Send a mail
Hi, How i can send a mail with: From: [EMAIL PROTECTED] To: ndsoftwrae.net Subject: Test I have qmail ! I want use the command line because after i want send every 1 hours a message for test my mailbox... Thanks, it's urgent ! Nicolas DEFFAYET, NDSoftware http://www.ndsoftware.net - [EMAIL PROTECTED] France: Tel +33 671887502 - Fax N/A UK: Tel +44 8453348750 - Fax +44 8453348751 USA: Tel N/A - Fax N/A --- Note: All HTML email sent to me can be deleted for security reasons.
Re: SSH
On Fri, Feb 09, 2001 at 10:31:41AM -0500, Adam Spickler wrote: > SH2 is supposed to be more secure. Stability, not sure about. However, one > thing to think about... someone can load the local "exploit" dsniff on your > machine. This makes ssh1 look as cleartext as telnet. Fortunately, it > hasn't been done for ssh2 yet. Personally, I like using RSA keys. Make sure > to disable xauth, that's another security risk... etc, etc. [pleasewrapyourlinesatsomethingreasonablelike72characterssoyourmessageisreadable] lets de-FUD this just a tad, the dsniff business is a man in the middle attack, an attack that will ONLY succeed if the user ignores ssh's very loud warnings about a changed host key upon initial connection. openssh won't even allow you to login to such a host easily, and refuses to allow you to use password auth. the other case where that could suceed is if you fail to do any verification of the host key you recieve when connecting to a host you have never connected to before. if you take care to verify host keys and NEVER ignore warnings about changed keys. contact the admin and find out what happened and have him give you the key fingerprint so you can verify you are getting the correct host key. if you do this you are not vulnerable to dsniff. reports of ssh1's death have been greatly exaggerated. -- Ethan Benson http://www.alaska.net/~erbenson/ pgp0h6iMvvX2A.pgp Description: PGP signature
Send a mail
Hi, How i can send a mail with: From: [EMAIL PROTECTED] To: ndsoftwrae.net Subject: Test I have qmail ! I want use the command line because after i want send every 1 hours a message for test my mailbox... Thanks, it's urgent ! Nicolas DEFFAYET, NDSoftware http://www.ndsoftware.net - [EMAIL PROTECTED] France: Tel +33 671887502 - Fax N/A UK: Tel +44 8453348750 - Fax +44 8453348751 USA: Tel N/A - Fax N/A --- Note: All HTML email sent to me can be deleted for security reasons. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH
On Fri, Feb 09, 2001 at 10:31:41AM -0500, Adam Spickler wrote: > SH2 is supposed to be more secure. Stability, not sure about. However, one thing >to think about... someone can load the local "exploit" dsniff on your machine. This >makes ssh1 look as cleartext as telnet. Fortunately, it hasn't been done for ssh2 >yet. Personally, I like using RSA keys. Make sure to disable xauth, that's another >security risk... etc, etc. [pleasewrapyourlinesatsomethingreasonablelike72characterssoyourmessageisreadable] lets de-FUD this just a tad, the dsniff business is a man in the middle attack, an attack that will ONLY succeed if the user ignores ssh's very loud warnings about a changed host key upon initial connection. openssh won't even allow you to login to such a host easily, and refuses to allow you to use password auth. the other case where that could suceed is if you fail to do any verification of the host key you recieve when connecting to a host you have never connected to before. if you take care to verify host keys and NEVER ignore warnings about changed keys. contact the admin and find out what happened and have him give you the key fingerprint so you can verify you are getting the correct host key. if you do this you are not vulnerable to dsniff. reports of ssh1's death have been greatly exaggerated. -- Ethan Benson http://www.alaska.net/~erbenson/ PGP signature
Re: SSH security vulnerability (fwd)
> "Nicole" == Nicole Zimmerman <[EMAIL PROTECTED]> writes: Nicole> I have not verified this problem, but the advisory looks quite Nicole> decent. The fixes have been back-ported to the ssh version from Potato already. Grab the updated packages from security.debian.org. ssh from Woody is already OpenSSH 2.3.0, which is not vulnerable. -- | --- | / --+-- | / ___|___Hubert Chan <[EMAIL PROTECTED]> | \ | _|_ | |__| |__|__|GCS/M d- s:- a-- C++ UL+() P++ L++ E++ W++ N++ o? || K? w--- O++ M- V- PS-- PE+++ Y+ PGP+ t+ 5 X R- tv+ b+ | / | \ DI D G e++ h! !r !y | / | \ || <><-- http://www.crosswinds.net/~hackerhue/ PGP/GnuPG fingerprint: 6CC5 822D 2E55 494C 81DD 6F2C 6518 54DF 71FD A37F Key can be found at http://www.crosswinds.net/~hackerhue/hackerhue.asc Please encrypt all mail to me if possible.
