Re: Which ssh should I have?
Wichert Akkerman <[EMAIL PROTECTED]> immo vero scripsit > That's because nessus only checks the version number, and since we > backported the patch we still have the old version number even though > we are safe. CERT tells me Debian potato is vulnerable. We might want to correct them if they are wong. http://www.cert.org/incident_notes/IN-2001-12.html http://www.kb.cert.org/vuls/id/945216 tells me: Vender Status Date updated Debian Vulnerable 2-Nov-2001 regards, junichi -- [EMAIL PROTECTED] http://www.netfort.gr.jp/~dancer
Re: Hard Disk Organization
The deal with RAID is that it only protects you from hardware failure, not software failure. If you accidentally delete a file or someone hacks your machine, the data will be erased from both sides of the mirror. Personally I think software failure is more likely than hardware (unless you have those IBM 75xx drives). You still can use two drives instead of a tape backup, just make an daily incremental backup to the backup drive plus a weekly full backup. From: "John" <[EMAIL PROTECTED]> > I'd recommend that you consider using RAID1 mirroring to help save you > from future problems if you're not going to enlist some kind of backup > system. I have recentl put together a machine that looks like:
Re: Which ssh should I have?
Wichert Akkerman <[EMAIL PROTECTED]> immo vero scripsit > That's because nessus only checks the version number, and since we > backported the patch we still have the old version number even though > we are safe. CERT tells me Debian potato is vulnerable. We might want to correct them if they are wong. http://www.cert.org/incident_notes/IN-2001-12.html http://www.kb.cert.org/vuls/id/945216 tells me: Vender Status Date updated Debian Vulnerable 2-Nov-2001 regards, junichi -- [EMAIL PROTECTED] http://www.netfort.gr.jp/~dancer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
Previously Ethan Benson wrote: > sorry i don't leave known security holes wide open on my boxes. only > an idiot does that. If you think your box does not have currently unknown holes you are naive :) Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Debconf and noexec on /tmp
On Thu, Nov 08, 2001 at 03:32:06PM -0800, Vineet Kumar wrote: > > Well, on some level, *every* system is vulnerable to scriptkiddies. The > worst security flaw is admin hubris; always remember that you are not > immune. sorry i don't leave known security holes wide open on my boxes. only an idiot does that. > This is the whole point of a scriptkiddie; they don't know what they're > dong -- they just download the sploits and run them. If they work, they > work, if they don't they go on to the next machine in pac bell's DSL > subnets =p if you think thats the only kind of attacker your naive. -- Ethan Benson http://www.alaska.net/~erbenson/ pgp4uiK3NK7BA.pgp Description: PGP signature
Re: Hard Disk Organization
On Thu, Nov 08, 2001 at 10:28:11PM +0100, eim wrote: > So I've lost sdb1 and all my important data, but fortunately > my home dir is still there ! > > My question is, has somebody any suggestions on how to > organize personal data, maybe some Real Life examples in > order to share opinions on a Secure and Safe Data Organization. > I'm of course talking about a Work Station and not a Server for > many different users. > > If anyone has some examples or suggestions I'm ready to > share any ideas... I'd recommend that you consider using RAID1 mirroring to help save you from future problems if you're not going to enlist some kind of backup system. I have recentl put together a machine that looks like: Filesystem 1k-blocks Used Available Use% Mounted on /dev/md1 17354080543532 16634236 4% / /dev/md0 23239 3986 19013 18% /boot /dev/md4 39571176 12024 39157128 1% /mnt/data $ cat /proc/mdstat Personalities : [linear] [raid0] [raid1] [raid5] read_ahead 1024 sectors md4 : active raid1 hdc1[1] hda1[0] 40202560 blocks [2/2] [UU] md0 : active raid1 sdb1[1] sda1[0] 24000 blocks [2/2] [UU] md1 : active raid1 sdb3[1] sda3[0] 17631232 blocks [2/2] [UU] unused devices: The entire machine is mirrored on two 18G SCSI drives (system and home directories) and two 40G IDE drives for stored data, misc html for the wife and misc ppl, avi, mov for my digital video editing. I feel pretty safe on this machine, barring total catostrpohic failure of the entire