Le Fri, 4 Sep 2009 10:25:38 +0100,
"Adam D. Barratt" a écrit :
> X-Mailer: Microsoft Outlook Express 6.00.2900.5843 <-- Huh...
Is that a joke ?
> Adam D. Barratt wrote:
> > The next Lenny point release (5.0.3) is scheduled for Saturday,
> > September 5th.
>
> The point release has now
DeMZed a écrit :
> Hello !
>
> When I do :
> cryptsetup -c aes -s 4096 create home /dev/loop0
As your system speaks french and the question is not exactly
related to *security* issues, you better ask on i.e the
fr.comp.os.linux.configuration newsgroup...
Jacques
--
To UNSUBSC
Hi there,
There are box1 and box2 on the same LAN
A daily cron does machine nmap each other.
Some times, box1 finds a lot of opened UDP ports opened on box2.
Both machines are debian stable doing security updates.
Both rkhunter and chkrootkit are running on it and finds nothing.
Box2 nmappin
Hello,
On a 'stable' + security updated machine RkHunter says :
* Application version scan
- Bind DNS 8.3.3 [ Old or patched version ]
- OpenSSL 0.9.6c [ Old or patched version ]
- OpenSSH 3.4p1 [ Old or patched version ]
Does it means 'safe' or not ?
Thanks,
On Mon, 10 Jan 2005 15:19:33 +0100
Vladislav Kurz <[EMAIL PROTECTED]> wrote:
> mount -t tmpfs tmpfs /dev/shm
Only root can do that.
Jacques
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bonjour...
When running from a shell logged on the machine I get :
Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
Warning: Possible LKM Trojan installed
Sometimes I get 2 or 3 processes, sometimes NONE.
Are there knownes 'fals
Bonjour...
When running from a shell logged on the machine I get :
Checking `lkm'... You have 1 process hidden for readdir command
You have 1 process hidden for ps command
Warning: Possible LKM Trojan installed
Sometimes I get 2 or 3 processes, sometimes NONE.
Are there knownes 'fals
On Thu, Jun 27, 2002 at 07:35:49PM +0200, Rolf Kutz wrote:
> * Quoting Robert Brown ([EMAIL PROTECTED]):
> It works here, with kernel-2.4 on i386. You can
It works here, with kernel-2.2 on i386.
> - Rolf
Jacques
--
0CBE 3F8A 5A77 A35C 27C7 2D42 3EC5 806B 91
Hello,
As you know, chkrootkit master site is : ftp.pangeia.com.br
Let's have a look :
pollux:~# ftp ftp.pangeia.com.br
Connected to ftp.pangeia.com.br.
220 spliff FTP server (PFTP 0.13) ready.
Name (ftp.pangeia.com.br:root): ftp
331 Guest login ok, send ident as password.
Password:
230 Guest lo
On Tue, Jun 04, 2002 at 03:13:06PM +0200, Johannes Weiss wrote:
> Perhaps try
> netcat -l -p
> it binds a server-socket on udp-port and then you try
> netcat
> then enter some letters and if they don't arrive at the term which executes
> netcat -l -p
> there is another proggi listening on th
On Tue, Jun 04, 2002 at 03:13:06PM +0200, Johannes Weiss wrote:
> Perhaps try
> netcat -l -p
> it binds a server-socket on udp-port and then you try
> netcat
> then enter some letters and if they don't arrive at the term which executes
> netcat -l -p
> there is another proggi listening on t
On Mon, Jun 03, 2002 at 11:05:44PM +0200, Guido Hennecke wrote:
> So i think, there are no open Ports.
>
> Another possibility is, your system was hacked.
chkrootkit-0.35 is running everyday, using a new fresh compiled binary,
and nothing is found.
So, will see,
Thank you everyone,
On Mon, Jun 03, 2002 at 04:12:55PM -0500, Lance Heller wrote:
>
> Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ )
> Interesting ports on news.pcl.fr (195.6.210.99):
> Port State Service
> 1996/udp opentr-rsrb-port
> 1997/udp opengdp
On Mon, Jun 03, 2002 at 04:46:36PM -0400, James wrote:
> Are you sure they are open and nmap isn't just returning a false
> positive?
>
> Try a #netstat -vatn on the local server and see if those ports really
> are open.
