yes, my home machine was hacked as well and then my provider machine from
there hence jboss down.
It also proves "dreamhost" detected the intrusion (as I did) but wasn't able
to do anything to prevent it or repair it. :(
I had to reinstall linux as well. It seems the first script kiddies were
good and just "parasited" the machine but didn't damage it (and I don't mind
some parasites, all trees have them). But then a "sloppy" script kiddy came
along and boom.
So being badly raped when I was a "security newbie" I decided to look at it
in detail.
Fascinating, had a great time, didn't sleep much last week :)
essentially I disable EVERYTHING (telnet, ftp), I use xinetd which is more
secure than inetd and then I turn off all the services in xinetd but pop3s a
secure pop version on ssl. ssh is the only way to get in (telneat really
good on windows) Of course I do all the installation off line. And then I
put "tripwire" to monitor the main directories turn it on, once it is on I
put the machine online.
then I downloaded a rootkit and diagnosed my own machine for attacks :)
fascinating.
so much fun. Anyone knows of a good "scan detector"?
marc
|-----Original Message-----
|From: [EMAIL PROTECTED]
|[mailto:[EMAIL PROTECTED]]On Behalf Of Filip Hanik
|Sent: Monday, January 22, 2001 10:22 AM
|To: jBoss Developer
|Subject: [jBoss-Dev] securing your servers
|
|
|Just wanted to let everybody that run RedHat at home (maybe even the JBoss
|servers?)
|I got hit by the Ramen Noodle worm on my server at home (I forgot to turn
|off some inetd services - in this case the print service) and my
|machine got
|rooted.
|This means, I have to reinstall my machine from scratch, so be careful all
|of you who run Linux (especially redhat).
|If you run FreeBSD your safe!! :)
|
|take a look at the article
|http://news.cnet.com/news/0-1003-200-4508359.html?tag=st.ne.1430735..ni
|
|Filip
|
|~
|Namaste - I bow to the divine in you.
|~
|Filip Hanik
|Technical Architect
|[EMAIL PROTECTED]
|
|----- Original Message -----
|From: "marc fleury" <[EMAIL PROTECTED]>
|To: "jBoss Developer" <[EMAIL PROTECTED]>
|Sent: Monday, January 22, 2001 9:55 AM
|Subject: RE: [jBoss-Dev] jndi/UserTransaction
|
|
|Hello,
|
|sorry for the delay I am finally out of the water re website (well almost).
|
|I am very interested in a integration of
|a/new TM or extended TM
|b/ Jeremie from France Telecom... it is the new JOnAS TM and I believe we
|can buy ourselves distributed TM with it.
|
|let me know if you time/energy/will to take that on. To be quite
|frank I am
|thinking b/ first then talk to ole on possibilities for a/,
|
|marc
|
|
||-----Original Message-----
||From: [EMAIL PROTECTED]
||[mailto:[EMAIL PROTECTED]]On Behalf Of Sethi , Manish
||Sent: Sunday, January 14, 2001 7:51 AM
||To: 'jBoss Developer '
||Subject: RE: [jBoss-Dev] jndi/UserTransaction
||
||
||Hi Everybody,
||
||Writing very first mail to the group.
||
||I have gone through present implementation og JTA. I want to help in it's
||development. Now what I want to know is what should we choose out of
||followings for this job.
||
||1. Should we implement JTS/OTS specs at the back. (Probably we
||would have to
||start form scrach...)
||
||OR
||
||2. Should we think of some mechanism of just making TXContext
||movable around
||the multiple JVM...
||
||
||-Manish
||
||
||-----Original Message-----
||From: marc fleury
||To: jBoss Developer
||Sent: 1/12/01 10:34 AM
||Subject: RE: [jBoss-Dev] jndi/UserTransaction
||
|||Is there a known historical fix for this, such as substituting a
||different
|||JTA implementation or JNDI implementation? That is, has someone already
||
||hi,
||
||the jndi implementation is an orthogonal issue. We need to plug in a
||distributed monitor (JTS/JTA) and hook it up to jndi. The plumbing
||(propagation, thread association) is already there as it is an
||adaptation of
||the old jboss1.0 code.
||
||For the record, jboss1.0 used JOnAS distributed TM to provide
||distributed
||transactions. We deliberately removed it from 2.0 to provide fast in VM
||tm.
||
||Plugging a new TM is what is needed.
||
||marc
||
||
|||provided this functionality in the past and able to offer suggestions?
|||Distributed JTA and UserTransaction access by remote clients
|||through JNDI is
|||spec-required.
|||
|||Sean
|||
|||on 1/11/01 11:17 PM, marc fleury at [EMAIL PROTECTED] wrote:
|||
|||> userTransaction is for beans right now. I.e visible in JNDI of beans,
||but
|||> NOT the globla JNDI.
|||>
|||> marc
|||>
|||>
|||> |-----Original Message-----
|||> |From: [EMAIL PROTECTED]
|||> |[mailto:[EMAIL PROTECTED]]On Behalf Of Scott M Stark
|||> |Sent: Wednesday, January 10, 2001 8:08 PM
|||> |To: jBoss Developer
|||> |Subject: Re: [jBoss-Dev] jndi/UserTransaction
|||> |
|||> |
|||> |Can't you just access it via the context.getUserTransaction()
||method?
|||> |It is bound under java:comp/UserTransaction, but this is only
||available
|||> |from within the EJB while the container is executing a method. Its
|||> |not visable vie jndiView.
|||> |
|||> |
|||> |----- Original Message -----
|||> |From: "Peter Braswell" <[EMAIL PROTECTED]>
|||> |To: "jBoss Developer" <[EMAIL PROTECTED]>
|||> |Sent: Wednesday, January 10, 2001 7:20 PM
|||> |Subject: [jBoss-Dev] jndi/UserTransaction
|||> |
|||> |
|||> |> All,
|||> |>
|||> |> I don't see (jndiView) where the a UserTransaction is
|||> |> bound. I didn't find in the mail archives or docs
|||> |> anything indicating how this gets bound...
|||> |>
|||> |> Any hints?
|||> |>
|||> |> peter
|||> |>
|||> |> __________________________________________________
|||> |> Do You Yahoo!?
|||> |> Yahoo! Photos - Share your holiday photos online!
|||> |> http://photos.yahoo.com/
|||> |>
|||> |>
|||> |
|||> |
|||> |
|||>
|||>
|||
|||
|||
||
||
||
|
|
|