SSH security vulnerability (fwd)
I have not verified this problem, but the advisory looks quite decent. -- Forwarded message -- Date: Fri, 9 Feb 2001 13:07:08 -0800 (PST) From: David A. Gatwood <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: SSH security vulnerability I don't usually announce security vulnerabilities, but this one hits close to home. There's a broad, sweeping security hole in basically every version of ssh, both commercial and non-commercial, including OpenSSH. This is fixed in OpenSSH 2.3.0. You are strongly urged to upgrade your systems. Note that there is NO CERT ADVISORY for this yet, as the vulnerability was only discovered yesterday. I've included the pertinent information below. The MkLinux Team -dg - On Fri, 9 Feb 2001, Nick Matsakis wrote: > To: [EMAIL PROTECTED] > > A security hole has recently been exposed in SSHD that may affect users of > the public beta. Unfortunately, I don't know much about what version of > SSHD the public beta comes with, or where one might find an updated > version (Darwin resources would be able to help no doubt) but I thought I > would send out this link anyway, so that those who should no about it can > do the requisite research. > > http://razor.bindview.com/publish/advisories/adv_ssh1crc.html ___ mklinux-announce mailing list [EMAIL PROTECTED] http://www.lists.apple.com/mailman/listinfo/mklinux-announce
Re: SSH security vulnerability (fwd)
> "Nicole" == Nicole Zimmerman <[EMAIL PROTECTED]> writes: Nicole> I have not verified this problem, but the advisory looks quite Nicole> decent. The fixes have been back-ported to the ssh version from Potato already. Grab the updated packages from security.debian.org. ssh from Woody is already OpenSSH 2.3.0, which is not vulnerable. -- | --- | / --+-- | / ___|___Hubert Chan <[EMAIL PROTECTED]> | \ | _|_ | |__| |__|__|GCS/M d- s:- a-- C++ UL+() P++ L++ E++ W++ N++ o? || K? w--- O++ M- V- PS-- PE+++ Y+ PGP+ t+ 5 X R- tv+ b+ | / | \ DI D G e++ h! !r !y | / | \ || <><-- http://www.crosswinds.net/~hackerhue/ PGP/GnuPG fingerprint: 6CC5 822D 2E55 494C 81DD 6F2C 6518 54DF 71FD A37F Key can be found at http://www.crosswinds.net/~hackerhue/hackerhue.asc Please encrypt all mail to me if possible. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
SSH security vulnerability (fwd)
I have not verified this problem, but the advisory looks quite decent. -- Forwarded message -- Date: Fri, 9 Feb 2001 13:07:08 -0800 (PST) From: David A. Gatwood <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: SSH security vulnerability I don't usually announce security vulnerabilities, but this one hits close to home. There's a broad, sweeping security hole in basically every version of ssh, both commercial and non-commercial, including OpenSSH. This is fixed in OpenSSH 2.3.0. You are strongly urged to upgrade your systems. Note that there is NO CERT ADVISORY for this yet, as the vulnerability was only discovered yesterday. I've included the pertinent information below. The MkLinux Team -dg - On Fri, 9 Feb 2001, Nick Matsakis wrote: > To: [EMAIL PROTECTED] > > A security hole has recently been exposed in SSHD that may affect users of > the public beta. Unfortunately, I don't know much about what version of > SSHD the public beta comes with, or where one might find an updated > version (Darwin resources would be able to help no doubt) but I thought I > would send out this link anyway, so that those who should no about it can > do the requisite research. > > http://razor.bindview.com/publish/advisories/adv_ssh1crc.html ___ mklinux-announce mailing list [EMAIL PROTECTED] http://www.lists.apple.com/mailman/listinfo/mklinux-announce -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: SSH
