Re: FreeBSD Security Advisory FreeBSD-SA-15:24.rpcbind

On Wed, Sep 30, 2015 at 12:10:47PM -0700, Xin Li wrote: > Hi, > > On 09/30/15 11:47, Robert Blayzor via freebsd-security wrote: > > Was this regression tested or missing more info? After updating and > > rebooting seeing a ton of problems with rpcbind core dumping at start.. > > lock manager fai

Odd sshd entry in auth.log

My (tiny) networks at home are sitting behind a multi-homed FreeBSD machine using IPFW & natd, with an externally-visible static /32 -- nothing particularly obscure or exotic, certainly. The packet-filter box is configured to forward incoming ssh (22/tcp) to my primary internal machine; in turn, t

Re: Vulnerability - moused dependency on dbus-daemon - how to get rid of DBUS?

On Tue, Sep 25, 2012 at 09:40:20PM -0700, moused86799 wrote: > one way of attacking the OS > 1.search the lists > http://lists.freebsd.org/pipermail/freebsd-questions/2012-May/241042.html > 2.)mouse intermittent works if problem with dbus-daemon > 3.)analyze - dbus-daemon is a 'relatively unknown'

Re: security scripts diff

On Mon, Feb 01, 2010 at 03:13:39AM +0300, Dmitry Morozovsky wrote: > Dear colleagues, > > looking at regular security mails I found that foloowing patch would greatly > desreases amount of false positive reports; it's totally possible I'm missing > some vital areas, but my current look at securi

Re: Increase in SSH attacks as of announcement of rtld bug

It appears that folks are tending to focus on events logged by sshd(8) (in /var/log/auth.log). While that is certainly of interest, over the last few years, I have seen a pattern that's likely to be unnoticed by this approach: Apparent "probes" (22/tcp SYN packets that do not cause sshd(8) to log

Re: OPIE considered insecure

On Mon, Mar 02, 2009 at 01:19:32PM -0800, Chris Palmer wrote: > ... > Benjamin Lutz writes: > > > Because the inconvience of not using whatever service or data the server is > > providing is considered greater than the security risk. > > But isn't regular password authentication the most conveni

Re: machine hangs on occasion - correlated with ssh break-in attempts

On Thu, Aug 21, 2008 at 01:38:38PM -0400, Mikhail Teterin wrote: > ... > I wrote an awk-script, which adds a block of the attacking IP-address to > the ipfw-rules after three such "invalid user" attempts with: > >ipfw add 550 deny ip from ip > > The script is fed by syslogd directly -- throu

Re: Reality check: IPFW sees SSH traffic that sshd does not?

On Wed, Mar 21, 2007 at 03:03:51PM +0200, Tadas Miniotas wrote: > David Wolfskill wrote: > > <...> > > This morning (in reviewing the logs from yesterday), I found a set of > > 580 such setup requests logged from Mar 20 19:30:06 - Mar 20 19:40:06 > > (US/Pacific;

Reality check: IPFW sees SSH traffic that sshd does not?

This note is essentially a request for a reality check. I use IPFW & natd on the box that provides the interface between my home networks and the Internet; the connection is (static) residential DSL. I configured IPFW to accept & log all SSH "setup" requests, and use natd to forward such requests

Re: Tunnel-only SSH keys

On Thu, Sep 22, 2005 at 04:27:18PM +0100, markzero wrote: > Hello. > > I once read somewhere that it's possible to limit SSH pubkeys to > 'tunnel-only'. I can't seem to find any information about this > in any of the usual places. > ... > Can this be done with OpenSSH? I'd like to try and stay awa