On one of my multihomed machines together with authentication I tend to use
something like:
restrict default ignore
restrict ntpserver1 nomodify
restrict ntpserver2 nomodify
restrict ntpserver3 nomodify
restrict network1 mask netmask1 notrust nomodify
restrict network2 mask netmask2 notrust
On Mon, Mar 12, 2001 at 11:11:40PM +, Jim Breton wrote:
Again, I'm not disagreeing with you. rp_filter and source checking has
nothing to do with the issue though. The question posed was about
packet destinations, and you keep referring to source checks.
Arggghh! Sorry, you're
Hi
All
Have created a file
which contains all my ipchains rules and I would like
it to start when the
machine loads. Not sure where the best place is for
this. I used to use
rc.local on RH but was told that this is a bush job and
very sloppy as for
debian, well used to use the network
On Tue, Mar 13, 2001 at 09:15:20AM +0200, Craig wrote:
Hi All
Have created a file which contains all my ipchains rules and I would like
it to start when the machine loads. Not sure where the best place is for
this. I used to use rc.local on RH but was told that this is a bush job and
very
Hi Wade,
I'm fairly sure that this is "debian-illegal" way to do it, but I created
a "firewall" script in /etc/init.d, and then the correct symlinks to that
script from the RC directories. The files are:
-rwxr-xr-x387 Nov 7 22:43 init.d/firewall*
lrwxrwxrwx 18 Oct 7 23:36
Is this important enough to backport to potato? If so, should I do
that myself, or should the security team? Thanks.
The potato version of camediaplay,
camediaplay980118-1 Still Camera Digital Interface
installs its binary suid 'uucp':
-r-sr-xr-x1 uucp bin
[EMAIL PROTECTED] wrote:
Hello.
I have been setting up a webserver that users need to acess remotely.
The problem is that I don't like the way that ftp sends passwords
plaintext. I am currently useing proftpd, as I also require the
ability to chroot users into thier own directories. Now,
On Mon, Mar 12, 2001 at 12:03:51AM -0800, Alexander Hvostov wrote:
[snip]
A PAM module is apparently a work-in-progress to perform chroot() at
the PAM level. Email Bruce Campbell [EMAIL PROTECTED] and ask
about its status.
interesting -- I wasn't aware Mr Campbell was about to protect us from
Hi,
On Sun, 11 Mar 2001 [EMAIL PROTECTED] wrote:
I have been setting up a webserver that users need to acess remotely.
The problem is that I don't like the way that ftp sends passwords
plaintext. I am currently useing proftpd, as I also require the
ability to chroot users into thier own
There were some other security holes in the kernel which was corrected in
2.2.19pre9 or somewhere around that pre-release concerning the
signed/unsigned usage of some int variables.
I think this is a sufficient reason for upgrading.
Regards,
Robert Varga
On Mon, 5 Mar 2001, David Wright
On Sat, Mar 10, 2001 at 05:20:26PM +, Jim Breton wrote:
On Sat, Mar 10, 2001 at 10:22:48AM -0600, Ted Cabeen wrote:
if (BADCLASS(daddr) || ZERONET(daddr) || LOOPBACK(daddr))
goto martian_destination;
This is part of the routing check for incoming packets. It
On Sat, Mar 10, 2001 at 11:28:50PM -0600, Bryan Andersen wrote:
Jamie Heilman wrote:
I noticed that /etc/services has a tcp entry for ntp. Is there any way
(short of changing the code) to coax ntp to use tcp instead of udp ?
No, UDP is intrinsic to how NTP works.
Actually it isn't.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Saturday, March 10, 2001 9:29 PM
Subject: Re: NTP security
[...]
See Ultra-Link, http://www.ulio.com/ for a low cost battery powerable
atomic clock radio receiver. It has a 3V inverted TTL RS-232 link
On Mon, Mar 12, 2001 at 06:36:25PM +, Jim Breton wrote:
On Mon, Mar 12, 2001 at 02:31:57PM -0400, Peter Cordes wrote:
Doesn't rp_filter do this, or am I missing something? It should make the
kernel drop packets coming in on interfaces they shouldn't be, e.g. 10.0.0.0
packets coming
On Mon, Mar 12, 2001 at 06:58:07PM -0400, Peter Cordes wrote:
On Mon, Mar 12, 2001 at 06:36:25PM +, Jim Breton wrote:
It does do what you describe; however the original question is about
evil packet _destinations_ and not evil packet _sources._
No, I just checked
At 10:32 -0600 3/10/2001, Piotr Tarnowski wrote:
Hi,
I've installed NTP daemon on my firewall (with sync to
external machine) and
on all internal machines (with sync to my firewall).
I found that this had opend port 123/udp on my firewall,
so now everybody
from the net can use my machine as a
On one of my multihomed machines together with authentication I tend to use
something like:
restrict default ignore
restrict ntpserver1 nomodify
restrict ntpserver2 nomodify
restrict ntpserver3 nomodify
restrict network1 mask netmask1 notrust nomodify
restrict network2 mask netmask2 notrust
On Mon, Mar 12, 2001 at 11:11:40PM +, Jim Breton wrote:
Again, I'm not disagreeing with you. rp_filter and source checking has
nothing to do with the issue though. The question posed was about
packet destinations, and you keep referring to source checks.
Arggghh! Sorry, you're right.
18 matches
Mail list logo
