2014/08/30 12:20 "Eric Furman" :
>
> grc.*** (because I don't want any more googgle weight given to
> this website) and the person who runs it, whose name shall
> not be mentioned other than his initials are SG, is a complete
> fraud.
The first two paragraphs didn't seem too bad.
But DoG.
grc.*** (because I don't want any more googgle weight given to
this website) and the person who runs it, whose name shall
not be mentioned other than his initials are SG, is a complete
fraud.
On Fri, Aug 29, 2014, at 08:37 PM, Scott Bonds wrote:
> On Tue, Aug 19, 2014 at 03:24:08AM -0400, Todd Zi
On Tue, Aug 19, 2014 at 03:24:08AM -0400, Todd Zimmermann wrote:
> Just off the top my head a few links:
> www.team-cymru.org
> https://www.dshield.org
> http://emergingthreats.net/
> https://www.grc.com/dns/dns.htm
> I stumbled upon malheur awhile back. No idea what to do with it, but
> it compi
On Fri, Aug 15, 2014 at 5:53 PM, Josh Grosse wrote:
> On 2014-08-15 10:39, Scott Bonds wrote:
>
>> ...I'm running owncloud and a bunch of other (no doubt less secure)
>> software
>
>
> On June 29, there was a 5.5-stable update to www/owncloud to release 6.0.4
> to fix a security issue.
Chang
On 2014-08-15, Scott Bonds wrote:
> I thought I was being reasonably careful: ssh disabled for root,
> key-only login on my admin account, following stable, etc...then again,
> I'm running owncloud and a bunch of other (no doubt less secure)
> software. Perhaps I should separate the router and
>> OpenBSD has always rocked for providing very current versions of
>> snort. barnyard2 compiles cleanly on obsd.
>
> The funny thing is that I have a book on Snort on my reading list. Time
> to read it. I'll checkout barnyard2 as well
There is a learning curve for sure. It's not something that mo
* Scott Bonds [2014-08-19 02:28]:
> The funny thing is that I have a book on Snort on my reading list. Time
> to read it.
or you use the time for something useful instead.
did I say snake oil? ewps.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH, http://bsws.de, Full-
On Sat, Aug 16, 2014 at 02:34:21AM -0400, Todd Zimmermann wrote:
> Lots of good stuff in base and the ports collection. mtree can be
> extended to check file integrity for anything you've modified and
> other local stuff (something I need to do).
thanks, mtree is neat, glad to know about it
secur
On 16-08-14 08:22, Joel Rees wrote:
> On Fri, Aug 15, 2014 at 11:39 PM, Scott Bonds wrote:
>> [...]
>> Perhaps I should separate the router and 'everything else'
>> roles, so that the router only has builtin OpenBSD software on it, no
>> packages.
> Strongly encourage you to get a separate box to
On Sat, Aug 16, 2014 at 15:22, Joel Rees wrote:
> On Fri, Aug 15, 2014 at 11:39 PM, Scott Bonds wrote:
>> [...]
>> Perhaps I should separate the router and 'everything else'
>> roles, so that the router only has builtin OpenBSD software on it, no
>> packages.
>
> Strongly encourage you to get a s
Yeah it sucks, the miscreants run 24/7 365. My guess is home systems
are targeted a lot because there's only an 'IT Dept' of one.
Lots of good stuff in base and the ports collection. mtree can be
extended to check file integrity for anything you've modified and
other local stuff (something I need
On Fri, Aug 15, 2014 at 11:39 PM, Scott Bonds wrote:
> [...]
> Perhaps I should separate the router and 'everything else'
> roles, so that the router only has builtin OpenBSD software on it, no
> packages.
Strongly encourage you to get a separate box to run the router and
firewall on. (Ted, if yo
On Sat, Aug 16, 2014 at 1:52 AM, Scott Bonds wrote:
> On Fri, Aug 15, 2014 at 10:50:55AM -0500, Adam Thompson wrote:
>> While a long way from perfect, tools such as "chkrootkit" and "rkhunter"
>> might shed some light on your situation.
>> As Giancarlo said, check every machine that's closely inte
Before I blocked all of China, I saw something very similar on an ssh
honeypot I run.
