Re: CODA + portmapper == insecure?
hi ya doug donno if the more secure rpc/portmap will solve your problem or not http://www.linux-sec.net/Harden/services.gwif.html - see the bottom of the page have fun alvin On 3 Sep 2001, Doug Alcorn wrote: > I'm interested in doing CODA file system over the internet. It has > all the features of a networked filesystem that I'm interested in. > The only problem seems to be that it requires the use of the > portmapper. From my NFS day, I seem to remember that portmapper is > insecure. Is this true? Is CODA itself secure? It seems to use > kerberos for authentication. Is there some way for it to use ssh port > forwarding instead? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Running/Compiling latest snort on potato
Hello, --- Shane Machon <[EMAIL PROTECTED]> wrote: > I dont have to have 1.81 of snort (would be nice > though!), just db > support (1.7 or above) > > Any success stories? I used compiled from sources snort for 2 month. Then, I decide to add db support and try to recompile it. But it depends on so many libs, that I decide better get binary package. Also, I decide make snort-box as clean mashine with only necessary features, because it used only for intrusion detection (dedicated box). 1. Install base Debian system and select no additional packages. 2. Download and manually (with dpkg) install necessary packages (see list installed packages below). 3. Download and install ACID (Analysis Console for Intrusion Databases). Downloaded packages and tgz: ACID-0.9.5b9.tar.gz adduser_3.39_all.deb apache-common_1.3.20-1_i386.deb apache_1.3.20-1_i386.deb debconf_0.9.77_all.deb dialog_0.9a-20010527-1_i386.deb fileutils_4.1-2_i386.deb klogd_1.4.1-2_i386.deb libbz2-1.0_1.0.1-10_i386.deb libc6_2.2.3-6_i386.deb libdb2_2.7.7-8_i386.deb libdbd-mysql-perl_1.2216-2_i386.deb libdbi-perl_1.18-1_i386.deb libexpat1_1.95.1-5_i386.deb libgdbmg1_1.7.3-27_i386.deb libmm11_1.1.3-4_i386.deb libmysqlclient10_3.23.39-3_i386.deb libncurses5_5.2.20010318-2_i386.deb libpcap0_0.6.2-1_i386.deb libpcre3_3.4-1_i386.deb libreadline4_4.2-3_i386.deb libstdc++2.10-glibc2.2_2.95.4-0.010703_i386.deb logrotate_3.5.4-2_i386.deb mime-support_3.11-1_all.deb mysql-client_3.23.39-3_i386.deb mysql-common_3.23.39-3.1_all.deb mysql-server_3.23.39-3_i386.deb perl-base_5.6.1-5_i386.deb perl-modules_5.6.1-5_all.deb perl_5.6.1-5_i386.deb php4-mysql_4.0.6-4_i386.deb php4_4.0.6-1_i386.deb php4_4.0.6-4_i386.deb snort_1.7-9_i386.deb sysklogd_1.4.1-2_i386.deb zlib1g_1.1.3-15_i386.deb Installed packages (dpkg -l): ii adduser3.39 ii ae 962-26 ii apache 1.3.20-1 ii apache-common 1.3.20-1 ii apt0.3.19 ii base-config0.33.2 ii base-files 2.2.0 ii base-passwd3.1.10 ii bash 2.03-6 ii bsdutils 2.10f-5.1 ii console-data 1999.08.29-11. ii console-tools 0.2.3-10.3 ii console-tools- 0.2.3-10.3 ii cron 3.0pl1-57.2 ii debconf0.9.77 ii debianutils1.13.3 ii dialog 0.9a-20010527- ii diff 2.7-21 ii dpkg 1.6.15 ii e2fsprogs 1.18-3.0 ii elvis-tiny 1.4-11 ii fbset 2.1-6 ii fdflush1.0.1-5 ii fdutils5.3-3 ii fileutils 4.1-2 ii findutils 4.1-40 ii ftp0.10-3.1 ii gettext-base 0.10.35-13 ii grep 2.4.2-1 ii gzip 1.2.4-33 ii hostname 2.07 ii isapnptools1.21-2 ii joe2.8-15.2 ii klogd 1.4.1-2 ii ldso 1.9.11-9 ii libbz2-1.0 1.0.1-10 ii libc6 2.2.3-6 ii libdb2 2.7.7-8 ii libdbd-mysql-p 1.2216-2 ii libdbi-perl1.18-1 ii libexpat1 1.95.1-5 ii libgdbmg1 1.7.3-27 ii libmm111.1.3-4 ii libmysqlclient 3.23.39-3 ii libncurses55.2.20010318-2 ii libnewt0 0.50-7 ii libpam-modules 0.72-9 ii libpam-runtime 0.72-9 ii libpam0g 0.72-9 ii libpcap0 0.6.2-1 ii libpcre3 3.4-1 ii libpopt0 1.4-1.1 ii libreadline4 4.2-3 ii libssl09 0.9.4-5 ii libstdc++2.10 2.95.2-13 ii libstdc++2.10- 2.95.4-0.01070 ii libwrap0 7.6-4 