release approaches. Thanks to the security team for all the work you already do. It's much ap

Re: Debian security being trashed in Linux Today comments

he most useful thing would be multiple graphs according to a few interesting criteria. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: Iptables config

n apt-get update (downloading stuff with ftp or http), you need to allow that with iptables. The rule you gave will let the replies to your SYN be dropped. I'm just learning iptables, and I haven't figured out the connection tracking stuff yet. -- #define X(x,y) x##y Peter Cordes ; e-

Re: Iptables config - new

t; pkts bytes target prot opt in out source > destination > -- > > And know i can telnet to port 25 from another machine. An important note > is that this problem is only with port 25, i can telnet to port 1

Re: Iptables config - new

On Mon, Apr 15, 2002 at 07:58:00PM +0200, Mathias Palm wrote: > ... > Looking at all these, people might say more about smtp-packages going > astry s/package/packet/g -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first

Re: About user monitoring

x27;t have to, and this would be an uncommon attack channel, and thus not so likely to be well secured.) Err, happy hacking, Big Brother. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours!

Re: Iptables config

-A INPUT -p tcp --dport auth -j REJECT --reject-with tcp-reset > First, you should set your policy to DROP. The way you configured your > filter with a policy set to ACCEPT would let all traffic pass through. No it doesn't; It would block new connections, because it rejects TCP SYN pack

Re: Iptables config

conntrack_ftp module has code that understands the FTP protocol, so it can see when and FTP command which will use a new port is sent. I hope they have some kind of optimization, like only looking at port 21 traffic, to avoid the overhead of trying to parse every TCP stream as FTP commands, but I don&

Re: does virus ELF.OSF.8759 affect debian?

shell, so you can do anything and everything. I think we all get the point :) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, t

Re: enforcing resource limits

o wants to do so can use my advice as given above verbatim or otherwise. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut

Re: world readable log files and /etc/ files

t; /etc/smb/smb.conf > > This one can have user names, so I guess it would be better off with > tighter access modes. smbclient needs to read smb.conf, even when run by an unpriviledged user. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods

Re: APT-GET Problems

caching large files. (I've got plenty of space, and I do other web browsing through squid, so this helps keep .debs in the cache, I think.): cache_replacement_policy heap LFUDA I use GDSF for the memory-cache: memory_replacement_policy heap GDSF -- #define X(x,y) x##y Peter Cordes ; e-m

Re: Putty 0.45 vs. SSH Login

ikely. Having a useful security feature that's easy to use is a good idea, IMHO, since it will make a significant number of computers significantly more secure. (A lot of people are not very careful about security, so making it easy to implement things that are useful for most people is a go

Re: RE APT-GET Problems

read. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 2

Re: tcp syn flood and /proc configuration

; synflood warnings in logs not being really flooded, your server > is seriously misconfigured. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who i

Re: Fixing file system privileges

hat should get most stuff. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small piec

Re: Fixing file system privileges

On Fri, May 10, 2002 at 04:31:24PM -0400, Matt Zimmerman wrote: > On Fri, May 10, 2002 at 04:08:24PM -0300, Peter Cordes wrote: > > > You can do something like > > apt-get install --reinstall $(dpgk --get-selections|cut -f1) > > > > You may have to grep out some

Re: Fixing file system privileges

On Sat, May 11, 2002 at 01:21:19AM +0200, martin f krafft wrote: > also sprach Peter Cordes <[EMAIL PROTECTED]> [2002.05.10.2333 +0200]: > > Err, I guess you would need get-selections|grep 'install$'|cut -f1 > > why not > > dpkg --get-selections|grep -v

Re: Fixing file system privileges

On Sat, May 11, 2002 at 08:16:28AM +0200, martin f krafft wrote: > also sprach Peter Cordes <[EMAIL PROTECTED]> [2002.05.11.0155 +0200]: > > nope, purge is a possible status too. > > since when? Probably a long time. I don't know when or why dpkg updates it'

Re: SSH Version mapper scan

ay 12 15:59:04 lilypad sshd[3441]: Did not receive identification string > from -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial

Re: Fixing file system privileges

124423 Just stick with --get-selections. Let's please stop talking about this. This thread is getting less and less relevant to anything. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish t