Scott- It seems to me you have the OPENSSH implementation of SSH. The SSH that is being talked about in this thread is the "commercial" version of SSH. Distinct difference :) Henrik --- Henrik Hudson Microsoft: "Where would you like to go to today" Linux: "Where would you like to go tomorrow" FreeBSD: "Hey, when are you guys going to catch up" > -Original Message- > From: Scott Bigham [mailto:[EMAIL PROTECTED] > Sent: Friday, February 09, 2001 10:09 > To: debian-security@lists.debian.org > Subject: Re: SSH > > > On Feb 9, 2001, Christian Hammers wrote: > > > The ssh package at non-us.debian.org is > ssh_2.3.0p1-1.11_i386.deb > > What worries me is, the version of ssh on my machine is listed as: > > ii ssh2.1.1p4-2 Secure rlogin/rsh/rcp > replacement (OpenSSH) > > which doesn't correspond to either the 2.3.0p1-1.11 > package in unstable > or the 1.2.3-9.1 package in stable and testing -- or, for > that matter, > to the 1.2.3-9 version that (IIRC) was listed as the > vulnerable version > in the alert. And even with security.debian.org in my > sources.list, > 'apt-get update; apt-get install ssh' insists that I have > the latest > version. Am I vulnerable? If so, what do I need to > upgrade to, and > how? > > -sbigham > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] >
Re: SSH
On Feb 9, 2001, Christian Hammers wrote: > The ssh package at non-us.debian.org is ssh_2.3.0p1-1.11_i386.deb What worries me is, the version of ssh on my machine is listed as: ii ssh2.1.1p4-2 Secure rlogin/rsh/rcp replacement (OpenSSH) which doesn't correspond to either the 2.3.0p1-1.11 package in unstable or the 1.2.3-9.1 package in stable and testing -- or, for that matter, to the 1.2.3-9 version that (IIRC) was listed as the vulnerable version in the alert. And even with security.debian.org in my sources.list, 'apt-get update; apt-get install ssh' insists that I have the latest version. Am I vulnerable? If so, what do I need to upgrade to, and how? -sbigham
Re: SSH
On Fri, Feb 09, 2001 at 04:17:54PM +0100, Jonas Carlsson wrote: > Maybe ssh_2.3.0 exist in unstable ? yes. unstable/testing was what I looked at. Don't know about potato aka stable. (it can, as release distributin, not be changed anyways, although the security fixes are backported to the old version) > Do I gain something in security if I install SSH-2 ? > What is the difference between 1 and 2 ? The numbers show AFAIK the protocol versions. v2 is believed to be more secure and more featurefull. Read the docs for more information. > // Jonas C bye, -christian- -- It has just been discovered that research causes cancer in rats.
Re: SSH
SH2 is supposed to be more secure. Stability, not sure about. However, one thing to think about... someone can load the local "exploit" dsniff on your machine. This makes ssh1 look as cleartext as telnet. Fortunately, it hasn't been done for ssh2 yet. Personally, I like using RSA keys. Make sure to disable xauth, that's another security risk... etc, etc. ...adam On Fri, Feb 09, 2001 at 04:17:54PM +0100, Jonas Carlsson wrote: > Christian Hammers wrote: > > > > On Fri, Feb 09, 2001 at 03:28:11PM +0100, Jonas Carlsson wrote: > > > Why does Debian only have SSH-1 not SSH-2 ? > > It does not. > > The ssh package at non-us.debian.org is ssh_2.3.0p1-1.11_i386.deb > > I have non-us.debian.org in my list. > deb http://non-us.debian.org/debian-non-US potato/non-US main contrib > non-free > > Maybe ssh_2.3.0 exist in unstable ? > > > Do I gain something in security if I install SSH-2 ? > What is the difference between 1 and 2 ? > > > // Jonas C > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] >
Re: SSH
Christian Hammers wrote: > > On Fri, Feb 09, 2001 at 03:28:11PM +0100, Jonas Carlsson wrote: > > Why does Debian only have SSH-1 not SSH-2 ? > It does not. > The ssh package at non-us.debian.org is ssh_2.3.0p1-1.11_i386.deb I have non-us.debian.org in my list. deb http://non-us.debian.org/debian-non-US potato/non-US main contrib non-free Maybe ssh_2.3.0 exist in unstable ? Do I gain something in security if I install SSH-2 ? What is the difference between 1 and 2 ? // Jonas C
Re: IDS