machine resulting in system physical damage (fire or water). However, hardware failures make me less worried (there's always SOME concern that it will all crap out, but it's better than nothing). Not only was putting this machine together a good exercise in assembling a top notch server for home in practice for more similar work in the job, but it's a good way to use inexpensive disk (Hey, there's that I in RAID again ;) to make backups. Far cheaper than a tape drive and tapes would have been for me. I used the boot+root+raid+lilo3 howto for guidance. It was easy. I assume it was as easy as it was due to the fact that I used the 'if you have a spare drive to build with' method. Barring having some kind of tape backup, this would be your best option. (IMHO) j
Re: Debconf and noexec on /tmp
Previously Rolf Kutz wrote: > If you have a linux-fileserver serving binaries for > linux-workstations, how should it tell? It won't have any effect then anyway. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Hard Disk Organization
The deal with RAID is that it only protects you from hardware failure, not software failure. If you accidentally delete a file or someone hacks your machine, the data will be erased from both sides of the mirror. Personally I think software failure is more likely than hardware (unless you have those IBM 75xx drives). You still can use two drives instead of a tape backup, just make an daily incremental backup to the backup drive plus a weekly full backup. From: "John" <[EMAIL PROTECTED]> > I'd recommend that you consider using RAID1 mirroring to help save you > from future problems if you're not going to enlist some kind of backup > system. I have recentl put together a machine that looks like: -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
* Quoting Wichert Akkerman ([EMAIL PROTECTED]): > Previously Rolf Kutz wrote: > > If you mount partitions of a different OS or > > machine, whose programs can't or shouldn't be > > executed. > > Any sane OS will gave a sane error when you do that anyway. If you have a linux-fileserver serving binaries for linux-workstations, how should it tell? - Rolf
Re: Debconf and noexec on /tmp
* Ethan Benson ([EMAIL PROTECTED]) [011108 07:56]: > On Thu, Nov 08, 2001 at 03:43:56PM +0100, Wichert Akkerman wrote: > > Previously Ethan Benson wrote: > > > its not, it provides you NO extra security whatsoever, and will break > > > many many things. > > > > It breaks a fair number of scripts that script-kiddies use, and as > > such it is somewhat useful. > > 1: if your system is vulnerable to script kiddies then admin needs to >be taken out back and beaten with a large LART. Well, on some level, *every* system is vulnerable to scriptkiddies. The worst security flaw is admin hubris; always remember that you are not immune. > 2: if the script kiddie even has 2 tenths of a percent of clue he will >figure out how to move the file somewhere else, or use my earlier >mentiond ld//bin/sh method of execution. This is the whole point of a scriptkiddie; they don't know what they're dong -- they just download the sploits and run them. If they work, they work, if they don't they go on to the next machine in pac bell's DSL subnets =p -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M' pgpshAyrDu688.pgp Description: PGP signature
Re: FTP and security
* Brandon High ([EMAIL PROTECTED]) [011108 12:25]: > On Thu, Nov 08, 2001 at 10:29:08PM +0100, Luc MAIGNAN wrote: > > Is FTP really insecure ? > > I use a version of ProFtpd. > > The protocol is insecure, since it sends login and authentication > information over the wire in clear text. ...which has no bearing on anonymous ftp access. Again, it all comes down to what your needs are for functionality and for security. Anonymous ftp can be set up quite securely. As others have suggested, sftp works well for me. I use ssh.com's windows client (free for hobbyist use), which is simple enough for anyone familiar with windows' drag-and-drop interface. > Different FTP daemons have different security issues. This, of course, is very true, and, unfortunately, I can offer no good advice in terms of which are more secure than others (though I can warn that staying away from WU is probably a good idea). good times, -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M' pgpIGewMxobyu.pgp Description: PGP signature