Nmap issued from the host itself does not returns anything either...
news:~
On Mon, Jun 03, 2002 at 04:46:36PM -0400, James wrote:
> Are you sure they are open and nmap isn't just returning a false
> positive?
>
> Try a #netstat -vatn on the local server and see if those ports really
> are open.
news:~# netstat -vatn
Active Internet connections (servers and established)
On Mon, Jun 03, 2002 at 10:43:48PM +0200, Guido Hennecke wrote:
> Hallo Jacques,
>
> At 03.06.2002, Jacques Lav!gnotte wrote:
> > On Mon, Jun 03, 2002 at 10:31:22PM +0200, Guido Hennecke wrote:
> [...]
> > > lsof -Pi | grep
> > > (on the local system)
>
On Mon, Jun 03, 2002 at 11:38:06PM +0300, Sami Haahtinen wrote:
> better yet -- lsof -Pi :
news:~# lsof -Pi udp:1996
news:~# lsof -Pi udp:1997
Nothing displayed neither...
> Sami
Jacques
--
0CBE 3F8A 5A77 A35C 27C7 2D42 3EC5 806B 9178 088D
--
To UNSUBSCR
On Mon, Jun 03, 2002 at 10:31:22PM +0200, Guido Hennecke wrote:
> Hallo Jacques,
Hallo Guido,
> > Interesting ports on news.pcl.fr (195.6.210.99):
> > PortState Protocol Service
> > 1996openudptr-rsrb-port
> > 1997openudpgdp-port
>
> lsof -Pi |
Hello,
Is there any malicious think listening these ports :
Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
Interesting ports on news.pcl.fr (195.6.210.99):
PortState Protocol Service
1996openudptr-rsrb-port
1997openudp
On Mon, Jun 03, 2002 at 11:05:44PM +0200, Guido Hennecke wrote:
> So i think, there are no open Ports.
>
> Another possibility is, your system was hacked.
chkrootkit-0.35 is running everyday, using a new fresh compiled binary,
and nothing is found.
So, will see,
Thank you everyone,
On Mon, Jun 03, 2002 at 04:12:55PM -0500, Lance Heller wrote:
>
> Starting nmap V. 2.53 by [EMAIL PROTECTED] ( www.insecure.org/nmap/ )
> Interesting ports on news.pcl.fr (195.6.210.99):
> Port State Service
> 1996/udp opentr-rsrb-port
> 1997/udp opengd
On Mon, Jun 03, 2002 at 04:46:36PM -0400, James wrote:
> Are you sure they are open and nmap isn't just returning a false
> positive?
>
> Try a #netstat -vatn on the local server and see if those ports really
> are open.
Nmap issued from the host itself does not returns anything either...
news:
On Mon, Jun 03, 2002 at 04:46:36PM -0400, James wrote:
> Are you sure they are open and nmap isn't just returning a false
> positive?
>
> Try a #netstat -vatn on the local server and see if those ports really
> are open.
news:~# netstat -vatn
Active Internet connections (servers and established)
On Mon, Jun 03, 2002 at 10:43:48PM +0200, Guido Hennecke wrote:
> Hallo Jacques,
>
> At 03.06.2002, Jacques Lav!gnotte wrote:
> > On Mon, Jun 03, 2002 at 10:31:22PM +0200, Guido Hennecke wrote:
> [...]
> > > lsof -Pi | grep
> > > (on the local system)
>
On Mon, Jun 03, 2002 at 11:38:06PM +0300, Sami Haahtinen wrote:
> better yet -- lsof -Pi :
news:~# lsof -Pi udp:1996
news:~# lsof -Pi udp:1997
Nothing displayed neither...
> Sami
Jacques
--
0CBE 3F8A 5A77 A35C 27C7 2D42 3EC5 806B 9178 088D
--
To UNSUBSC
On Mon, Jun 03, 2002 at 10:31:22PM +0200, Guido Hennecke wrote:
> Hallo Jacques,
Hallo Guido,
> > Interesting ports on news.pcl.fr (195.6.210.99):
> > PortState Protocol Service
> > 1996openudptr-rsrb-port
> > 1997openudpgdp-port
>
> lsof -Pi |
Hello,
Is there any malicious think listening these ports :
Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
Interesting ports on news.pcl.fr (195.6.210.99):
PortState Protocol Service
1996openudptr-rsrb-port
1997openudp
On Mon, Jan 21, 2002 at 07:54:03PM +0100, eim wrote:
> Hallo debian-sec folks,
>
> While I was checking up some configurations,
> I've noticed that the root's home directory /root
> is world readable...
