Re: Upcoming Lenny point release

Le Fri, 4 Sep 2009 10:25:38 +0100, "Adam D. Barratt" a écrit : > X-Mailer: Microsoft Outlook Express 6.00.2900.5843 <-- Huh... Is that a joke ? > Adam D. Barratt wrote: > > The next Lenny point release (5.0.3) is scheduled for Saturday, > > September 5th. > > The point release has now

Re: Missed something while using cryptsetup

DeMZed a écrit : > Hello ! > > When I do : > cryptsetup -c aes -s 4096 create home /dev/loop0 As your system speaks french and the question is not exactly related to *security* issues, you better ask on i.e the fr.comp.os.linux.configuration newsgroup... Jacques -- To UNSUBSC

Lot of UDP ports opened

Hi there, There are box1 and box2 on the same LAN A daily cron does machine nmap each other. Some times, box1 finds a lot of opened UDP ports opened on box2. Both machines are debian stable doing security updates. Both rkhunter and chkrootkit are running on it and finds nothing. Box2 nmappin

Rkhunter : old or patched

Hello, On a 'stable' + security updated machine RkHunter says : * Application version scan - Bind DNS 8.3.3 [ Old or patched version ] - OpenSSL 0.9.6c [ Old or patched version ] - OpenSSH 3.4p1 [ Old or patched version ] Does it means 'safe' or not ? Thanks,

Re: local root exploit

On Mon, 10 Jan 2005 15:19:33 +0100 Vladislav Kurz <[EMAIL PROTECTED]> wrote: > mount -t tmpfs tmpfs /dev/shm Only root can do that. Jacques -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

chkrootkit and LKM

Bonjour... When running from a shell logged on the machine I get : Checking `lkm'... You have 1 process hidden for readdir command You have 1 process hidden for ps command Warning: Possible LKM Trojan installed Sometimes I get 2 or 3 processes, sometimes NONE. Are there knownes 'fals

chkrootkit and LKM

Bonjour... When running from a shell logged on the machine I get : Checking `lkm'... You have 1 process hidden for readdir command You have 1 process hidden for ps command Warning: Possible LKM Trojan installed Sometimes I get 2 or 3 processes, sometimes NONE. Are there knownes 'fals

Re: will compression still work in this ssh release?

On Thu, Jun 27, 2002 at 07:35:49PM +0200, Rolf Kutz wrote: > * Quoting Robert Brown ([EMAIL PROTECTED]): > It works here, with kernel-2.4 on i386. You can It works here, with kernel-2.2 on i386. > - Rolf Jacques -- 0CBE 3F8A 5A77 A35C 27C7 2D42 3EC5 806B 91

chkrootkit.

Hello, As you know, chkrootkit master site is : ftp.pangeia.com.br Let's have a look : pollux:~# ftp ftp.pangeia.com.br Connected to ftp.pangeia.com.br. 220 spliff FTP server (PFTP 0.13) ready. Name (ftp.pangeia.com.br:root): ftp 331 Guest login ok, send ident as password. Password: 230 Guest lo

[CLOSED NOW] Re: Strange opened ports.

On Tue, Jun 04, 2002 at 03:13:06PM +0200, Johannes Weiss wrote: > Perhaps try > netcat -l -p > it binds a server-socket on udp-port and then you try > netcat > then enter some letters and if they don't arrive at the term which executes > netcat -l -p > there is another proggi listening on th

[CLOSED NOW] Re: Strange opened ports.

On Tue, Jun 04, 2002 at 03:13:06PM +0200, Johannes Weiss wrote: > Perhaps try > netcat -l -p > it binds a server-socket on udp-port and then you try > netcat > then enter some letters and if they don't arrive at the term which executes > netcat -l -p > there is another proggi listening on t

Re: Strange opened ports.

On Mon, Jun 03, 2002 at 11:05:44PM +0200, Guido Hennecke wrote: > So i think, there are no open Ports. > > Another possibility is, your system was hacked. chkrootkit-0.35 is running everyday, using a new fresh compiled binary, and nothing is found. So, will see, Thank you everyone,

Re: Strange opened ports.

On Mon, Jun 03, 2002 at 04:12:55PM -0500, Lance Heller wrote: > > Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ ) > Interesting ports on news.pcl.fr (195.6.210.99): > Port State Service > 1996/udp opentr-rsrb-port > 1997/udp opengdp

Re: Strange opened ports.

