--- Dan Lukes <[EMAIL PROTECTED]> wrote:
> Statefull rules can stop the sophisticated intruder, but are often more
> vulnerable to DoS attacks.
>
> Every method has pros and cons ...
>
Hmm... U mean, when someone creates a lot of states? At least pf can limit
that... But here it look
--- "Julian H. Stacey" <[EMAIL PROTECTED]> wrote:
> I tried adding
> ${fwcmd} add pass tcp from any to any established
> from src/etc/rc.firewall case - simple. Which solved it.
> But I was scared, not undertstand what the established bit did, &
> how easily an attacker might fake something,
--- "Simon L. Nielsen" <[EMAIL PROTECTED]> wrote:
> On 2006.09.13 02:54:47 -0700, R. B. Riddick wrote:
> > Hi!
> >
> > Since linux-flashplugin7 r63 is vulnerable according to
> > http://vuxml.FreeBSD.org/7c75d48c-429b-11db-afae-000c6ec775d9.html
>
Hi!
Since linux-flashplugin7 r63 is vulnerable according to
http://vuxml.FreeBSD.org/7c75d48c-429b-11db-afae-000c6ec775d9.html
isn't www/linux-seamonkey vulerable, too (it seems to include 7 r25)?
Bye
Arne
__
Do You Yahoo!?
Tired of spam? Yahoo!
--- Bigby Findrake <[EMAIL PROTECTED]> wrote:
> On Wed, 6 Sep 2006, Travis H. wrote:
> > Wouldn't it be better to detect /and/ prevent an attempt to change the
> > system binaries?
>
> That's how I interpret that passage from the handbook - that you should
> detect *and* prevent. I'm not clear o
--- Jack Barnett <[EMAIL PROTECTED]> wrote:
> One idea is having 1 server with a CD-ROM drive and exporting it via NFS.
> When a server boots it mounts the remote CD-ROM drive and looks for key
> "$HOSTNAME.key".
>
But then u would have the problem with network security...
> > On 9/6/06, Barkley V
--- Bob Johnson <[EMAIL PROTECTED]> wrote:
> On 9/6/06, Barkley Vowk <[EMAIL PROTECTED]> wrote:
> > You are a complete madman. You want to protect your data with a key stored
> > on the most completely and utterly unreliable form of data storage still
> > lamentably in use? Its not the 1970's anymo
--- fwaggle <[EMAIL PROTECTED]> wrote:
> i have a question. perhaps i'm misunderstanding something with how SSH
> works, but how would having a "standard freebsd private key" benefit
> anyone? if you wanted to impersonate a newly installed freebsd machine,
> then all you'd need is that freely-av
--- Brooks Davis <[EMAIL PROTECTED]> wrote:
> On Wed, Aug 09, 2006 at 12:17:35AM -0700, R. B. Riddick wrote:
> These are valid if probably overly paranoid points. :)
>
Hmm... Oki Doke... But why use ssh, if u do not really care, if u connect to
the right host? Maybe the postmen k
--- Doug Barton <[EMAIL PROTECTED]> wrote:
> The patches you sent to implement this option didn't come through to the
> mailing list, could you resend them please? :)
>
> Seriously though, a lot of people looked at this problem when yarrow was
> introduced, and no solution became immediately appar
--- Michael Scheidell <[EMAIL PROTECTED]> wrote:
> This would affect the generic stock 5.5 install disk as well (it doesn't
> create new keys when it builds a virgin hard disk)
> If a user just hits return, there is no error message, no indication
> that /dev/random wasn't seeded.
>
> We have a bo
--- Michael Scheidell <[EMAIL PROTECTED]> wrote:
> R. B. Riddick wrote:
> > Why do u believe, that /dev/random isnt seeded by networking?
> >
> >
> because it isn't.
> and pings arn' going to produce much random data.
>
Hmm... Interesting...
>
--- Michael Scheidell <[EMAIL PROTECTED]> wrote:
> R. B. Riddick wrote:
> > --- Michael Scheidell <[EMAIL PROTECTED]> wrote:
> >
> >>> I think that during the first reboot after a fresh install
> >>> the kern.random.sys sysctl settings ar
--- Michael Scheidell <[EMAIL PROTECTED]> wrote:
> > I think that during the first reboot after a fresh install
> > the kern.random.sys sysctl settings are already orderly
> > before rc.d/sshd is called...
> >
> > If yes, then sending some pings should do the trick... Or
> > not? I mean: NETWOR
--- Michael Scheidell <[EMAIL PROTECTED]> wrote:
> I was doing some regression testing in 5.5: Specifically testing booting
> up a 'virgin' hard disk from a clean install.
