Re: Woody security updates report.
Alan James <[EMAIL PROTECTED]> writes: > On Mon, 28 Jul 2003 09:18:31 -0500, Andrés Roldán <[EMAIL PROTECTED]> > wrote: > >>Is there any way, a tool or something to do that? >> > > You could install apt-listchanges. You'll get an email with the relevant > changelog entries when something is upgraded. I have made a script (pretty bad coded) that makes half of what I needed. If you want to see it, it's located here: http://people.fluidsignal.com/~aroldan/debcheckupdates.sh I am still working on it. Thanks. > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- Andres Roldan <[EMAIL PROTECTED]> http://people.fluidsignal.com/~aroldan CSO, Fluidsignal Group
Re: Woody security updates report.
Alan James <[EMAIL PROTECTED]> writes: > On Mon, 28 Jul 2003 09:18:31 -0500, Andrés Roldán <[EMAIL PROTECTED]> > wrote: > >>Is there any way, a tool or something to do that? >> > > You could install apt-listchanges. You'll get an email with the relevant > changelog entries when something is upgraded. I have made a script (pretty bad coded) that makes half of what I needed. If you want to see it, it's located here: http://people.fluidsignal.com/~aroldan/debcheckupdates.sh I am still working on it. Thanks. > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- Andres Roldan <[EMAIL PROTECTED]> http://people.fluidsignal.com/~aroldan CSO, Fluidsignal Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Woody security updates report.
Hi all. I have a Debian Woody up-to-date'd production server (it's daily updated) and I need a report of the security updates made in the server since a given time ago (a month, a couple of months or so). Is there any way, a tool or something to do that? Thanks in advance. -- Andres Roldan <[EMAIL PROTECTED]> http://people.fluidsignal.com/~aroldan CSO, Fluidsignal Group
Woody security updates report.
Hi all. I have a Debian Woody up-to-date'd production server (it's daily updated) and I need a report of the security updates made in the server since a given time ago (a month, a couple of months or so). Is there any way, a tool or something to do that? Thanks in advance. -- Andres Roldan <[EMAIL PROTECTED]> http://people.fluidsignal.com/~aroldan CSO, Fluidsignal Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
iptables question
Hi. I was reading about certain kind of attacks about TCP sequence and I was wondering whether iptables is vulnerable to theses attacks. Especifically, whether iptables is capable to know if a RELATED or ESTABLISHED package is sent with a sequence number prediction attack and whether iptables is capable to know if the IP address has been spoofed by these means. -- Andres Roldan, CSO Fluidsignal Group
iptables question
Hi. I was reading about certain kind of attacks about TCP sequence and I was wondering whether iptables is vulnerable to theses attacks. Especifically, whether iptables is capable to know if a RELATED or ESTABLISHED package is sent with a sequence number prediction attack and whether iptables is capable to know if the IP address has been spoofed by these means. -- Andres Roldan, CSO Fluidsignal Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
kernel+grsecurity
Hi list. I am the CSO of a company and I am going to install several Debian woody machines with a kernel patched with grsecurity. Theses servers will be critical production-ready machines. The question is, what should I have to be aware of by compiling this kernel and what should I do to ensure a stability in those servers? Any input is aprreciated. Thanks in advance. -- Andres Roldan, CSO Fluidsignal Group -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list. I am the CSO of a company and I am going to install several Debian woody machines with a kernel patched with grsecurity. Theses servers will be critical production-ready machines. The question is, what should I have to be aware of by compiling this kernel and what should I do to ensure a stability in those servers? Any input is aprreciated. Thanks in advance. - -- Andres Roldan, CSO Fluidsignal Group -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+yJgj2OByS7KTlusRAtv2AKDN7M/AVKGFDr0T9JFUWFHfRGbNqACfYE4n 7Vzp692AKWgIteUtTV+RRYM= =E3qq -END PGP SIGNATURE-
