On Tue, Feb 07, 2006 at 11:23:45AM -0500, Antonio Ognio wrote:
> El Tue, 07-02-2006 a las 01:01 +0100, wim escribió:
> > > you could always go directly to one of the google ips and do your search
> > > ;)
> > > http://64.233.167.99 :)
> > > http://72.14.207.99 :)
> > > http://64.233.187
El Tue, 07-02-2006 a las 01:01 +0100, wim escribió:
> > you could always go directly to one of the google ips and do your search ;)
> > http://64.233.167.99:)
> > http://72.14.207.99 :)
> > http://64.233.187.99:)
> > etc.
> > they can't be blocked, the Chinese government just remove
Alex Polite wrote:
On 2/3/06, Hugo Vanwoerkom <[EMAIL PROTECTED]> wrote:
But how come I find no google hits at all for distwatchd?
Maybe the Chinese mistook it for a human rights watch group ;)
http://en.wikipedia.org/wiki/Google#Censorship_in_mainland_China
you could always go directly
Thx, Alvin.
I will set it up for my router.
touch new file with date, your script, run it daily, copy it to saver
place, add it to some backup end of the week?
Pascal Huisman.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Tue, Feb 07, 2006 at 10:14:40AM +1100, Neil Dugan wrote:
> Alex Polite wrote:
> >On 2/3/06, Hugo Vanwoerkom <[EMAIL PROTECTED]> wrote:
> >
> >>But how come I find no google hits at all for distwatchd?
> >
> >
> >Maybe the Chinese mistook it for a human rights watch group ;)
> >
> >http://en.wiki
Alex Polite wrote:
On 2/3/06, Hugo Vanwoerkom <[EMAIL PROTECTED]> wrote:
But how come I find no google hits at all for distwatchd?
Maybe the Chinese mistook it for a human rights watch group ;)
http://en.wikipedia.org/wiki/Google#Censorship_in_mainland_China
you could always go directly
Alvin Oga wrote:
hi ya lamb
Since when did I give you permission to use my family name informally?
Keep it up I'll start referring to you as chipmunk.
On Sun, 5 Feb 2006 [EMAIL PROTECTED] wrote:
- snipping unjustified/unmerited misunderstanding on
your part ... i wont bother to reply
hi ya johnannes
On Mon, 6 Feb 2006, Johannes Wiedersich wrote:
> Alvin Oga wrote:
> > for fun ... and i'm sure this is nothing new to the
>
> Thanks for the funny post. Unfortunateley, it doesn't relate to the
> subject line. Maybe you should have started a new thread: "how can I in
> future
Alvin Oga wrote:
for fun ... and i'm sure this is nothing new to the
Thanks for the funny post. Unfortunateley, it doesn't relate to the
subject line. Maybe you should have started a new thread: "how can I in
future make sure that my machine is not compromised."
This doesn't help to answer
hi ya
for fun ... and i'm sure this is nothing new to the
those with the security paranoid disease ( or sleepease )
for those that want to try to figure out what files
was compromized on your machines... after the fact ..
but, if you can do BEFORE you go live, ( ie .. just after
you install )
hi ya lamb
On Sun, 5 Feb 2006 [EMAIL PROTECTED] wrote:
- snipping unjustified/unmerited misunderstanding on
your part ... i wont bother to reply to pointless arguments
- if you look closely, your defense is bascially "name calling"
as you know what you're doing and i dont .. so be it ..
-
Todd Weaver wrote:
On Fri, Feb 03, 2006 at 09:35:07PM -0800, Marc Shapiro wrote:
According to Todd Weaver,
You can try tiger...
sudo apt-get update
sudo apt-get install tiger
sudo tiger
I have no reason to believe that my box is compromised,
A script that doesn't belong to a package
Todd writes:
> However, finding the reason why, and how, would save us all from similar
> fate, at least it would spread the knowledge.
You do that by imaging the compromised system before wiping it and then
studying the image at your leisure.
