On 11/26/10 8:55:58 AM, Nick Knight wrote:
> Hi,
>
> I've just found a problem with ssh on one of my servers, I'm hoping someone
> can give me some insight into what's caused the problem.
>
> When I try to use scp or ftp I get the following error:
> command-line: line 0: Bad configuration option: P
In response to Chris Palmer :
> Bill Moran writes:
>
> > I'm sure someone will correct me if I'm wrong, but you can't do this
> > without establishing this as an entirely new algorithm. The hashes
> > generated after your patch will not be compatible
to build a 1000 entry dictionary...
>*/
> - for(i = 0; i < 1000; i++) {
> + for(i = 0; i < MD5_SLOW; i++) {
> MD5Init(&ctx1);
> if(i & 1)
> MD5Update(&ctx1, (const u_char *)pw, strlen(pw));
>
te the data. Otherwise, each IP
> only appears every few hrs in the logs.
I deal with it by immediately blocking any host that generates an
"invalid user" error.
Of course, that won't work for everyone :(
--
Bill Moran
Collaborative Fusion Inc.
http://people.collaborative
it's released in the next few months.
Note that 6.3 will have extended support, so the EoL will be further in
the future.
--
Bill Moran
Collaborative Fusion Inc.
http://people.collaborativefusion.com/~wmoran/
[EMAIL
me_magic.
That does not guarantee that it doesn't have the same problem, however.
--
Bill Moran
Collaborative Fusion Inc.
http://people.collaborativefusion.com/~wmoran/
[EMAIL PROTECTED]
Phone: 412-422-3463x4023
___
freebsd-security@freebsd.o
In response to "W. D." <[EMAIL PROTECTED]>:
> At 08:27 3/21/2007, Bill Moran, wrote:
> I run a little script I wrote that automatically adds
> >failed SSH attempts to a table that blocks them from _everything_ in my
> >pf rules.
>
> Do you care to shar
rk, we're even more strict.
Paranoid? Maybe. But I don't have the free cycles to constantly chase these
attacks around trying to figure out how dangerous they really are. There
are _lot_ of crooks out there trying to build botnets, I don't want to be
one of them. Especially not
Alexander Leidinger <[EMAIL PROTECTED]> wrote:
>
> Quoting Bill Moran <[EMAIL PROTECTED]> (Sun, 14 Jan 2007 10:15:15 -0500):
>
> > "Kobajashi Zaghi" <[EMAIL PROTECTED]> wrote:
> > >
> > > I would like to know, that these following &quo
"Kobajashi Zaghi" <[EMAIL PROTECTED]> wrote:
>
> I would like to know, that these following "vulnerabilities" does
> affect FreeBSD's reliability? If the answer is "yes", what version of
> FreeBSD affected, when will be fixed, etc.
>
> http://projects.info-pull.com/moab/MOAB-12-01-2007.html
> htt
ime the sec team has determined that it doesn't
warrant an advisory, they've already done enough work that they can
easily publish a quick explanation of why it isn't -- but I've never
worked with the security team, so I could be misjudging.
Just some brainstorming.
--
Bill M
On Fri, 24 Nov 2006 21:41:11 +0100
Erik Trulsson <[EMAIL PROTECTED]> wrote:
> On Fri, Nov 24, 2006 at 03:15:43PM -0500, Bill Moran wrote:
> > On Fri, 24 Nov 2006 21:04:30 +0100
> > Lutz Boehne <[EMAIL PROTECTED]> wrote:
> >
> > > -BEGI
On Fri, 24 Nov 2006 21:04:30 +0100
Lutz Boehne <[EMAIL PROTECTED]> wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> > Out of the box you need to be root to mount things. Once you have
> > root access to a box you don't need silly things like this to crash
> > it.
> >
> > If you've
In response to Colin Percival <[EMAIL PROTECTED]>:
> Bill Moran wrote:
> > Colin Percival <[EMAIL PROTECTED]> wrote:
> >> This is a local denial of service bug, which was fixed 6 weeks ago in HEAD
> ^^^
> > That was what
Colin Percival <[EMAIL PROTECTED]> wrote:
> Bill Moran wrote:
> > This report seems pretty vague. I'm unsure as to whether the alleged
> > "bug" gives the user any more permissions than he'd already have? Anyone
> > know any details?
>
> Thi
In response to Colin Percival <[EMAIL PROTECTED]>:
> Bill Moran wrote:
> > Can anyone define "exceptionally large" as noted in this statement?:
> >
> > "NOTE ALSO: The above patch reduces the functionality of libcrypto(3) by
> > prohibiting th
16 matches
Mail list logo
