Re: question about something, but don't know if it exists...
Do you have access to the router/switch/firewall at your end? You might want to consider your internal network not trusted since people are stealing passwords. The easiest solution that comes to my mind is IPSec: make your firewall (or what ever) an IPSec gateway and run everything inside your network over IPSec. No more stealing, I would think. There may be other options as well, but that would end all kinds of network sniffing inside your network. Hmmm... I am afraid it isn't possible, because there are W95 workstations. Or is there anything to support this which is reasonably simple and will rewrite windows sockets into that kind of communication. As I said before the most simple way is to have something like proxy (better say client) which connects onto gate through SSL (I just need in fact pop and http and don't care about the rest (reason is simple these are official kind of communication needed for our organization). I now that my network is untrusted because of those Windows everwhere where you can install DCAP or what is it called and sniff and students are taking notebooks and so ;). cheers Rene Skoba p.s. I hope I would be able to code it but I just needed to know that noone knows any simpler solution. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: question about something, but don't know if it exists...
[EMAIL PROTECTED] wrote: Hmmm... I am afraid it isn't possible, because there are W95 workstations. Or is there anything to support this which is reasonably simple and will rewrite windows sockets into that kind of communication. As I said before the most simple way is to have something like proxy (better say client) which connects onto gate through SSL (I just need in fact pop and http and don't care about the rest (reason is simple these are official kind of communication needed for our organization). I now that my network is untrusted because of those Windows everwhere where you can install DCAP or what is it called and sniff and students are taking notebooks and so ;). cheers Rene Skoba You could use cipe. Karun p.s. I hope I would be able to code it but I just needed to know that noone knows any simpler solution. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: question about something, but don't know if it exists...
[EMAIL PROTECTED] wrote: Hallo there, I really don't know if it should be asked there or somewhere else, but my problem is followin I live in untrusted enviroment which is running 50 computers (it is school and packets are running up and down everywhere). I need to use outside HTML sites and POP accounts, but they, as many providers in Czech, don't support SSL or anything else than just clear autentification. So is there a software which connets onto server (for example proxy) through SSL and then redirect data channels onto right ports as an clear connection outside (I cannot solve the situation on provider routers of course, but it has happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) Can you get a shell account on the outside of your local network? If so SSH over to it, then access the pop mail server. Without having a machine to serve as the endpoint for an excrypted pipe on the outside of your network I don't see a way to secure the communications. Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. -- | Bryan Andersen | [EMAIL PROTECTED] | http://www.nerdvest.com | | Buzzwords are like annoying little flies that deserve to be swatted. | | -Bryan Andersen| -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: nmap ...
On Mon, Nov 05, 2001 at 10:24:34PM +0100, Philipp Schulte wrote: Thats not true. nmap shows open ports which means that something is listening on them. If I connect from localhost:1024 to www.debian.org:80 that does not mean that my port 1024 is open. It doesn't accept connections. I actually think that the explanation from Moritz was correct. I have not seen this kind of behaviour with recent versions of nmap. Yes, that's true. I would say it was a problem with previous versions of libc / kernel / don't know what rather than nmap. I wrote a simple program which endlessly tries to connect to port 6 (of course nothing is listening on that port). here it follows : --- #include stdio.h #include stdlib.h #include unistd.h #include netinet/in.h #include sys/socket.h #include sys/types.h #include arpa/inet.h #include errno.h #include netdb.h #include string.h int main() { int sock; struct sockaddr_in server_addr; struct hostent* host; int retval; int ile = 0; do { sock = socket (AF_INET, SOCK_STREAM, 0); host = gethostbyname (localhost); memset (server_addr, 0, sizeof(struct sockaddr_in)); server_addr.sin_family = AF_INET; server_addr.sin_port = htons (6); memcpy (server_addr.sin_addr, host-h_addr_list[0], sizeof(server_addr.sin_addr)); ile++; retval = connect (sock, (struct sockaddr*)server_addr, sizeof (struct sockaddr_in)); printf ([%d] trying to connect - %d\n,ile,retval); close (sock); /* sleep (1); */ } while (retval == -1); printf ([%d] trying to connect - %d\n,ile,retval); return 0; } --- nothing special, isn't it ? when run in my last potato installation (2.2.x kernel) it ends with : ... [6123] trying to connect - -1 [6124] trying to connect - -1 [6125] trying to connect - 0 The numbers are rather random, but near couple of thousands. If I put 'sleep(1);' (or some delay, let's say bigger than 1/100sec) at the end of each loop, it will run perfectly normal. It also works normal on kernels 2.4.x with libc 6.1, for example on my current debian distribution. I would suspect that what it really does is connecting to _itself_. Imagine that in the 6125-th run of the loop kernel assigns 6 as the source port to 'connect' call - why not ? Or it assigns it a little bit earlier, and this port stays binded, because kernel has no time to free it ? Or maybe I am missing something, then show me please errors in the program above :) best regards, -- Marcin Biekowski -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: question about something, but don't know if it exists...