>
> I was testing what happened if the 300 second timeout happened vs
> hitting for 'fast+insecure' startup and punching in a
--- Ari Suutari <[EMAIL PROTECTED]> wrote:
> On FreeBSD 6.1, run rcorder /etc/rc.d/*. You'll notice that
> pf is run after netif so if one is using only pf as firewall,
> there is a window between run of "netif" and "pf" where network
> interfaces are up but there is no fire
--- Mike Tancsa <[EMAIL PROTECTED]> wrote:
> >But what if the trojan copies its files to the RAM disc and waits for this
> >sha256 binary showing up? And then, when it is there, it removes its
> >changes on
> >the hard disc (those changes certainly must be in unused (formerly zeroed)
> >areas of
--- Chuck Swiger <[EMAIL PROTECTED]> wrote:
> That suggestion is a very good point, although trying to find a single
> trojaned image which matches several checksum methods is supposed to be a
> highly difficult task.
>
If the hash function is cryptographically secure, even a single such hash
fu
--- Poul-Henning Kamp <[EMAIL PROTECTED]> wrote:
> Arming a trojan to just do 'sleep 145 ; echo "sha256 = 0248482..."'
> when you thing you're running sha256 would be trivia.
>
But what if the trojan copies its files to the RAM disc and waits for this
sha256 binary showing up? And then, when it is
--- Nick Borisov <[EMAIL PROTECTED]> wrote:
> 2006/6/19, R. B. Riddick <[EMAIL PROTECTED]>:
> > It was possible to transfer about 20MB of data over about
> > one hour from a single IP, that was never seen there before...
>
> Well, you are not goin' to say
--- Nick Borisov <[EMAIL PROTECTED]> wrote:
> [...] Allowing an intrunder to deal with your
> system even one extra minute may lead to tremendous losses depending
> [...]
>
:-) OK.. Let's see, if I understood this right:
1 minute <-could be-> 1 tremendous loss
50 minutes <-could be-> 50 tremendous
--- Dan Lukes <[EMAIL PROTECTED]> wrote:
> [...] Thus, keeping sensitive informations within memory for short
> time only MAY reduce the risk level. The intruder need wait for
> information to appear in memory again - but it cost time. [...]
>
That is true - it costs time...
But if a bad guy ha
--- Dag-Erling Smørgrav <[EMAIL PROTECTED]> wrote:
> "R. B. Riddick" <[EMAIL PROTECTED]> writes:
> > (bb) physical access (for reading the content of powered off RAM)
>
> You cannot read the content of powered-off DRAM.
>
Yes, that it is true. _I_ cannot r
--- Nick Borisov <[EMAIL PROTECTED]> wrote:
> Well, providing zeroed pages to processes is not quite similar to
> explicit cleaning of pages after use as some security standards
> demand. That's why I'm asking. The "Z" malloc option seems to be
> suitable but it's actually for debugging.
>
Since yo
--- Nick Borisov <[EMAIL PROTECTED]> wrote:
> Could you tell me if FreeBSD supports memory page nulling when
> releasing it to prevent unauthorized access to data left in the page
> after it's allocated again.
> If it does, what sys calls etc provide that?
> IMHO this is an important issue when ope
--- "[EMAIL PROTECTED]@mgEDV.net" <[EMAIL PROTECTED]> wrote:
> this part i definitely don't get. let's assume this one:
>
> 192.168.10.1 = jail ip of the ws
> 127.0.0.1 = jail ip of the db
> sending to 127.0.0.1 is not possible on 192.168.134.1 (kernel
> re-routes it to 192.168.134.1 if man jail i
--- Robert Watson <[EMAIL PROTECTED]> wrote:
> It's a pity this wasn't brought to my attention sooner, or there might have
> been a chance to work on it for 6.1-RELEASE, especially given that it sounds
> like it has been a moderately long-standing problem. The first I heard about
>
I can crash
--- Noah Silverman <[EMAIL PROTECTED]> wrote:
> Take the following rules:
> ipfw add 00280 allow tcp from any to any 22 out via bge0 setup keep-
> state
> ipfw add 00299 deny log all from any to any out via bge0
> ipfw add 0430 allow log tcp from any to me 22 in via bge0 setup limit
> src-addr 2
Tom <[EMAIL PROTECTED]> writes:
> I work for a company that builds an appliance based on FreeBSD
> (4.X) and we've just had our first question come up about
exporting
> the appliance out of the US (specifically the EU).
>
> Since FreeBSD uses OpenSSL/OpenSSH, I'm under the impression
> that we nee
29 matches
Mail list logo