--
John Hasler
--
To UNSUBSCRIBE, email to [EMAIL
On Sat, Feb 04, 2006 at 09:47:38PM -0500, Carl Fink wrote:
> Remove the hard drive(s). Mount on another system and recover data BUT NOT
> PROGRAMS.
>
> Put the drives back in and boot from a known clean Debian CD. Reinstall
> Debian and your programs. Lock everything down using the Debian secur
On Fri, Feb 03, 2006 at 09:35:07PM -0800, Marc Shapiro wrote:
> >According to Todd Weaver,
> >
> >>You can try tiger...
> >> sudo apt-get update
> >> sudo apt-get install tiger
> >> sudo tiger
>
> I have no reason to believe that my box is compromised,
A script that doesn't belong to a pack
Steve Lamb writes:
> Realworld solution: Spend 2-3 HOURS to reinstall, restore, plug the hole
> and carry on. BENEFIT: Guarentee that the comrpomised binaries are
> purged, far less lost time and revenue, greater assurance that things are
> hunky-dory.
And if you first image the compromised insta
Alvin Oga said:
> obviously i can spend the same 2-3 minutes doing exactly that too,
> but you're missing the point that one can spend a week to harden the
> server and verify that its been hardened ... the more paranoid you
> are, the more time will be required to harden the server...
No, yo
hi ya
On Sun, 5 Feb 2006 [EMAIL PROTECTED] wrote:
> > ... and spend
> > another week or month to harden and verify all the all configs
> > and user info ( i say, if you're "doing it right", it will tke you
> > about 3 days to a week to harden the new box and verify it )
>
> Personally I spe
On Sunday 05 February 2006 06:52, [EMAIL PROTECTED] wrote:
>Yay, more of Alvin's nonsense!
>
>> personally, it is 1000x easier to fix and remove the security
>> problems than it would be to start from step -1 reinstalls
>
>Uh no, it's not if you do it properly.
>
>> ... and spend
>> another
Yay, more of Alvin's nonsense!
> personally, it is 1000x easier to fix and remove the security problems
> than it would be to start from step -1 reinstalls
Uh no, it's not if you do it properly.
> ... and spend
> another week or month to harden and verify all the all configs
> and user i
On 2/3/06, Hugo Vanwoerkom <[EMAIL PROTECTED]> wrote:
> But how come I find no google hits at all for distwatchd?
Maybe the Chinese mistook it for a human rights watch group ;)
http://en.wikipedia.org/wiki/Google#Censorship_in_mainland_China
--
Alex Polite
http://flosspick.org - finding the righ
On Sat, Feb 04, 2006 at 07:09:34PM -0800, Alvin Oga wrote:
> - how can you guarantee that the trojans is not in the backups ?
Well, you could do as I wrote and not restore programs and scripts at all.
--
Carl Fink [EMAIL PROTECTED]
"Patriotism is
On Sat, 4 Feb 2006, Carl Fink wrote:
> Once you're rooted, this is way easier and more effective than trying to fix
> things.
personally, it is 1000x easier to fix and remove the security problems
than it would be to start from step -1 reinstalls ... and spend
another week or month to harden an
On Sat, Feb 04, 2006 at 04:33:20PM +0100, Ben Meijering wrote:
> My question now is how to disinfect my system, how do I locate keventd
> and kflushd and how do I know for sure my system is clean ?
Remove the hard drive(s). Mount on another system and recover data BUT NOT
PROGRAMS.
Put the driv
On Saturday 04 February 2006 05:35, Marc Shapiro wrote:
[snip]
A quick Google around "FUCK: Got signal 11 while manipulating kernel!" throws
up references to the the SucKIT rootkit. The following is from a CERN
advisory. Maybe worth checking.