Hallo, happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) Can you get a shell account on the outside of your local network? If so SSH over to it, then access the pop mail server. Without having a machine to serve as the endpoint for an excrypted pipe on the outside of your network I don't see a way to secure the communications. Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. no money in schools in Czech for something similar ;) I will have to think of about it a lot to make a decision, people mentioned cipe, which is quite interesting but it doesn't support W95 and I still don't know what it really does ;) I was personally thinking about some simple proxy which might change my SSL in CLEAR for port 80 on my proxy and create few accounts for on gate which could periodically get data from outside net and using SSL crypted connection for inner one. Now I know there are many possibilites I have to think about, that's cool, I can think a lot and don't solve anything which makes me feel well ;) cheers Rene Skoba -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: question about something, but don't know if it exists...
On Tuesday, November 6, 2001, at 06:23 AM, Bryan Andersen wrote: [EMAIL PROTECTED] wrote: Hallo there, I really don't know if it should be asked there or somewhere else, but my problem is followin I live in untrusted enviroment which is running 50 computers (it is school and packets are running up and down everywhere). I need to use outside HTML sites and POP accounts, but they, as many providers in Czech, don't support SSL or anything else than just clear autentification. So is there a software which connets onto server (for example proxy) through SSL and then redirect data channels onto right ports as an clear connection outside (I cannot solve the situation on provider routers of course, but it has happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) Can you get a shell account on the outside of your local network? If so SSH over to it, then access the pop mail server. Without having a machine to serve as the endpoint for an excrypted pipe on the outside of your network I don't see a way to secure the communications. what about using fetchmail over ssh? i thought i heard of someone doing that before... or just use plain ssh? Putty, http://www.chiark.greenend.org.uk/~sgtatham/putty/, is an excellent ssh client for windows, and best of all, it's free. == == Twice blessed is help unlooked for. --Tolkien -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IDS
Hi, Try this: http://www.lids.org/ - Original Message - From: Osvaldo Mundim Junior [EMAIL PROTECTED] To: debian-security@lists.debian.org Sent: Monday, November 05, 2001 6:45 PM Subject: IDS Hi, does anybody can tell me where can I get a Instrusion Detection System's base? I need the signatures of attack... tks a lot... -- ___ Osvaldo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
question about something, but don't know if it exists...
Hallo there, I really don't know if it should be asked there or somewhere else, but my problem is followin I live in untrusted enviroment which is running 50 computers (it is school and packets are running up and down everywhere). I need to use outside HTML sites and POP accounts, but they, as many providers in Czech, don't support SSL or anything else than just clear autentification. So is there a software which connets onto server (for example proxy) through SSL and then redirect data channels onto right ports as an clear connection outside (I cannot solve the situation on provider routers of course, but it has happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) thanks Rene Skoba
Re: question about something, but don't know if it exists...
anything else than just clear autentification. So is there a software which connets onto server (for example proxy) through SSL and then redirect data channels onto right ports as an clear connection outside (I cannot solve the situation on provider routers of course, but it has Do you have access to the router/switch/firewall at your end? You might want to consider your internal network not trusted since people are stealing passwords. The easiest solution that comes to my mind is IPSec: make your firewall (or what ever) an IPSec gateway and run everything inside your network over IPSec. No more stealing, I would think. There may be other options as well, but that would end all kinds of network sniffing inside your network. -- --- | Juha Jäykkä, [EMAIL PROTECTED]| | home: http://www.utu.fi/~juolja/ | ---
Re: question about something, but don't know if it exists...