ii lilo 21.4.3-2 ii locales2.1.3-18 ii login 19990827-20 ii makedev2.3.1-46.2 ii mawk 1.3.3-5 ii mbr1.1.2-1 ii mime-support 3.11-1 ii modutils 2.3.11-13.1 ii mount 2.10f-5.1 ii mysql-client 3.23.39-3 ii mysql-common 3.23.39-3.1 ii mysql-server 3.23.39-3 ii ncurses-base 5.0-6.0potato1 ii ncurses-bin5.0-6.0potato1 ii netbase3.18-4 ii passwd 19990827-20 ii pciutils 2.1.2-2 ii perl 5.6.1-5 ii perl-base 5.6.1-5 ii perl-modules 5.6.1-5 ii php4 4.0.6-4 ii php4-mysql 4.0.6-4 ii ppp2.3.11-1.4 ii pppconfig 2.0.5 ii procps 2.0.6-5 ii psmisc 19-2 ii pump 0.7.3-2 ii sed3.02-5 ii setserial 2.17-16 ii shellutils 2.0-7 ii slang1 1.3.9-1 ii snort 1.7-9 ii ssh1.2.3-9.3 ii sysklogd 1.4.1-2 ii syslinux 1.48-2 ii sysvinit 2.78-4 ii tar1.13.17-2 ii tasksel1.0-10 ii tcpd 7.6-4 ii telnet 0.16-4potato.1 ii textutils 2.0-2 ii update 2.11-1 ii util-linux 2.10f-5.1 ii zlib1g 1.1.3-15 This linux-box has 3 network interfaces: 1 - connected to LAN (used to view results and mantain box) 2,3 - sensors without ip-addresses assigned (simple ifconfig eth0 up, for snort this is enough) attached to 2 different segments of DMZ. Very stable desision, I have no problem with it. = Regards, Vladislav. ---> http://cybervlad.port5.com __ Do You Yahoo!? Get emai
FW: a filter for tcp socket
Hello! Did you hear about netfilter/iptables/ipchains etc? This is a firewall task, isn't it? And there are tons of documentation - visit "netfilter.samba.org". Or google :). -Original Message- From: Samu [mailto:[EMAIL PROTECTED] Sent: Monday, September 03, 2001 9:04 PM To: debian-security@lists.debian.org Subject: a filter for tcp socket hello, this is a work i would like to study but i fall in problem when looking for Linux Socket Filtering Documentation. I want to make a filter that can alterate data on tcp packets following some rules ( e.g. faking icq messages to give you an idea ) and must block the original packet (or rewrite it ... aniway it's IMPORTANT the original packet can't arrive to destination) . this filter has to run on a machine in which traffic pass through ( e.g. a linux gw on a LAN ) . the only way i find to do that ( attach a program that filter sockets) is through Linux Socket Filtering but it seem not to be any docs about that. is there someone who has links to docs, examples or can suggest me another way to do that ? thanks Samuele -- Samuele Tonon <[EMAIL PROTECTED]> Undergraduate Student of Computer Science at University of Bologna, Italy System administrator at Computer Science Lab's, University of Bologna, Italy Founder & Member of A.A.H.T. UIN 3155609 Acid -- better living through chemistry. Timothy Leary -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Running/Compiling latest snort on potato
Compiled and ran fine for me with libpcap 0.4a6. --sjk On 4 Sep, Shane Machon wrote: > Greetings, > > Anyone had success compiling snort 1.81 on a stable potato box? > > Looking at the snort website, there is a question regarding libpcap < > 0.5 under Redhat that will cause problems, does anyone know if this is > this redhat specific? Potato only offers libpcap0 0.4a6-3. > > I dont have to have 1.81 of snort (would be nice though!), just db > support (1.7 or above) > > Any success stories? > > I know there are now debian packages for snort, but going to > unstable/testing isnt an option ;) > > > Any responces appreciated. > > Cheers, > > SHANE MACHON > Network Administrator > Technical Project Manager > Two Purple Plums Pty Ltd. > TPP Internet Development > (NetNames Australasia) > > PO Box 334, Manly > NSW, 1655, Australia > Tel. +61 2 9970 5242 > Fax. +61 2 9970 8262 > Eml. [EMAIL PROTECTED] > > == > TPP Internet Development (NetNames Australasia) > The International Domain Name Registry > Registering Domain Names in over 200 countries > http://www.netnames.com.au > http://www.internetdevelopment.com.au > http://www.twoplums.com.au > == > > -- Aude Sepere --- [EMAIL PROTECTED] Audax et Cautus ---