Re: FTP and security
On 09.11.2001 00:52 Petter Abrahamsson wrote: Try gftp, it will do the trick for you I tried it some time ago (and now again), but it seems to use some other kind of sftp system we have here... It tries to start sftpserv from remote machine, and there are none. Instead there are sftp-server (tried few machines, Linux with OpenSSH, SunOS with SSH2 etc.), which seems not to be compatible. Is there any option which I missed or is gftp just incompatible with 'normal' ssh? -- Jari Eskelinen * http://jarpatus.cjb.net/ * [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
Previously Ethan Benson wrote: > sorry i don't leave known security holes wide open on my boxes. only > an idiot does that. If you think your box does not have currently unknown holes you are naive :) Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
On Thu, 2001-11-08 at 15:25, Jari Eskelinen wrote: > > > While were on the subject, is there an OpenSSH port of SFTP? > > openssh has a sftp subsystem, yes. > > How about sftp-client with decent (G)UI, is there one (for Linux, > preferable for Debian)? OpenSSH's sftp-client is pathetic. How you even > can upload/download whole subdirectories with it? Try gftp, it will do the trick for you > -- > Jari Eskelinen * http://jarpatus.cjb.net/ * [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- \|/ (o o) *---oo0---(_)---0oo* | Petter Abrahamsson [EMAIL PROTECTED] | | +1 801 913 1876ICQ: 3366038 | *--*
Re: Debconf and noexec on /tmp
On Thu, Nov 08, 2001 at 03:32:06PM -0800, Vineet Kumar wrote: > > Well, on some level, *every* system is vulnerable to scriptkiddies. The > worst security flaw is admin hubris; always remember that you are not > immune. sorry i don't leave known security holes wide open on my boxes. only an idiot does that. > This is the whole point of a scriptkiddie; they don't know what they're > dong -- they just download the sploits and run them. If they work, they > work, if they don't they go on to the next machine in pac bell's DSL > subnets =p if you think thats the only kind of attacker your naive. -- Ethan Benson http://www.alaska.net/~erbenson/ msg04110/pgp0.pgp Description: PGP signature
Re: Hard Disk Organization
Just curious but how did you lose the data? I seem to hve run into huge disk prlbems with page defualts On 8 Nov 2001, eim wrote: >Date: 08 Nov 2001 22:28:11 +0100 >From: eim <[EMAIL PROTECTED]> >To: Debian-Security List >Subject: Hard Disk Organization >Resent-From: debian-security@lists.debian.org > >Two days ago I've lost all my Personal Data on my Second HDD, >Personal Data like Photos, Images, Audio Stuff, Source Code, >Mails: everything gone...! > >I had some Backups fortuneatly but most stuff is lost forever. > >Well, now I'm Ready to start my Personal Data Organization from >the begining, I've a Debian SCSI Workstation with 2 x 8GB SCSI >Drives, "sda" and "sdb". > >Until now my Data Organization was like this: > >HD0 >- >/dev/sda1 = / (Debian root paritition)7900 MB >/dev/sda2 = swap (swap paritition) 100 MB >- > >HD1 >- >/dev/sdb1 = /mnt/d (Personal Data) 8000 MB >- > > >My user home directory is in "/home/eim" on sda1 but most >of my Real Important Files are in "/mnt/d" which is sdb1. > >So I've lost sdb1 and all my important data, but fortunately >my home dir is still there ! > >My question is, has somebody any suggestions on how to >organize personal data, maybe some Real Life examples in >order to share opinions on a Secure and Safe Data Organization. >I'm of course talking about a Work Station and not a Server for >many different users. > >If anyone has some examples or suggestions I'm ready to >share any ideas... > >Thanks for any help, >Have a good time... > >Ivo Marino > >
Re: FTP and security
(2001-11-09) Jari Eskelinen sed : | > > While were on the subject, is there an OpenSSH port of SFTP? | > openssh has a sftp subsystem, yes. | | How about sftp-client with decent (G)UI, is there one (for Linux, | preferable for Debian)? OpenSSH's sftp-client is pathetic. How you even | can upload/download whole subdirectories with it? Hum, using the port forwarding of ssh, it's easy. Just ssh -L 2000:remote_host:21 remote_host, then use any ftp client you want to connect on the port 2000 of localhost. -- VALLIET Emmanuel Webmotion Inc. (-> http://www.webmotion.com <-) Does killing time damage eternity?