On Mon, Jun 03, 2002 at 04:46:36PM -0400, James wrote: > Are you sure they are open and nmap isn't just returning a false > positive? > > Try a #netstat -vatn on the local server and see if those ports really > are open. Nmap issued from the host itself does not returns anything either... news:~

Re: Strange opened ports.

On Mon, Jun 03, 2002 at 04:46:36PM -0400, James wrote: > Are you sure they are open and nmap isn't just returning a false > positive? > > Try a #netstat -vatn on the local server and see if those ports really > are open. news:~# netstat -vatn Active Internet connections (servers and established)

Re: Strange opened ports.

On Mon, Jun 03, 2002 at 10:43:48PM +0200, Guido Hennecke wrote: > Hallo Jacques, > > At 03.06.2002, Jacques Lav!gnotte wrote: > > On Mon, Jun 03, 2002 at 10:31:22PM +0200, Guido Hennecke wrote: > [...] > > > lsof -Pi | grep > > > (on the local system) >

Re: Strange opened ports.

On Mon, Jun 03, 2002 at 11:38:06PM +0300, Sami Haahtinen wrote: > better yet -- lsof -Pi : news:~# lsof -Pi udp:1996 news:~# lsof -Pi udp:1997 Nothing displayed neither... > Sami Jacques -- 0CBE 3F8A 5A77 A35C 27C7 2D42 3EC5 806B 9178 088D -- To UNSUBSCR

Re: Strange opened ports.

On Mon, Jun 03, 2002 at 10:31:22PM +0200, Guido Hennecke wrote: > Hallo Jacques, Hallo Guido, > > Interesting ports on news.pcl.fr (195.6.210.99): > > PortState Protocol Service > > 1996openudptr-rsrb-port > > 1997openudpgdp-port > > lsof -Pi |

Strange opened ports.

Hello, Is there any malicious think listening these ports : Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/) Interesting ports on news.pcl.fr (195.6.210.99): PortState Protocol Service 1996openudptr-rsrb-port 1997openudp

Re: Strange opened ports.

On Mon, Jun 03, 2002 at 11:05:44PM +0200, Guido Hennecke wrote: > So i think, there are no open Ports. > > Another possibility is, your system was hacked. chkrootkit-0.35 is running everyday, using a new fresh compiled binary, and nothing is found. So, will see, Thank you everyone,

Re: Strange opened ports.

On Mon, Jun 03, 2002 at 04:12:55PM -0500, Lance Heller wrote: > > Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ ) > Interesting ports on news.pcl.fr (195.6.210.99): > Port State Service > 1996/udp opentr-rsrb-port > 1997/udp opengd

Re: Strange opened ports.

On Mon, Jun 03, 2002 at 04:46:36PM -0400, James wrote: > Are you sure they are open and nmap isn't just returning a false > positive? > > Try a #netstat -vatn on the local server and see if those ports really > are open. Nmap issued from the host itself does not returns anything either... news:

Re: Strange opened ports.

On Mon, Jun 03, 2002 at 04:46:36PM -0400, James wrote: > Are you sure they are open and nmap isn't just returning a false > positive? > > Try a #netstat -vatn on the local server and see if those ports really > are open. news:~# netstat -vatn Active Internet connections (servers and established)

Re: Strange opened ports.

On Mon, Jun 03, 2002 at 10:43:48PM +0200, Guido Hennecke wrote: > Hallo Jacques, > > At 03.06.2002, Jacques Lav!gnotte wrote: > > On Mon, Jun 03, 2002 at 10:31:22PM +0200, Guido Hennecke wrote: > [...] > > > lsof -Pi | grep > > > (on the local system) >

Re: Strange opened ports.

On Mon, Jun 03, 2002 at 11:38:06PM +0300, Sami Haahtinen wrote: > better yet -- lsof -Pi : news:~# lsof -Pi udp:1996 news:~# lsof -Pi udp:1997 Nothing displayed neither... > Sami Jacques -- 0CBE 3F8A 5A77 A35C 27C7 2D42 3EC5 806B 9178 088D -- To UNSUBSC

Re: Strange opened ports.

On Mon, Jun 03, 2002 at 10:31:22PM +0200, Guido Hennecke wrote: > Hallo Jacques, Hallo Guido, > > Interesting ports on news.pcl.fr (195.6.210.99): > > PortState Protocol Service > > 1996openudptr-rsrb-port > > 1997openudpgdp-port > > lsof -Pi |

Strange opened ports.