Problems with pam_access
Hello, I am using pure-ftpd 0.99.1b (compiled from source) on a potato-system with kernel 2.4.9. I want to make one ftp-account accessible only for certain IP-addresses. This is possible by using pam_access and it works fine with ssh. I added this line to /etc/pam.d/pure-ftpd: "account required pam_access.so" When I try to login I get: "pam_access[1585]: couldn't get the tty name" in my logfiles and the login fails immediately without a timeout. pure-ftpd is running in standalone-mode (not from inetd) and I don't want to change that. PAM works fine and pure-ftpd is compiled --with-pam Any hints? Regards, Phil
Re: Running/Compiling latest snort on potato
Hello, --- Shane Machon <[EMAIL PROTECTED]> wrote: > I dont have to have 1.81 of snort (would be nice > though!), just db > support (1.7 or above) > > Any success stories? I used compiled from sources snort for 2 month. Then, I decide to add db support and try to recompile it. But it depends on so many libs, that I decide better get binary package. Also, I decide make snort-box as clean mashine with only necessary features, because it used only for intrusion detection (dedicated box). 1. Install base Debian system and select no additional packages. 2. Download and manually (with dpkg) install necessary packages (see list installed packages below). 3. Download and install ACID (Analysis Console for Intrusion Databases). Downloaded packages and tgz: ACID-0.9.5b9.tar.gz adduser_3.39_all.deb apache-common_1.3.20-1_i386.deb apache_1.3.20-1_i386.deb debconf_0.9.77_all.deb dialog_0.9a-20010527-1_i386.deb fileutils_4.1-2_i386.deb klogd_1.4.1-2_i386.deb libbz2-1.0_1.0.1-10_i386.deb libc6_2.2.3-6_i386.deb libdb2_2.7.7-8_i386.deb libdbd-mysql-perl_1.2216-2_i386.deb libdbi-perl_1.18-1_i386.deb libexpat1_1.95.1-5_i386.deb libgdbmg1_1.7.3-27_i386.deb libmm11_1.1.3-4_i386.deb libmysqlclient10_3.23.39-3_i386.deb libncurses5_5.2.20010318-2_i386.deb libpcap0_0.6.2-1_i386.deb libpcre3_3.4-1_i386.deb libreadline4_4.2-3_i386.deb libstdc++2.10-glibc2.2_2.95.4-0.010703_i386.deb logrotate_3.5.4-2_i386.deb mime-support_3.11-1_all.deb mysql-client_3.23.39-3_i386.deb mysql-common_3.23.39-3.1_all.deb mysql-server_3.23.39-3_i386.deb perl-base_5.6.1-5_i386.deb perl-modules_5.6.1-5_all.deb perl_5.6.1-5_i386.deb php4-mysql_4.0.6-4_i386.deb php4_4.0.6-1_i386.deb php4_4.0.6-4_i386.deb snort_1.7-9_i386.deb sysklogd_1.4.1-2_i386.deb zlib1g_1.1.3-15_i386.deb Installed packages (dpkg -l): ii adduser3.39 ii ae 962-26 ii apache 1.3.20-1 ii apache-common 1.3.20-1 ii apt0.3.19 ii base-config0.33.2 ii base-files 2.2.0 ii base-passwd3.1.10 ii bash 2.03-6 ii bsdutils 2.10f-5.1 ii console-data 1999.08.29-11. ii console-tools 0.2.3-10.3 ii console-tools- 0.2.3-10.3 ii cron 3.0pl1-57.2 ii debconf0.9.77 ii debianutils1.13.3 ii dialog 0.9a-20010527- ii diff 2.7-21 ii dpkg 1.6.15 ii e2fsprogs 1.18-3.0 ii elvis-tiny 1.4-11 ii fbset 2.1-6 ii fdflush1.0.1-5 ii fdutils5.3-3 ii fileutils 4.1-2 ii findutils 4.1-40 ii ftp0.10-3.1 ii gettext-base 0.10.35-13 ii grep 2.4.2-1 ii gzip 1.2.4-33 ii hostname 2.07 ii isapnptools1.21-2 ii joe2.8-15.2 ii klogd 1.4.1-2 ii ldso 1.9.11-9 ii libbz2-1.0 1.0.1-10 ii libc6 2.2.3-6 ii libdb2 2.7.7-8 ii libdbd-mysql-p 1.2216-2 ii libdbi-perl1.18-1 ii libexpat1 1.95.1-5 ii libgdbmg1 1.7.3-27 ii libmm111.1.3-4 ii libmysqlclient 3.23.39-3 ii libncurses55.2.20010318-2 ii libnewt0 0.50-7 ii libpam-modules 0.72-9 ii libpam-runtime 0.72-9 ii libpam0g 0.72-9 ii libpcap0 0.6.2-1 ii libpcre3 