"Here is a simple recipe to detect the SucKIT rootki
I'm not familiar with chkrootkit. It sounds like the Microsoftian
antivirus mindset of looking for known compromises, which is a
mindset I avoid. My own methodology would be to examine
the script in question, and poke around at other files. If
the system looks compromised, I'd do a fresh cle
On Saturday 04 February 2006 12:50, BTP wrote:
>I did as you mention by booting from a knoppix cd and try to check the
> hard drive partitions with chkrootkit. Chkrootkit however did not run
> in the same typical manner as it does when I invoke it from my Debian
> console: it complained about not b
I did as you mention by booting from a knoppix cd and try to check the
hard drive partitions with chkrootkit. Chkrootkit however did not run
in the same typical manner as it does when I invoke it from my Debian
console: it complained about not being able to do everything it's
supposed to, I can't
Hi,
I am running a server inside
of my LAN which is protected by a firewall (my dsl router). Ports for dns,ftp
ssh,http and https are forwarded to my debian machine.
Yesterday I found a script
distwatch in cron.daily which was a script to put the rootkit back if an admin
has remove
Hugo Vanwoerkom wrote:
>
> Are you updating your system with the security updates?
> Do you run a firewall?
Neither of those questions are at all relevant to the original querant's
question of whether or not he *is* compromised. They tell you something
about the likelihood of someone becoming c
According to Todd Weaver,
You can try tiger...
sudo apt-get update
sudo apt-get install tiger
sudo tiger
I have no reason to believe that my box is compromised, but I thought
that I would try out tiger to close off what I could. Now I need
someone to point me to someplace that can
According to Todd Weaver,
> On Fri, Feb 03, 2006 at 06:24:02PM +0100, Ben Meijering wrote:
> [snip]
> > I was looking in my /etc/rc2.d directory to see what kind of services
> > were installed on my server.
> >
> > The contents of my rc2.d directory is as follows
> >
> > S10distwatchd S20cour
2006/2/3, Ben Meijering <[EMAIL PROTECTED]>:
> Searching for this last sentence I found all sorts of pages talking about
> compromised servers.
> So I downloaded chkrootkit, but this said my system was clean.
> Is there a chance my system is compromised?
Hi,
which services does your computer is r
On Fri, Feb 03, 2006 at 06:24:02PM +0100, Ben Meijering wrote:
[snip]
> I was looking in my /etc/rc2.d directory to see what kind of services
> were installed on my server.
>
> The contents of my rc2.d directory is as follows
>
> S10distwatchd S20courier-authdaemon S20nfs-kernel-server S89c
On Friday 03 February 2006 13:24, Hugo Vanwoerkom wrote:
>Gene Heskett wrote:
>> On Friday 03 February 2006 12:24, Ben Meijering wrote:
>>> Hi,
>>>
>>> I am kindy new to using Debian and was wondering if anyone could
>>> help me.
>>> I was looking in my /etc/rc2.d directory to see what kind of
>>>
Gene Heskett wrote:
On Friday 03 February 2006 12:24, Ben Meijering wrote:
Hi,
I am kindy new to using Debian and was wondering if anyone could help
me.
I was looking in my /etc/rc2.d directory to see what kind of services
were installed on my server.
The contents of my rc2.d directory is as f
On Fri, 03 Feb 2006 13:17:52 -0500
Gene Heskett <[EMAIL PROTECTED]> wrote:
> On Friday 03 February 2006 12:24, Ben Meijering wrote:
> >Hi,
> >
> >I am kindy new to using Debian and was wondering if anyone could help
> >me.
> >I was looking in my /etc/rc2.d directory to see what kind of services
>
Ben Meijering wrote:
Hi,
I am kindy new to using Debian and was wondering if anyone could help me.
I was looking in my /etc/rc2.d directory to see what kind of services
were installed on my server.
The contents of my rc2.d directory is as follows
S10distwatchd S20courier-authda
On Friday 03 February 2006 12:24, Ben Meijering wrote:
>Hi,
>
>I am kindy new to using Debian and was wondering if anyone could help
>me.
>I was looking in my /etc/rc2.d directory to see what kind of services
>were installed on my server.
>
>The contents of my rc2.d directory is as follows
>
>S10di
Hi,
I am kindy new to using Debian
and was wondering if anyone could help me.
I was looking in my
/etc/rc2.d directory to see what kind of services were installed on my server.
The contents of my rc2.d
directory is as follows
S10distwatchd S20courier-authdaemon S20nfs-kerne
40 matches
Mail list logo