Re: FTP and security
On Thu, Nov 08, 2001 at 04:57:22PM -0500, Adam Spickler wrote: > Is there a decent Windows FTP application that supports sftp? Unfortunately, > I have to use Windows at work. :/ Well, there's always cygwin. It almost makes Windows liveable. > On Thu, Nov 08, 2001 at 10:55:17PM +0100, Wichert Akkerman wrote: > > Previously Lars Bjarby wrote: > > > While were on the subject, is there an OpenSSH port of SFTP? > > > > openssh has a sftp subsystem, yes. > > > > Wichert. > > > > -- > > _ > > /[EMAIL PROTECTED] This space intentionally left occupied \ > > | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | > > | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > > - > Adam Spickler > Whaddu LLC. > http://www.whaddu.com > WebHosting and Design/Development Unlimited > - > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Share and Enjoy.
Re: Hard Disk Organization
On Thu, Nov 08, 2001 at 10:28:11PM +0100, eim wrote: > So I've lost sdb1 and all my important data, but fortunately > my home dir is still there ! > > My question is, has somebody any suggestions on how to > organize personal data, maybe some Real Life examples in > order to share opinions on a Secure and Safe Data Organization. > I'm of course talking about a Work Station and not a Server for > many different users. > > If anyone has some examples or suggestions I'm ready to > share any ideas... I'd recommend that you consider using RAID1 mirroring to help save you from future problems if you're not going to enlist some kind of backup system. I have recentl put together a machine that looks like: Filesystem 1k-blocks Used Available Use% Mounted on /dev/md1 17354080543532 16634236 4% / /dev/md0 23239 3986 19013 18% /boot /dev/md4 39571176 12024 39157128 1% /mnt/data $ cat /proc/mdstat Personalities : [linear] [raid0] [raid1] [raid5] read_ahead 1024 sectors md4 : active raid1 hdc1[1] hda1[0] 40202560 blocks [2/2] [UU] md0 : active raid1 sdb1[1] sda1[0] 24000 blocks [2/2] [UU] md1 : active raid1 sdb3[1] sda3[0] 17631232 blocks [2/2] [UU] unused devices: The entire machine is mirrored on two 18G SCSI drives (system and home directories) and two 40G IDE drives for stored data, misc html for the wife and misc ppl, avi, mov for my digital video editing. I feel pretty safe on this machine, barring total catostrpohic failure of the entire machine resulting in system physical damage (fire or water). However, hardware failures make me less worried (there's always SOME concern that it will all crap out, but it's better than nothing). Not only was putting this machine together a good exercise in assembling a top notch server for home in practice for more similar work in the job, but it's a good way to use inexpensive disk (Hey, there's that I in RAID again ;) to make backups. Far cheaper than a tape drive and tapes would have been for me. I used the boot+root+raid+lilo3 howto for guidance. It was easy. I assume it was as easy as it was due to the fact that I used the 'if you have a spare drive to build with' method. Barring having some kind of tape backup, this would be your best option. (IMHO) j -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
> While were on the subject, is there an OpenSSH port of SFTP? openssh has a sftp subsystem, yes. How about sftp-client with decent (G)UI, is there one (for Linux, preferable for Debian)? OpenSSH's sftp-client is pathetic. How you even can upload/download whole subdirectories with it? -- Jari Eskelinen * http://jarpatus.cjb.net/ * [EMAIL PROTECTED]
RE: Re: FTP and security
There's also putty. Free software that will allow your windows box to ssh into your linux machine and supports vim syntax coloring. Mark Janssen <[EMAIL PROTECTED]> wrote: >On Thu, Nov 08, 2001 at 04:57:22PM -0500, Adam Spickler wrote: >> Is there a decent Windows FTP application that supports sftp? >> Unfortunately, I have to use Windows at work. :/ > >cygwin includes openssh... and the sftp it has supports everything you >need. > >-- >Mark Janssen Unix Consultant @ SyConOS IT >E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178 >http: maniac.nl, unix-god.[net|org], markjanssen.[com|net|org|nl] > __ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with [EMAIL PROTECTED] http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/
RE: FTP and security