3.4-1 ii libpopt0 1.4-1.1 ii libreadline4 4.2-3 ii libssl09 0.9.4-5 ii libstdc++2.10 2.95.2-13 ii libstdc++2.10- 2.95.4-0.01070 ii libwrap0 7.6-4 ii lilo 21.4.3-2 ii locales2.1.3-18 ii login 19990827-20 ii makedev2.3.1-46.2 ii mawk 1.3.3-5 ii mbr1.1.2-1 ii mime-support 3.11-1 ii modutils 2.3.11-13.1 ii mount 2.10f-5.1 ii mysql-client 3.23.39-3 ii mysql-common 3.23.39-3.1 ii mysql-server 3.23.39-3 ii ncurses-base 5.0-6.0potato1 ii ncurses-bin5.0-6.0potato1 ii netbase3.18-4 ii passwd 19990827-20 ii pciutils 2.1.2-2 ii perl 5.6.1-5 ii perl-base 5.6.1-5 ii perl-modules 5.6.1-5 ii php4 4.0.6-4 ii php4-mysql 4.0.6-4 ii ppp2.3.11-1.4 ii pppconfig 2.0.5 ii procps 2.0.6-5 ii psmisc 19-2 ii pump 0.7.3-2 ii sed3.02-5 ii setserial 2.17-16 ii shellutils 2.0-7 ii slang1 1.3.9-1 ii snort 1.7-9 ii ssh1.2.3-9.3 ii sysklogd 1.4.1-2 ii syslinux 1.48-2 ii sysvinit 2.78-4 ii tar1.13.17-2 ii tasksel1.0-10 ii tcpd 7.6-4 ii telnet 0.16-4potato.1 ii textutils 2.0-2 ii update 2.11-1 ii util-linux 2.10f-5.1 ii zlib1g 1.1.3-15 This linux-box has 3 network interfaces: 1 - connected to LAN (used to view results and mantain box) 2,3 - sensors without ip-addresses assigned (simple ifconfig eth0 up, for snort this is enough) attached to 2 different segments of DMZ. Very stable desision, I have no problem with it. = Regards, Vladislav. ---> http://cybervlad.port5.com __ Do You Yahoo!? Get ema
FW: a filter for tcp socket
Hello! Did you hear about netfilter/iptables/ipchains etc? This is a firewall task, isn't it? And there are tons of documentation - visit "netfilter.samba.org". Or google :). -Original Message- From: Samu [mailto:[EMAIL PROTECTED]] Sent: Monday, September 03, 2001 9:04 PM To: [EMAIL PROTECTED] Subject: a filter for tcp socket hello, this is a work i would like to study but i fall in problem when looking for Linux Socket Filtering Documentation. I want to make a filter that can alterate data on tcp packets following some rules ( e.g. faking icq messages to give you an idea ) and must block the original packet (or rewrite it ... aniway it's IMPORTANT the original packet can't arrive to destination) . this filter has to run on a machine in which traffic pass through ( e.g. a linux gw on a LAN ) . the only way i find to do that ( attach a program that filter sockets) is through Linux Socket Filtering but it seem not to be any docs about that. is there someone who has links to docs, examples or can suggest me another way to do that ? thanks Samuele -- Samuele Tonon <[EMAIL PROTECTED]> Undergraduate Student of Computer Science at University of Bologna, Italy System administrator at Computer Science Lab's, University of Bologna, Italy Founder & Member of A.A.H.T. UIN 3155609 Acid -- better living through chemistry. Timothy Leary -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
CODA + portmapper == insecure?
I'm interested in doing CODA file system over the internet. It has all the features of a networked filesystem that I'm interested in. The only problem seems to be that it requires the use of the portmapper. From my NFS day, I seem to remember that portmapper is insecure. Is this true? Is CODA itself secure? It seems to use kerberos for authentication. Is there some way for it to use ssh port forwarding instead? -- (__) Doug Alcorn (mailto:[EMAIL PROTECTED] http://www.lathi.net) oo / PGP 02B3 1E26 BCF2 9AAF 93F1 61D7 450C B264 3E63 D543 |_/ If you're a capitalist and you have the best goods and they're free, you don't have to proselytize, you just have to wait.
Portsentry vs snort