On Fri, Feb 09, 2001 at 03:59:02PM +0100, NDSoftware wrote: > Where i can find a good IDS for Debian ? I guess snort falls in to this category and it's already packaged: apt-cache show snort Package: snort Priority: optional Section: net Installed-Size: 656 Maintainer: Christian Hammers <[EMAIL PROTECTED]> Architecture: powerpc Version: 1.6.3a-3 Depends: debconf (>= 0.2.80), adduser (>= 3.11), libc6 (>= 2.1.97), libpcap0 (>= 0.5.2-2) Filename: pool/main/s/snort/snort_1.6.3a-3_powerpc.deb Size: 253116 MD5sum: 481aaa957ba63ca51281e4565fe3e6fd Description: flexible packet sniffer/logger that detects attacks Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba. -- Robert Ramiega | [EMAIL PROTECTED] IRC: _Jedi_ | Don't underestimate UIN: 13201047 | http://www.plukwa.net/ | the power of Source
Re: IDS
On Fre, Feb 09, 2001 at 03:59:02 +0100, NDSoftware wrote: > Where i can find a good IDS for Debian ? take a look at snort and the corresponding homepage. NFR isn't yet packaged. -- "Mine! Mine! It's all mine!" -- Daffy Duck
IDS
Where i can find a good IDS for Debian ? Thanks Nicolas DEFFAYET, NDSoftware http://www.ndsoftware.net - [EMAIL PROTECTED] France: Tel +33 671887502 - Fax N/A UK: Tel +44 8453348750 - Fax +44 8453348751 USA: Tel N/A - Fax N/A --- Note: All HTML email sent to me can be deleted for security reasons.
Re: SSH
On Fri, Feb 09, 2001 at 03:28:11PM +0100, Jonas Carlsson wrote: > Why does Debian only have SSH-1 not SSH-2 ? It does not. The ssh package at non-us.debian.org is ssh_2.3.0p1-1.11_i386.deb bye, -christian- -- Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0 [EMAIL PROTECTED] Internet & Security for ProfessionalsFax 0241/911879 WESTEND ist CISCO Systems Partner - Premium Certified
Re: SSH
On Fri, Feb 09, 2001 at 03:28:11PM +0100, Jonas Carlsson wrote: > Why does Debian only have SSH-1 not SSH-2 ? > > Some restrictions or is it something else ? > > I have been recommended to use OpenSSH, version 2.3.0p1 OpenSSH 2.3.0 can speak ssh-2 protocol Note also that there is updated openssh package that fixes some security bug (don't remeber which one though) -- Robert Ramiega | [EMAIL PROTECTED] IRC: _Jedi_ | Don't underestimate UIN: 13201047 | http://www.plukwa.net/ | the power of Source
RE: SSH
Scott- It seems to me you have the OPENSSH implementation of SSH. The SSH that is being talked about in this thread is the "commercial" version of SSH. Distinct difference :) Henrik --- Henrik Hudson Microsoft: "Where would you like to go to today" Linux: "Where would you like to go tomorrow" FreeBSD: "Hey, when are you guys going to catch up" > -Original Message- > From: Scott Bigham [mailto:[EMAIL PROTECTED]] > Sent: Friday, February 09, 2001 10:09 > To: [EMAIL PROTECTED] > Subject: Re: SSH > > > On Feb 9, 2001, Christian Hammers wrote: > > > The ssh package at non-us.debian.org is > ssh_2.3.0p1-1.11_i386.deb > > What worries me is, the version of ssh on my machine is listed as: > > ii ssh2.1.1p4-2 Secure rlogin/rsh/rcp > replacement (OpenSSH) > > which doesn't correspond to either the 2.3.0p1-1.11 > package in unstable > or the 1.2.3-9.1 package in stable and testing -- or, for > that matter, > to the 1.2.3-9 version that (IIRC) was listed as the > vulnerable version > in the alert. And even with security.debian.org in my > sources.list, > 'apt-get update; apt-get install ssh' insists that I have > the latest > version. Am I vulnerable? If so, what do I need to > upgrade to, and > how? > > -sbigham > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
SSH
Why does Debian only have SSH-1 not SSH-2 ? Some restrictions or is it something else ? I have been recommended to use OpenSSH, version 2.3.0p1 instead of OpenSSH 1 // Jonas C
Re: SSH
On Feb 9, 2001, Christian Hammers wrote: > The ssh package at non-us.debian.org is ssh_2.3.0p1-1.11_i386.deb What worries me is, the version of ssh on my machine is listed as: ii ssh2.1.1p4-2 Secure rlogin/rsh/rcp replacement (OpenSSH) which doesn't correspond to either the 2.3.0p1-1.11 package in unstable or the 1.2.3-9.1 package in stable and testing -- or, for that matter, to the 1.2.3-9 version that (IIRC) was listed as the vulnerable version in the alert. And even with security.debian.org in my sources.list, 'apt-get update; apt-get install ssh' insists that I have the latest version. Am I vulnerable? If so, what do I need to upgrade to, and how? -sbigham -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: who owns the ports?