>
> $ drwxr-xr-x2 root root 4.0k Jan 21 15:33 root
>
> This seems to be Debia
On Mon, Jan 21, 2002 at 07:54:03PM +0100, eim wrote:
> Hallo debian-sec folks,
>
> While I was checking up some configurations,
> I've noticed that the root's home directory /root
> is world readable...
>
> $ drwxr-xr-x2 root root 4.0k Jan 21 15:33 root
>
> This seems to be Debi
On Wed, Feb 06, 2002 at 10:19:03AM +0100, Moses Moore wrote:
> [substitute German/Bundestag with America/(Senate|Congress) or
[Europe|
> (Canada|England|Australia)/Parliment as appropriate]
When you talk about 'health' do you think 'nation' ?
Jacques
Inappropriate place, I k
On Wed, Feb 06, 2002 at 10:19:03AM +0100, Moses Moore wrote:
> [substitute German/Bundestag with America/(Senate|Congress) or
[Europe|
> (Canada|England|Australia)/Parliment as appropriate]
When you talk about 'health' do you think 'nation' ?
Jacques
Inappropriate place, I
On Mon, Jan 14, 2002 at 04:54:31PM +0100, Dietmar Braun wrote:
> >Well if one should do like you say then one would have to cut off Germany
> and
> >USA too as I get spam from both countries, most from the latter of
> >course.
>
> Ok, I admit that this isn't practicable (I shouldn't write mail
On Mon, Jan 14, 2002 at 04:54:31PM +0100, Dietmar Braun wrote:
> >Well if one should do like you say then one would have to cut off Germany and
> >USA too as I get spam from both countries, most from the latter of
> >course.
>
> Ok, I admit that this isn't practicable (I shouldn't write mails
Good Morning,
While you are talking about ssh issues...
>From my log :
Jan 13 09:50:58 news sshd[897]: scanned from 216.78.148.184 with
+SSH-1.0-SSH_Version_Mapper. Don't panic.
Jan 13 09:50:58 news sshd[896]: Did not receive identification string from
+216.78.148.184
Should I really Not Pan
Good Morning,
While you are talking about ssh issues...
>From my log :
Jan 13 09:50:58 news sshd[897]: scanned from 216.78.148.184 with
+SSH-1.0-SSH_Version_Mapper. Don't panic.
Jan 13 09:50:58 news sshd[896]: Did not receive identification string from
+216.78.148.184
Should I really Not Pa
On Sat, Jan 12, 2002 at 03:59:12AM -0700, Stefan Srdic wrote:
> On January 12, 2002 02:28 pm, Stephen Gran wrote:
> > Thus spake Stefan Srdic:
> > > Hi,
> You might have misunderstood me, my question was, will the checksecurity
> script that runs from cron e-mail it's report to root if I have exi
On Sat, Jan 12, 2002 at 03:59:12AM -0700, Stefan Srdic wrote:
> On January 12, 2002 02:28 pm, Stephen Gran wrote:
> > Thus spake Stefan Srdic:
> > > Hi,
> You might have misunderstood me, my question was, will the checksecurity
> script that runs from cron e-mail it's report to root if I have ex
On Thu, Jan 10, 2002 at 08:31:00PM -0800, Alvin Oga wrote:
> - if you think they used a simple/ordinary rootkits... you can
> try some of the rootkit detectors
>
> http://www.chkrootkit.org/
Great tool
Got :
Searching for t0rn's default files and dirs... Possible t0rn rootkit ins
On Thu, Jan 10, 2002 at 08:31:00PM -0800, Alvin Oga wrote:
> - if you think they used a simple/ordinary rootkits... you can
> try some of the rootkit detectors
>
> http://www.chkrootkit.org/
Great tool
Got :
Searching for t0rn's default files and dirs... Possible t0rn rootkit in
39 matches
Mail list logo