Hi, I'm currently running Portsentry on a box, and I've got it configured to add an ipchains rule firewalling off all access to an IP that touches one of the ports that Portsentry is listening on (after doing some sanity checks on where the portscan/port access came from). I find the way that Portsentry runs (listening on a whole pile of dummy ports) reasonably unattractive, and I'd prefer to use snort to perform the same task if possible. Can snort be configured to call an external program when particular rules are matched (or better still, when a portscan is detected)? The resp and react rule keywords don't seem to quite cut it, and ideally I'd like something real time, not something that trolls snort's logs every n minutes and reacts retrospectively. regards Andrew
Running/Compiling latest snort on potato
Greetings, Anyone had success compiling snort 1.81 on a stable potato box? Looking at the snort website, there is a question regarding libpcap < 0.5 under Redhat that will cause problems, does anyone know if this is this redhat specific? Potato only offers libpcap0 0.4a6-3. I dont have to have 1.81 of snort (would be nice though!), just db support (1.7 or above) Any success stories? I know there are now debian packages for snort, but going to unstable/testing isnt an option ;) Any responces appreciated. Cheers, SHANE MACHON Network Administrator Technical Project Manager Two Purple Plums Pty Ltd. TPP Internet Development (NetNames Australasia) PO Box 334, Manly NSW, 1655, Australia Tel. +61 2 9970 5242 Fax. +61 2 9970 8262 Eml. [EMAIL PROTECTED] == TPP Internet Development (NetNames Australasia) The International Domain Name Registry Registering Domain Names in over 200 countries http://www.netnames.com.au http://www.internetdevelopment.com.au http://www.twoplums.com.au ==
Re: Running/Compiling latest snort on potato
Compiled and ran fine for me with libpcap 0.4a6. --sjk On 4 Sep, Shane Machon wrote: > Greetings, > > Anyone had success compiling snort 1.81 on a stable potato box? > > Looking at the snort website, there is a question regarding libpcap < > 0.5 under Redhat that will cause problems, does anyone know if this is > this redhat specific? Potato only offers libpcap0 0.4a6-3. > > I dont have to have 1.81 of snort (would be nice though!), just db > support (1.7 or above) > > Any success stories? > > I know there are now debian packages for snort, but going to > unstable/testing isnt an option ;) > > > Any responces appreciated. > > Cheers, > > SHANE MACHON > Network Administrator > Technical Project Manager > Two Purple Plums Pty Ltd. > TPP Internet Development > (NetNames Australasia) > > PO Box 334, Manly > NSW, 1655, Australia > Tel. +61 2 9970 5242 > Fax. +61 2 9970 8262 > Eml. [EMAIL PROTECTED] > > == > TPP Internet Development (NetNames Australasia) > The International Domain Name Registry > Registering Domain Names in over 200 countries > http://www.netnames.com.au > http://www.internetdevelopment.com.au > http://www.twoplums.com.au > == > > -- Aude Sepere --- [EMAIL PROTECTED] Audax et Cautus --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Problems with pam_access
Hello, I am using pure-ftpd 0.99.1b (compiled from source) on a potato-system with kernel 2.4.9. I want to make one ftp-account accessible only for certain IP-addresses. This is possible by using pam_access and it works fine with ssh. I added this line to /etc/pam.d/pure-ftpd: "account required pam_access.so" When I try to login I get: "pam_access[1585]: couldn't get the tty name" in my logfiles and the login fails immediately without a timeout. pure-ftpd is running in standalone-mode (not from inetd) and I don't want to change that. PAM works fine and pure-ftpd is compiled --with-pam Any hints? Regards, Phil -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
CODA + portmapper == insecure?