Re: found this in my /var/log/apache/access.log
It's a trojan virus that tries to find any IIS vulnerable using random IP. This is itself not a dangerous attack (of course, if you have a IIS around, it is), indeed it is not intended to be for you. "Konstantin Filtschew" <[EMAIL PROTECTED]> writes: > hi, > > found this in my /var/log/apache/access.log, what does that mean: > > 217.37.212.241 - - [04/May/2003:15:17:22 +0200] "GET > /default.ida?XX > > > > > XX%u9090%u6858%ucbd3%u7801%u > 9090 > %u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b > 00%u > 531b%u53ff%u0078%u%u00=a HTTP/1.0" 404 277 "-" "-" > 217.128.213.22 - - [04/May/2003:14:50:16 +0200] "GET > /default.ida?XX > > > > > XX%u9090%u6858%ucbd3%u7801%u > 9090 > %u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b > 00%u > 531b%u53ff%u0078%u%u00=a HTTP/1.0" 404 277 "-" "-" > 217.218.66.141 - - [04/May/2003:13:39:56 +0200] "GET > /default.ida?XX > > > > > XX%u9090%u6858%ucbd3%u7801%u > 9090 > %u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b > 00%u > 531b%u53ff%u0078%u%u00=a HTTP/1.0" 404 277 "-" "-" > 212.65.17.26 - - [04/May/2003:06:30:32 +0200] "GET > /.hash=680d6f5c4d584f6b5d941a > f136938db3751a840b HTTP/1.1" 404 324 "-" "-" > 212.65.17.26 - - [04/May/2003:06:30:32 +0200] "GET > /.hash=e175a0da67b1fefbb5acd8 > cdc7ccc516ede015d1 HTTP/1.1" 404 324 "-" "-" > 212.65.17.26 - - [04/May/2003:06:30:32 +0200] "GET > /.hash=8c10ba0aae81edb7ae51eb > 156b2fcb770b66864a HTTP/1.1" 404 324 "-" "-" > > > > thx for help > > Konstantin Filtschew > > > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- Andres Roldan, CSO Fluidsignal Group
Re: iptables forwarding to inside firewall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think you must chech your default policies. Besides, you should check the traffic from within your mail server with a tool such as snort or tcpdump and try logging your rules with the -j LOG match. Hanasaki JiJi <[EMAIL PROTECTED]> writes: > Working on running a SMTP server inside the firewall that takes > incoming SMTP traffic from outside the firewall. The below rules are > not working. The firewall refuses connections. Any input on what > wrong? > > Thanks, > > internal mailserver = 192.168.1.2 > > > > #$PROG -t nat -A PREROUTING -i $NIC_EXTERNAL -p tcp \ > #-s 0/0 \ > #--dport smtp -j DNAT --to-destination 192.168.1.2:25 > > #$PROG -A FORWARD -i $NIC_EXTERNAL -s 0/0 \ > #-o $NIC_INTERNAL -d 192.168.1.2 -p tcp --dport smtp \ > #-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT > > #$PROG -A FORWARD -i $NIC_INTERNAL -s 192.168.1.2 \ > #-o $NIC_EXTERNAL -d 0/0 -p tcp \ > #-m state --state ESTABLISHED,RELATED -j ACCEPT > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > - -- Andres Roldan CSO, Fluidsignal Group S.A. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+hWHG2OByS7KTlusRAiDGAKCnU+W5O4wF9x4vYpy80dfgHfJ0NwCffy71 89njxxEPMLIzsCR0p44W/XM= =18HH -END PGP SIGNATURE-
Re: iptables forwarding to inside firewall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think you must chech your default policies. Besides, you should check the traffic from within your mail server with a tool such as snort or tcpdump and try logging your rules with the -j LOG match. Hanasaki JiJi <[EMAIL PROTECTED]> writes: > Working on running a SMTP server inside the firewall that takes > incoming SMTP traffic from outside the firewall. The below rules are > not working. The firewall refuses connections. Any input on what > wrong? > > Thanks, > > internal mailserver = 192.168.1.2 > > > > #$PROG -t nat -A PREROUTING -i $NIC_EXTERNAL -p tcp \ > #-s 0/0 \ > #--dport smtp -j DNAT --to-destination 192.168.1.2:25 > > #$PROG -A FORWARD -i $NIC_EXTERNAL -s 0/0 \ > #-o $NIC_INTERNAL -d 192.168.1.2 -p tcp --dport smtp \ > #-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT > > #$PROG -A FORWARD -i $NIC_INTERNAL -s 192.168.1.2 \ > #-o $NIC_EXTERNAL -d 0/0 -p tcp \ > #-m state --state ESTABLISHED,RELATED -j ACCEPT > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > - -- Andres Roldan CSO, Fluidsignal Group S.A. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+hWHG2OByS7KTlusRAiDGAKCnU+W5O4wF9x4vYpy80dfgHfJ0NwCffy71 89njxxEPMLIzsCR0p44W/XM= =18HH -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