Do you have access to the router/switch/firewall at your end? You might want to consider your internal network not trusted since people are stealing passwords. The easiest solution that comes to my mind is IPSec: make your firewall (or what ever) an IPSec gateway and run everything inside your network over IPSec. No more stealing, I would think. There may be other options as well, but that would end all kinds of network sniffing inside your network. Hmmm... I am afraid it isn't possible, because there are W95 workstations. Or is there anything to support this which is reasonably simple and will rewrite windows sockets into that kind of communication. As I said before the most simple way is to have something like proxy (better say client) which connects onto gate through SSL (I just need in fact pop and http and don't care about the rest (reason is simple these are official kind of communication needed for our organization). I now that my network is untrusted because of those Windows everwhere where you can install DCAP or what is it called and sniff and students are taking notebooks and so ;). cheers Rene Skoba p.s. I hope I would be able to code it but I just needed to know that noone knows any simpler solution.
Re: question about something, but don't know if it exists...
[EMAIL PROTECTED] wrote: Hmmm... I am afraid it isn't possible, because there are W95 workstations. Or is there anything to support this which is reasonably simple and will rewrite windows sockets into that kind of communication. As I said before the most simple way is to have something like proxy (better say client) which connects onto gate through SSL (I just need in fact pop and http and don't care about the rest (reason is simple these are official kind of communication needed for our organization). I now that my network is untrusted because of those Windows everwhere where you can install DCAP or what is it called and sniff and students are taking notebooks and so ;). cheers Rene Skoba You could use cipe. Karun p.s. I hope I would be able to code it but I just needed to know that noone knows any simpler solution.
Re: IDS
On Die, Nov 06, 2001 at 07:52:08 +0100, Administrator wrote: Hi, re, does anybody can tell me where can I get a Instrusion Detection System's base? I need the signatures of attack... Try this: http://www.lids.org/ LIDS is not a NIDS as it sounds. LIDS is capability and mandatory ACLs support in a linux multi-user environment. there are pre-configured signatures for a multi-user environment, but not signatures for network based attacks. get snort from http://www.snort.org and the arachnids patterns from http://www.whitehats.com for a network IDS with signatures for remote attacks (with some basic knowledge, it's easy to understand).
Re: question about something, but don't know if it exists...
[EMAIL PROTECTED] wrote: Hallo there, I really don't know if it should be asked there or somewhere else, but my problem is followin I live in untrusted enviroment which is running 50 computers (it is school and packets are running up and down everywhere). I need to use outside HTML sites and POP accounts, but they, as many providers in Czech, don't support SSL or anything else than just clear autentification. So is there a software which connets onto server (for example proxy) through SSL and then redirect data channels onto right ports as an clear connection outside (I cannot solve the situation on provider routers of course, but it has happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) Can you get a shell account on the outside of your local network? If so SSH over to it, then access the pop mail server. Without having a machine to serve as the endpoint for an excrypted pipe on the outside of your network I don't see a way to secure the communications. Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. -- | Bryan Andersen | [EMAIL PROTECTED] | http://www.nerdvest.com | | Buzzwords are like annoying little flies that deserve to be swatted. | | -Bryan Andersen|
Re: nmap ...