I'm interested in doing CODA file system over the internet. It has all the features of a networked filesystem that I'm interested in. The only problem seems to be that it requires the use of the portmapper. From my NFS day, I seem to remember that portmapper is insecure. Is this true? Is CODA itself secure? It seems to use kerberos for authentication. Is there some way for it to use ssh port forwarding instead? -- (__) Doug Alcorn (mailto:[EMAIL PROTECTED] http://www.lathi.net) oo / PGP 02B3 1E26 BCF2 9AAF 93F1 61D7 450C B264 3E63 D543 |_/ If you're a capitalist and you have the best goods and they're free, you don't have to proselytize, you just have to wait. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Portsentry vs snort
Hi, I'm currently running Portsentry on a box, and I've got it configured to add an ipchains rule firewalling off all access to an IP that touches one of the ports that Portsentry is listening on (after doing some sanity checks on where the portscan/port access came from). I find the way that Portsentry runs (listening on a whole pile of dummy ports) reasonably unattractive, and I'd prefer to use snort to perform the same task if possible. Can snort be configured to call an external program when particular rules are matched (or better still, when a portscan is detected)? The resp and react rule keywords don't seem to quite cut it, and ideally I'd like something real time, not something that trolls snort's logs every n minutes and reacts retrospectively. regards Andrew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Running/Compiling latest snort on potato
Greetings, Anyone had success compiling snort 1.81 on a stable potato box? Looking at the snort website, there is a question regarding libpcap < 0.5 under Redhat that will cause problems, does anyone know if this is this redhat specific? Potato only offers libpcap0 0.4a6-3. I dont have to have 1.81 of snort (would be nice though!), just db support (1.7 or above) Any success stories? I know there are now debian packages for snort, but going to unstable/testing isnt an option ;) Any responces appreciated. Cheers, SHANE MACHON Network Administrator Technical Project Manager Two Purple Plums Pty Ltd. TPP Internet Development (NetNames Australasia) PO Box 334, Manly NSW, 1655, Australia Tel. +61 2 9970 5242 Fax. +61 2 9970 8262 Eml. [EMAIL PROTECTED] == TPP Internet Development (NetNames Australasia) The International Domain Name Registry Registering Domain Names in over 200 countries http://www.netnames.com.au http://www.internetdevelopment.com.au http://www.twoplums.com.au == -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Can someone help a Newbie
Quoting cdpye ([EMAIL PROTECTED]): > I have noticed recently that attempted connections to my box aren't being > logged in syslog. It's possible that RH installed a deamon like 'tcplogd' and 'icmplogd' by default or you just enabled that option. These deamons show incomming connection attempts and icmp requests. Both these programs are in the 'iplogger' package. They do not show refused connections, this, as someone else on this thread suggested, can be found in the /var/log/auth.log file, or, if you install a firewall that supports logging events like iptables, you can have extensive information of incomming events and refused events on your connection... Regards, Sander. -- | If a jogger runs at the speed of sound, can he still hear his Walkman? | CistroN Internet Services, Linux Specialists & Perl Experts | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D
BOFH
Because of loads of resonses to me willing to send the script I've put it on the web for now, it's at: http://www.insecure.nl/~vdong/ Greetz, Ivo Without the darkness, how would you recognize the light?