Philipe Gaspar ([EMAIL PROTECTED]) wrote: > > > There should be a way to, after booting up on my rescue CD, check all > > > my files against the MD5 checksums on the CD (ignoring the conffiles, > > > of course). > > > > Tripwire > Try the package debsum, it is a tool to handle md5sums for installed packages It doesn't check for added files, altered config-files, things you compiled yourself, etc. cu, Rolf
Re: SSH
On Fri, Feb 09, 2001 at 04:17:54PM +0100, Jonas Carlsson wrote: > Maybe ssh_2.3.0 exist in unstable ? yes. unstable/testing was what I looked at. Don't know about potato aka stable. (it can, as release distributin, not be changed anyways, although the security fixes are backported to the old version) > Do I gain something in security if I install SSH-2 ? > What is the difference between 1 and 2 ? The numbers show AFAIK the protocol versions. v2 is believed to be more secure and more featurefull. Read the docs for more information. > // Jonas C bye, -christian- -- It has just been discovered that research causes cancer in rats. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH
SH2 is supposed to be more secure. Stability, not sure about. However, one thing to think about... someone can load the local "exploit" dsniff on your machine. This makes ssh1 look as cleartext as telnet. Fortunately, it hasn't been done for ssh2 yet. Personally, I like using RSA keys. Make sure to disable xauth, that's another security risk... etc, etc. ...adam On Fri, Feb 09, 2001 at 04:17:54PM +0100, Jonas Carlsson wrote: > Christian Hammers wrote: > > > > On Fri, Feb 09, 2001 at 03:28:11PM +0100, Jonas Carlsson wrote: > > > Why does Debian only have SSH-1 not SSH-2 ? > > It does not. > > The ssh package at non-us.debian.org is ssh_2.3.0p1-1.11_i386.deb > > I have non-us.debian.org in my list. > deb http://non-us.debian.org/debian-non-US potato/non-US main contrib > non-free > > Maybe ssh_2.3.0 exist in unstable ? > > > Do I gain something in security if I install SSH-2 ? > What is the difference between 1 and 2 ? > > > // Jonas C > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH
Christian Hammers wrote: > > On Fri, Feb 09, 2001 at 03:28:11PM +0100, Jonas Carlsson wrote: > > Why does Debian only have SSH-1 not SSH-2 ? > It does not. > The ssh package at non-us.debian.org is ssh_2.3.0p1-1.11_i386.deb I have non-us.debian.org in my list. deb http://non-us.debian.org/debian-non-US potato/non-US main contrib non-free Maybe ssh_2.3.0 exist in unstable ? Do I gain something in security if I install SSH-2 ? What is the difference between 1 and 2 ? // Jonas C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IDS
On Fri, Feb 09, 2001 at 03:59:02PM +0100, NDSoftware wrote: > Where i can find a good IDS for Debian ? I guess snort falls in to this category and it's already packaged: apt-cache show snort Package: snort Priority: optional Section: net Installed-Size: 656 Maintainer: Christian Hammers <[EMAIL PROTECTED]> Architecture: powerpc Version: 1.6.3a-3 Depends: debconf (>= 0.2.80), adduser (>= 3.11), libc6 (>= 2.1.97), libpcap0 (>= 0.5.2-2) Filename: pool/main/s/snort/snort_1.6.3a-3_powerpc.deb Size: 253116 MD5sum: 481aaa957ba63ca51281e4565fe3e6fd Description: flexible packet sniffer/logger that detects attacks Snort is a libpcap-based packet sniffer/logger which can be used as a lightweight network intrusion detection system. It features rules based logging and can perform content searching/matching in addition to being used to detect a variety of other attacks and probes, such as buffer overflows, stealth port scans, CGI attacks, SMB probes, and much more. Snort has a real-time alerting capability, with alerts being sent to syslog, a separate "alert" file, or even to a Windows computer via Samba. -- Robert Ramiega | [EMAIL PROTECTED] IRC: _Jedi_ | Don't underestimate UIN: 13201047 | http://www.plukwa.net/ | the power of Source -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: IDS