On Mon, Nov 05, 2001 at 10:24:34PM +0100, Philipp Schulte wrote: Thats not true. nmap shows open ports which means that something is listening on them. If I connect from localhost:1024 to www.debian.org:80 that does not mean that my port 1024 is open. It doesn't accept connections. I actually think that the explanation from Moritz was correct. I have not seen this kind of behaviour with recent versions of nmap. Yes, that's true. I would say it was a problem with previous versions of libc / kernel / don't know what rather than nmap. I wrote a simple program which endlessly tries to connect to port 6 (of course nothing is listening on that port). here it follows : --- #include stdio.h #include stdlib.h #include unistd.h #include netinet/in.h #include sys/socket.h #include sys/types.h #include arpa/inet.h #include errno.h #include netdb.h #include string.h int main() { int sock; struct sockaddr_in server_addr; struct hostent* host; int retval; int ile = 0; do { sock = socket (AF_INET, SOCK_STREAM, 0); host = gethostbyname (localhost); memset (server_addr, 0, sizeof(struct sockaddr_in)); server_addr.sin_family = AF_INET; server_addr.sin_port = htons (6); memcpy (server_addr.sin_addr, host-h_addr_list[0], sizeof(server_addr.sin_addr)); ile++; retval = connect (sock, (struct sockaddr*)server_addr, sizeof (struct sockaddr_in)); printf ([%d] trying to connect - %d\n,ile,retval); close (sock); /* sleep (1); */ } while (retval == -1); printf ([%d] trying to connect - %d\n,ile,retval); return 0; } --- nothing special, isn't it ? when run in my last potato installation (2.2.x kernel) it ends with : ... [6123] trying to connect - -1 [6124] trying to connect - -1 [6125] trying to connect - 0 The numbers are rather random, but near couple of thousands. If I put 'sleep(1);' (or some delay, let's say bigger than 1/100sec) at the end of each loop, it will run perfectly normal. It also works normal on kernels 2.4.x with libc 6.1, for example on my current debian distribution. I would suspect that what it really does is connecting to _itself_. Imagine that in the 6125-th run of the loop kernel assigns 6 as the source port to 'connect' call - why not ? Or it assigns it a little bit earlier, and this port stays binded, because kernel has no time to free it ? Or maybe I am missing something, then show me please errors in the program above :) best regards, -- Marcin Bieńkowski
Re: question about something, but don't know if it exists...
Hallo, happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) Can you get a shell account on the outside of your local network? If so SSH over to it, then access the pop mail server. Without having a machine to serve as the endpoint for an excrypted pipe on the outside of your network I don't see a way to secure the communications. Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. no money in schools in Czech for something similar ;) I will have to think of about it a lot to make a decision, people mentioned cipe, which is quite interesting but it doesn't support W95 and I still don't know what it really does ;) I was personally thinking about some simple proxy which might change my SSL in CLEAR for port 80 on my proxy and create few accounts for on gate which could periodically get data from outside net and using SSL crypted connection for inner one. Now I know there are many possibilites I have to think about, that's cool, I can think a lot and don't solve anything which makes me feel well ;) cheers Rene Skoba
Re: question about something, but don't know if it exists...
On Tuesday, November 6, 2001, at 06:23 AM, Bryan Andersen wrote: [EMAIL PROTECTED] wrote: Hallo there, I really don't know if it should be asked there or somewhere else, but my problem is followin I live in untrusted enviroment which is running 50 computers (it is school and packets are running up and down everywhere). I need to use outside HTML sites and POP accounts, but they, as many providers in Czech, don't support SSL or anything else than just clear autentification. So is there a software which connets onto server (for example proxy) through SSL and then redirect data channels onto right ports as an clear connection outside (I cannot solve the situation on provider routers of course, but it has happen few times that students stole their passwords and so on and mainly they could steal even teacher's these days.) Can you get a shell account on the outside of your local network? If so SSH over to it, then access the pop mail server. Without having a machine to serve as the endpoint for an excrypted pipe on the outside of your network I don't see a way to secure the communications. what about using fetchmail over ssh? i thought i heard of someone doing that before... or just use plain ssh? Putty, http://www.chiark.greenend.org.uk/~sgtatham/putty/, is an excellent ssh client for windows, and best of all, it's free. == == Twice blessed is help unlooked for. --Tolkien
Re: question about something, but don't know if it exists...
Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. Just a warning, this would buy you absolutely nothing (outside of some performance). There are enough tools out there capable of ARP spoofing the switch that you'd be protected for as long as it took someone to apt-get install hunt on one of their laptops.