Re: Can someone help a Newbie
Quoting cdpye ([EMAIL PROTECTED]): > I have noticed recently that attempted connections to my box aren't being > logged in syslog. It's possible that RH installed a deamon like 'tcplogd' and 'icmplogd' by default or you just enabled that option. These deamons show incomming connection attempts and icmp requests. Both these programs are in the 'iplogger' package. They do not show refused connections, this, as someone else on this thread suggested, can be found in the /var/log/auth.log file, or, if you install a firewall that supports logging events like iptables, you can have extensive information of incomming events and refused events on your connection... Regards, Sander. -- | If a jogger runs at the speed of sound, can he still hear his Walkman? | CistroN Internet Services, Linux Specialists & Perl Experts | 1024D/08CEC94D - 34B3 3314 B146 E13C 70C8 9BDB D463 7E41 08CE C94D -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
BOFH
Because of loads of resonses to me willing to send the script I've put it on the web for now, it's at: http://www.insecure.nl/~vdong/ Greetz, Ivo Without the darkness, how would you recognize the light? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
a filter for tcp socket
hello, this is a work i would like to study but i fall in problem when looking for Linux Socket Filtering Documentation. I want to make a filter that can alterate data on tcp packets following some rules ( e.g. faking icq messages to give you an idea ) and must block the original packet (or rewrite it ... aniway it's IMPORTANT the original packet can't arrive to destination) . this filter has to run on a machine in which traffic pass through ( e.g. a linux gw on a LAN ) . the only way i find to do that ( attach a program that filter sockets) is through Linux Socket Filtering but it seem not to be any docs about that. is there someone who has links to docs, examples or can suggest me another way to do that ? thanks Samuele -- Samuele Tonon <[EMAIL PROTECTED]> Undergraduate Student of Computer Science at University of Bologna, Italy System administrator at Computer Science Lab's, University of Bologna, Italy Founder & Member of A.A.H.T. UIN 3155609 Acid -- better living through chemistry. Timothy Leary
Re: Is ident secure?
slightly off topic ... but identd is pretty insecure ... directly copied from the nmap man page As noted by Dave Goldsmith in a 1996 Bugtraq post, the ident protocol (rfc 1413) allows for the disclosure of the username that owns any process connected via TCP, even if that process didn't initiate the conĀ nection. So you can, for example, connect to the http port and then use identd to find out whether the server is running as root. This can only be done with a full TCP connection to the target port (i.e. the -sT scanning option). When -I is used, the remote host's identd is queried for each open port found. Obviously this won't work if the host is not running identd. for some odd reason, I've noticed that when I tell oidentd to bind itself to port 113, it seem prevent this "problem". (Amazingly its still works for legit identd requests) Identd is pretty crappy, however major IRC networks like EFnet will require because less abuse comes from clients with identd. (unless you get lucky and run into an open I:Line server that doesn't need identd.) Sunny Dubey
a filter for tcp socket
hello, this is a work i would like to study but i fall in problem when looking for Linux Socket Filtering Documentation. I want to make a filter that can alterate data on tcp packets following some rules ( e.g. faking icq messages to give you an idea ) and must block the original packet (or rewrite it ... aniway it's IMPORTANT the original packet can't arrive to destination) . this filter has to run on a machine in which traffic pass through ( e.g. a linux gw on a LAN ) . the only way i find to do that ( attach a program that filter sockets) is through Linux Socket Filtering but it seem not to be any docs about that. is there someone who has links to docs, examples or can suggest me another way to do that ? thanks Samuele -- Samuele Tonon <[EMAIL PROTECTED]> Undergraduate Student of Computer Science at University of Bologna, Italy System administrator at Computer Science Lab's, University of Bologna, Italy Founder & Member of A.A.H.T. UIN 3155609 Acid -- better living through chemistry. Timothy Leary -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Is ident secure?