Hello, Is there any malicious think listening these ports : Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/) Interesting ports on news.pcl.fr (195.6.210.99): PortState Protocol Service 1996openudptr-rsrb-port 1997openudp

Re: root's home world readable

On Mon, Jan 21, 2002 at 07:54:03PM +0100, eim wrote: > Hallo debian-sec folks, > > While I was checking up some configurations, > I've noticed that the root's home directory /root > is world readable... > > $ drwxr-xr-x2 root root 4.0k Jan 21 15:33 root > > This seems to be Debia

Re: root's home world readable

On Mon, Jan 21, 2002 at 07:54:03PM +0100, eim wrote: > Hallo debian-sec folks, > > While I was checking up some configurations, > I've noticed that the root's home directory /root > is world readable... > > $ drwxr-xr-x2 root root 4.0k Jan 21 15:33 root > > This seems to be Debi

Re: OFFTOPIC: Linux in the Bundestag(german parliament) - Petition

On Wed, Feb 06, 2002 at 10:19:03AM +0100, Moses Moore wrote: > [substitute German/Bundestag with America/(Senate|Congress) or [Europe| > (Canada|England|Australia)/Parliment as appropriate] When you talk about 'health' do you think 'nation' ? Jacques Inappropriate place, I k

Re: OFFTOPIC: Linux in the Bundestag(german parliament) - Petition

On Wed, Feb 06, 2002 at 10:19:03AM +0100, Moses Moore wrote: > [substitute German/Bundestag with America/(Senate|Congress) or [Europe| > (Canada|England|Australia)/Parliment as appropriate] When you talk about 'health' do you think 'nation' ? Jacques Inappropriate place, I

Re: Once again: Spam (from hananet.net, korea)

On Mon, Jan 14, 2002 at 04:54:31PM +0100, Dietmar Braun wrote: > >Well if one should do like you say then one would have to cut off Germany > and > >USA too as I get spam from both countries, most from the latter of > >course. > > Ok, I admit that this isn't practicable (I shouldn't write mail

Re: Once again: Spam (from hananet.net, korea)

On Mon, Jan 14, 2002 at 04:54:31PM +0100, Dietmar Braun wrote: > >Well if one should do like you say then one would have to cut off Germany and > >USA too as I get spam from both countries, most from the latter of > >course. > > Ok, I admit that this isn't practicable (I shouldn't write mails

Don't panic (ssh)

Good Morning, While you are talking about ssh issues... >From my log : Jan 13 09:50:58 news sshd[897]: scanned from 216.78.148.184 with +SSH-1.0-SSH_Version_Mapper. Don't panic. Jan 13 09:50:58 news sshd[896]: Did not receive identification string from +216.78.148.184 Should I really Not Pan

Don't panic (ssh)

Good Morning, While you are talking about ssh issues... >From my log : Jan 13 09:50:58 news sshd[897]: scanned from 216.78.148.184 with +SSH-1.0-SSH_Version_Mapper. Don't panic. Jan 13 09:50:58 news sshd[896]: Did not receive identification string from +216.78.148.184 Should I really Not Pa

Re: configuring Checksecurity to email reports to root

On Sat, Jan 12, 2002 at 03:59:12AM -0700, Stefan Srdic wrote: > On January 12, 2002 02:28 pm, Stephen Gran wrote: > > Thus spake Stefan Srdic: > > > Hi, > You might have misunderstood me, my question was, will the checksecurity > script that runs from cron e-mail it's report to root if I have exi

Re: configuring Checksecurity to email reports to root

On Sat, Jan 12, 2002 at 03:59:12AM -0700, Stefan Srdic wrote: > On January 12, 2002 02:28 pm, Stephen Gran wrote: > > Thus spake Stefan Srdic: > > > Hi, > You might have misunderstood me, my question was, will the checksecurity > script that runs from cron e-mail it's report to root if I have ex

Re: I've been hacked by DevilSoul

On Thu, Jan 10, 2002 at 08:31:00PM -0800, Alvin Oga wrote: > - if you think they used a simple/ordinary rootkits... you can > try some of the rootkit detectors > > http://www.chkrootkit.org/ Great tool Got : Searching for t0rn's default files and dirs... Possible t0rn rootkit ins

Re: I've been hacked by DevilSoul

On Thu, Jan 10, 2002 at 08:31:00PM -0800, Alvin Oga wrote: > - if you think they used a simple/ordinary rootkits... you can > try some of the rootkit detectors > > http://www.chkrootkit.org/ Great tool Got : Searching for t0rn's default files and dirs... Possible t0rn rootkit in