On Fre, Feb 09, 2001 at 03:59:02 +0100, NDSoftware wrote: > Where i can find a good IDS for Debian ? take a look at snort and the corresponding homepage. NFR isn't yet packaged. -- "Mine! Mine! It's all mine!" -- Daffy Duck -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
IDS
Where i can find a good IDS for Debian ? Thanks Nicolas DEFFAYET, NDSoftware http://www.ndsoftware.net - [EMAIL PROTECTED] France: Tel +33 671887502 - Fax N/A UK: Tel +44 8453348750 - Fax +44 8453348751 USA: Tel N/A - Fax N/A --- Note: All HTML email sent to me can be deleted for security reasons. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH
On Fri, Feb 09, 2001 at 03:28:11PM +0100, Jonas Carlsson wrote: > Why does Debian only have SSH-1 not SSH-2 ? It does not. The ssh package at non-us.debian.org is ssh_2.3.0p1-1.11_i386.deb bye, -christian- -- Christian HammersWESTEND GmbH - Aachen und Dueren Tel 0241/701333-0 [EMAIL PROTECTED] Internet & Security for ProfessionalsFax 0241/911879 WESTEND ist CISCO Systems Partner - Premium Certified -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SSH
On Fri, Feb 09, 2001 at 03:28:11PM +0100, Jonas Carlsson wrote: > Why does Debian only have SSH-1 not SSH-2 ? > > Some restrictions or is it something else ? > > I have been recommended to use OpenSSH, version 2.3.0p1 OpenSSH 2.3.0 can speak ssh-2 protocol Note also that there is updated openssh package that fixes some security bug (don't remeber which one though) -- Robert Ramiega | [EMAIL PROTECTED] IRC: _Jedi_ | Don't underestimate UIN: 13201047 | http://www.plukwa.net/ | the power of Source -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
SSH
Why does Debian only have SSH-1 not SSH-2 ? Some restrictions or is it something else ? I have been recommended to use OpenSSH, version 2.3.0p1 instead of OpenSSH 1 // Jonas C -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: who owns the ports?
Giacomo Mulas ([EMAIL PROTECTED]) wrote on 9 February 2001 12:23: >On Fri, 9 Feb 2001, Rolf Kutz wrote: > >> Wade Richards ([EMAIL PROTECTED]) wrote: >> >> > I've got a rescue CD with most of the packages on it, and most(*) of >> > those packages include MD5 sums for all the files. >> > >> > There should be a way to, after booting up on my rescue CD, check all >> > my files against the MD5 checksums on the CD (ignoring the conffiles, >> > of course). >> >> Tripwire >> >> > Better yet, for the packages that are not on my CD, it could get the >> > MD5s from the FTP archive. >> > >> > Does anyone know of such a feature already in the rescue disks? >> >> No, but you can do it with tripwire. Another alternative is to use sxid. It can be configured to check not only s[ug]id programs but any files and directories. And I think checking conf files is as important as checking binaries.
Re: who owns the ports?
Philipe Gaspar ([EMAIL PROTECTED]) wrote: > > > There should be a way to, after booting up on my rescue CD, check all > > > my files against the MD5 checksums on the CD (ignoring the conffiles, > > > of course). > > > > Tripwire > Try the package debsum, it is a tool to handle md5sums for installed packages It doesn't check for added files, altered config-files, things you compiled yourself, etc. cu, Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: who owns the ports?