slightly off topic ... but identd is pretty insecure ... directly copied from the nmap man page As noted by Dave Goldsmith in a 1996 Bugtraq post, the ident protocol (rfc 1413) allows for the disclosure of the username that owns any process connected via TCP, even if that process didn't initiate the conĀ nection. So you can, for example, connect to the http port and then use identd to find out whether the server is running as root. This can only be done with a full TCP connection to the target port (i.e. the -sT scanning option). When -I is used, the remote host's identd is queried for each open port found. Obviously this won't work if the host is not running identd. for some odd reason, I've noticed that when I tell oidentd to bind itself to port 113, it seem prevent this "problem". (Amazingly its still works for legit identd requests) Identd is pretty crappy, however major IRC networks like EFnet will require because less abuse comes from clients with identd. (unless you get lucky and run into an open I:Line server that doesn't need identd.) Sunny Dubey -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Sendmail patches in work?
Hi, I wonder whether a sendmail security patch (input validation error, BUGTRAQ ID: 3163) will be available soon? It is reported that a working exploit is available on the net. So I consider to get an updated version from sendmail.org, if a debian package will not be available in the near future. Thanks, Thomas
Re: HARASS ME MORE.........
Pedro Zorzenon Neto, Why do you assume he's got parents. He comes across as an orphan. Pedro Zorzenon Neto ([EMAIL PROTECTED]) said thusly on [01/09/01 at 15:01]: > > I also blame him for not complaining politely at his first reply to the list. > He just started complaining with words I won't repeat here... > > Layne, Did your parents teach you how to be polite? > > Best Regards, > Pedro > >
Re: HARASS ME MORE.........
Layne, Do you call this being mad? You come across like an idiot. The only e-mail address you could have sent a mail to, you did not. It is the list administrator that I blame for this kind of mails gracing my screen. As for you, you are forgiven. Layne ([EMAIL PROTECTED]) said thusly on [01/09/01 at 06:51]: > I sent my server several complaints about all this harassment. I have 227 > messages on my in box right now from solicitors like you who I never even > subscribed to. If i click on receive messages right now I bet I get 80 more. > Do you think that's fair? Do you blame me for being mad?
Re: answer from abuse@ptd.net
bwuahahahahahaahhahahahahahhaahhahahahaahahhahahahahahaahahhahahahahahahahahaaa know how many copies of that i have on ptd account [EMAIL PROTECTED]
Sendmail patches in work?
Hi, I wonder whether a sendmail security patch (input validation error, BUGTRAQ ID: 3163) will be available soon? It is reported that a working exploit is available on the net. So I consider to get an updated version from sendmail.org, if a debian package will not be available in the near future. Thanks, Thomas -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: HARASS ME MORE.........
Pedro Zorzenon Neto, Why do you assume he's got parents. He comes across as an orphan. Pedro Zorzenon Neto ([EMAIL PROTECTED]) said thusly on [01/09/01 at 15:01]: > > I also blame him for not complaining politely at his first reply to the list. > He just started complaining with words I won't repeat here... > > Layne, Did your parents teach you how to be polite? > > Best Regards, > Pedro > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: HARASS ME MORE.........
Layne, Do you call this being mad? You come across like an idiot. The only e-mail address you could have sent a mail to, you did not. It is the list administrator that I blame for this kind of mails gracing my screen. As for you, you are forgiven. Layne ([EMAIL PROTECTED]) said thusly on [01/09/01 at 06:51]: > I sent my server several complaints about all this harassment. I have 227 > messages on my in box right now from solicitors like you who I never even > subscribed to. If i click on receive messages right now I bet I get 80 more. > Do you think that's fair? Do you blame me for being mad? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: That "Layne" incident (possibly useful information, not just whining!)
I have another quetion. Does it means that: one have vacation (or other tools like that) enabled may be subscribed to a mailing list without their permission? If so, i think that's a security-related-question. PS. I am using M$ Winbows now, I know. Please don't send me unix-vs-nt ...