Re: Fixing file system privileges

x27;t know if reinstalling packages fixes these or not, but I would guess that it would not affect /etc/shadow. I would try to copy the permissions on everything from another Debian system. I don't have any suggestions for a good way to do that. -- #define X(x,y) x##y Peter Cordes ; e-mail:

Re: syn flood attacked?

or max. burst number in a limited time? Any > examples? read /usr/src/linux/Documentation/filesystems/proc.txt. It describes some stuff you can do with /proc/sys/net/ipv4/* /usr/src/linux/Documentation/networking/ip-sysctl.txt describes everything. happy hacking, -- #define X(x,y)

Re: SSH2 Encryption

tive connections, esp. if your computer is slow. However, someone else pointed out that compression could reduce the amount of data to be encrypted, so compression can actually improve screen refresh time (when displaying a screenful of text at once) under some circumstances. -- #define X(x,y) x

Re: SSH2 Encryption

e of the breaks found in it so far. AFAIK, there is no way to speed up finding a collision for a given message, but it is reasonable to assume that the likelihood of one being found is greater than for SHA-1. BTW, you shouldn't say "of course". Producing a longer hash is not all ther

Re: Proposal for new Security subsection for non-US

. (possible mechanism: rename or copy the .deb with the same package name but an older version to the newest version, then run rsync. For Packages.gz, you don't need to rename anything before running rsync. rsync for the Packages file would make apt-get update a _lot_ faster.) -- #def

Re: SSH RSA Authentication

rt. RSA used to be patent-encumbered, so maybe the default is to omit RSA? -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cu

Re: Proposal for new Security subsection for non-US

On Sun, Jun 23, 2002 at 11:49:02AM -0500, Steve Langasek wrote: > On Sun, Jun 23, 2002 at 01:25:56PM -0300, Peter Cordes wrote: > > Unfortunately, it's probably too late to integrate rsync into the whole apt > > system, so it can rsync stuff in /var/cache/apt/archives. >

Re: [SECURITY] [DSA 149-1] New glibc packages fix security related problems

t have to type in the SSL passphrase for > apache+mod_ssl if I don't have to. The advisory said the overflow was "in the RPC library", so things like NFS and NIS and stuff with origins at Sun might be using that. Apache shouldn't be vulnerable unless there are some modules

Re: Bug#149714: libfam0 Does not depend on fam

If there's a group of packages that you want to pin, you have to name them one at a time. A regex or glob expression would be nice. I guess I should just go file a wishlist bug. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first f

Re: static sshd (off topic re nuking bin laden)

merica: putting the USA in Usama bin Laden.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wret

Re: Mail relay attempts

ter with a huge delay. Comments? I remember hearing about people doing exactly that. Maybe it was mentioned on /. or the local LUG mailing list (http://nslug.ns.ca/). -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how

Re: cryptoloop confusion [repost]

omething else, then I don't know how to help. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BCE

Re: "suspicious" apache log entries

e people disable the PC speaker, but if they have a sound card, you could use that. (Then you could say make their computer say "I'm infected, help me"...) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found o

Re: "suspicious" apache log entries

to more trouble than they want to bother with to mention the right URL in the subject of every email they send to one of these addresses. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces!" -- Plautus, 200 BC

Re: port 6051: hacked?

prevent anything. nosuid is useful, but noexec isn't. (Maybe in a restricted shell environment, where ld.so couldn't be run by name, only as an interpreter started by the kernel.) -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the

Re: OpenSSL and Potato a request for clarificiation

non-us.debian.org non-us.debian.org A 130.89.175.34 llama]~$ host security.debian.org security.debian.org A 130.89.175.34 -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) "The gods confound the man who first found out how to distinguish t

Re: [Fwd: freeswan & zlib security]

g.Debian.gz says the following: > freeswan (1.96-1) unstable; urgency=HIGH > > Urgency critical because of the zlib bug. > * New upstream version. > * Fixed the zlib bug by manually applying the patch from the bug report. > Closes: #138210: zlib security bug also present

Re: differences between iptstate and netstat

from internal addresses to external addresses? (i.e. neither end of the connection is your firewall's IP addr?) If so, then that's normal. netstat only shows connections from the local machine. iptstate reports the state of the netfilter connection tracking stuff. -- #define X(x,y) x

<    1   2   3   4   5   >