On Fri, 9 Feb 2001, Rolf Kutz wrote: > Wade Richards ([EMAIL PROTECTED]) wrote: > > > I've got a rescue CD with most of the packages on it, and most(*) of > > those packages include MD5 sums for all the files. > > > > There should be a way to, after booting up on my rescue CD, check all > > my files against the MD5 checksums on the CD (ignoring the conffiles, > > of course). > > Tripwire > > > Better yet, for the packages that are not on my CD, it could get the > > MD5s from the FTP archive. > > > > Does anyone know of such a feature already in the rescue disks? > > No, but you can do it with tripwire. Yes. Simple rules of the thumb: 1) use a clean rescue CD to boot from it (to be safe from rootkits). always do a cold boot (from power off state), just in case 2) use the tripwire binary from the CD to build a database of signatures of the important files on your computer and store it on a floppy (it will usually fit, if you compress it) 3) from time to time, or if you suspect a compromise, boot again from the CD and check the integrity of the files against the signatures on your floppy. 4) NEVER EVER rewrite your database (or insert the floppy disk containing it write enabled) on an untrusted host Bye Giacomo _ Giacomo Mulas <[EMAIL PROTECTED], [EMAIL PROTECTED]> _ OSSERVATORIO ASTRONOMICO Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA) Tel.: +39 070 71180 216 Fax : +39 070 71180 222 _ "When the storms are raging around you, stay right where you are" (Freddy Mercury) _
Re: who owns the ports?
I'm seeing this strange thing: # netstat -epav (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Not that I'm running as root! What does it mean?
Re: who owns the ports?
Giacomo Mulas ([EMAIL PROTECTED]) wrote on 9 February 2001 12:23: >On Fri, 9 Feb 2001, Rolf Kutz wrote: > >> Wade Richards ([EMAIL PROTECTED]) wrote: >> >> > I've got a rescue CD with most of the packages on it, and most(*) of >> > those packages include MD5 sums for all the files. >> > >> > There should be a way to, after booting up on my rescue CD, check all >> > my files against the MD5 checksums on the CD (ignoring the conffiles, >> > of course). >> >> Tripwire >> >> > Better yet, for the packages that are not on my CD, it could get the >> > MD5s from the FTP archive. >> > >> > Does anyone know of such a feature already in the rescue disks? >> >> No, but you can do it with tripwire. Another alternative is to use sxid. It can be configured to check not only s[ug]id programs but any files and directories. And I think checking conf files is as important as checking binaries. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: who owns the ports?
On Fri, 9 Feb 2001, Rolf Kutz wrote: > Wade Richards ([EMAIL PROTECTED]) wrote: > > > I've got a rescue CD with most of the packages on it, and most(*) of > > those packages include MD5 sums for all the files. > > > > There should be a way to, after booting up on my rescue CD, check all > > my files against the MD5 checksums on the CD (ignoring the conffiles, > > of course). > > Tripwire > > > Better yet, for the packages that are not on my CD, it could get the > > MD5s from the FTP archive. > > > > Does anyone know of such a feature already in the rescue disks? > > No, but you can do it with tripwire. Yes. Simple rules of the thumb: 1) use a clean rescue CD to boot from it (to be safe from rootkits). always do a cold boot (from power off state), just in case 2) use the tripwire binary from the CD to build a database of signatures of the important files on your computer and store it on a floppy (it will usually fit, if you compress it) 3) from time to time, or if you suspect a compromise, boot again from the CD and check the integrity of the files against the signatures on your floppy. 4) NEVER EVER rewrite your database (or insert the floppy disk containing it write enabled) on an untrusted host Bye Giacomo _ Giacomo Mulas <[EMAIL PROTECTED], [EMAIL PROTECTED]> _ OSSERVATORIO ASTRONOMICO Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA) Tel.: +39 070 71180 216 Fax : +39 070 71180 222 _ "When the storms are raging around you, stay right where you are" (Freddy Mercury) _ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: who owns the ports?
I'm seeing this strange thing: # netstat -epav (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.) Not that I'm running as root! What does it mean? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: who owns the ports?
#! /bin/sh # adaptible for upd also export TCPPRTS=`netstat -na -t | grep "^tcp" | sed "s/^[^:]*:\(.\).*/\1/g" | sort -nu` echo "Active tcp ports:" $TCPPRTS for PRT in ${TCPPRTS} ; do echo port number $PRT : `grep "[^0123456789]${PRT}\/tcp" /etc/services` export TPID=`fuser ${PRT}/tcp | cut -d ':' -f 2` ps wax | awk '{print $1" "$5 }' | grep ${TPID} done