Every few hours or so, I'd get the following:
http://sprunge.us/OGfE
Seemed totally automated.
J. Stuart McMurray
On Fri, Aug 15, 2014 at 1:51 PM, Josh Grosse wrote:
> On 2014-08-15 12:38, Mihai Popescu wr
On 2014-08-15 12:38, Mihai Popescu wrote:
On June 29, there was a 5.5-stable update to www/owncloud to release
6.0.4 to fix a security issue.
The developers annoucement, from the webpage for this thingie ( i
don't know what the hell this software is doing):
--
Yeah, you were screwe
previously on this list Scott Bonds contributed:
> I'm running OpenBSD 5.5-stable on my laptop as well. My laptop isn't
> running any public services AFAIK...I've configured the ones I'm running
> on it (like unbound) to only respond to local requests. Then again, I
> haven't tested those ports
On Fri, Aug 15, 2014 at 10:50:55AM -0500, Adam Thompson wrote:
> While a long way from perfect, tools such as "chkrootkit" and "rkhunter"
> might shed some light on your situation.
> As Giancarlo said, check every machine that's closely interconnected, not
> just the one compromised server you've n
> On June 29, there was a 5.5-stable update to www/owncloud to release
> 6.0.4 to fix a security issue.
The developers annoucement, from the webpage for this thingie ( i
don't know what the hell this software is doing):
--
Yeah, you were screwed!
On 2014-08-15 10:39, Scott Bonds wrote:
...I'm running owncloud and a bunch of other (no doubt less secure)
software
On June 29, there was a 5.5-stable update to www/owncloud to release
6.0.4 to fix a security issue.
If you are looking for possible attack surfaces, this may have been on
On 14-08-15 10:01 AM, Scott Bonds wrote:
I'm running OpenBSD 5.5-stable on my laptop as well. My laptop isn't
running any public services AFAIK...I've configured the ones I'm running
on it (like unbound) to only respond to local requests. Then again, I
haven't tested those ports from another mach
On Fri, Aug 15, 2014 at 11:42:32AM -0300, Giancarlo Razzolini wrote:
> Don't forget to check your own machine, not just your OpenBSD server.
> It's more often than not the point of origin of the attack. If your
> machine is compromised, reinstalling your server won't do anything,
> since they'll re
On 15-08-2014 11:39, Scott Bonds wrote:
> I thought I was being reasonably careful: ssh disabled for root,
> key-only login on my admin account, following stable, etc...then again,
> I'm running owncloud and a bunch of other (no doubt less secure)
> software. Perhaps I should separate the router an
Ok, thanks for confirming (and Chris and Adam). And while I have you
here, thank you for all of your contributions to OpenBSD, its amazing to
me the scope and quality of what y'all have built.
I thought I was being reasonably careful: ssh disabled for root,
key-only login on my admin account, f
On Thu, Aug 14, 2014 at 17:54, Scott Bonds wrote:
> So...have I been p0wned or does anyone know what innocent thing might be
> happening here? Please CC sc...@ggr.com on any replies, as I'm not
> subscribed to updates from the list.
Bad news: yeah. They appear to have screwed up their rootkit by
On 14-08-14 07:54 PM, Scott Bonds wrote:
So...have I been p0wned or does anyone know what innocent thing might be
happening here?
I think you already know the answer, unless you've done something very,
very strange back in April.
However, it could be said that the 3rd party here isn't terribly
Scott Bonds [sc...@ggr.com] wrote:
> I run an OpenBSD 5.5-stable amd64 server at home. Email, web, etc. Today
...
> $ file dsfrefr dsfrefr: ELF 32-bit LSB executable, Intel 80386, version
...
> So...have I been p0wned or does anyone know what innocent thing might be
> happening here? Please CC
I run an OpenBSD 5.5-stable amd64 server at home. Email, web, etc. Today
I was doing some maintenance and I found my way to /etc/rc.local. When I
opened it I saw this:
$ cat rc.local
# $OpenBSD: rc.local,v 1.44 2011/04/22 06:08:14 ajacoutot Exp $
# Site-specific startup actions, daemons,
27 matches
Mail list logo