You can try SecureFX from Van Dyke Technologies, www.vandyke.com I think. It works pretty well. It supports ftp and sftp. # Jesse Molina lanner, Snow # Network Engineer Maximum Charisma Studios Inc. # [EMAIL PROTECTED] 1.303.432.0286 # end of sig > -Original Message- > From: Adam Spickler [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 08, 2001 2:57 PM > To: debian-security@lists.debian.org > Subject: Re: FTP and security > > > Is there a decent Windows FTP application that supports sftp? > Unfortunately, I have to use Windows at work. :/ > > Thanks, > Adam > > > On Thu, Nov 08, 2001 at 10:55:17PM +0100, Wichert Akkerman wrote: > > Previously Lars Bjarby wrote: > > > While were on the subject, is there an OpenSSH port of SFTP? > > > > openssh has a sftp subsystem, yes. > > > > Wichert. > > > > -- > > _ > > /[EMAIL PROTECTED] This space intentionally left occupied \ > > | [EMAIL PROTECTED] http://www.liacs.nl/~wichert/ | > | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
> On Thu, Nov 08, 2001 at 04:57:22PM -0500, Adam Spickler wrote: > > Is there a decent Windows FTP application that supports sftp? > > Unfortunately, I have to use Windows at work. :/ > > cygwin includes openssh... and the sftp it has supports everything you > need. Or, try Putty: http://www.chiark.greenend.org.uk/~sgtatham/putty/ It's not bad - small footprint and runs pretty well. The ssh client is pretty much like an xterm (it's what I'm using from work right now). KEN -- Kenneth J. Pronovici <[EMAIL PROTECTED]> Personal Homepage: http://www.skyjammer.com/~pronovic/ "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, Historical Review of Pennsylvania, 1759
Re: FTP and security
On Thu, Nov 08, 2001 at 04:57:22PM -0500, Adam Spickler wrote: > Is there a decent Windows FTP application that supports sftp? Unfortunately, > I have to use Windows at work. :/ cygwin includes openssh... and the sftp it has supports everything you need. -- Mark Janssen Unix Consultant @ SyConOS IT E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178 http: maniac.nl, unix-god.[net|org], markjanssen.[com|net|org|nl] pgpPkXtSjAs6m.pgp Description: PGP signature
Re: Debconf and noexec on /tmp
Previously Rolf Kutz wrote: > If you have a linux-fileserver serving binaries for > linux-workstations, how should it tell? It won't have any effect then anyway. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
Is there a decent Windows FTP application that supports sftp? Unfortunately, I have to use Windows at work. :/ Thanks, Adam On Thu, Nov 08, 2001 at 10:55:17PM +0100, Wichert Akkerman wrote: > Previously Lars Bjarby wrote: > > While were on the subject, is there an OpenSSH port of SFTP? > > openssh has a sftp subsystem, yes. > > Wichert. > > -- > _ > /[EMAIL PROTECTED] This space intentionally left occupied \ > | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | > | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited -
Re: FTP and security
Previously Lars Bjarby wrote: > While were on the subject, is there an OpenSSH port of SFTP? openssh has a sftp subsystem, yes. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: FTP and security
At 22:29 2001-11-08, Luc MAIGNAN wrote: Is FTP really insecure ? I use a version of ProFtpd. A protocol that sends the passwords in clear text is anything but secure. If you have to use FTP you should probably have diffrent usernames and/or passwords in the ftpd. While were on the subject, is there an OpenSSH port of SFTP? .oO laban - [EMAIL PROTECTED] - [EMAIL PROTECTED] - PGP key available Oo.
Re: Debconf and noexec on /tmp
* Quoting Wichert Akkerman ([EMAIL PROTECTED]): > Previously Rolf Kutz wrote: > > If you mount partitions of a different OS or > > machine, whose programs can't or shouldn't be > > executed. > > Any sane OS will gave a sane error when you do that anyway. If you have a linux-fileserver serving binaries for linux-workstations, how should it tell? - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
* Ethan Benson ([EMAIL PROTECTED]) [011108 07:56]: > On Thu, Nov 08, 2001 at 03:43:56PM +0100, Wichert Akkerman wrote: > > Previously Ethan Benson wrote: > > > its not, it provides you NO extra security whatsoever, and will break > > > many many things. > > > > It breaks a fair number of scripts that script-kiddies use, and as > > such it is somewhat useful. > > 1: if your system is vulnerable to script kiddies then admin needs to >be taken out back and beaten with a large LART. Well, on some level, *every* system is vulnerable to scriptkiddies. The worst security flaw is admin hubris; always remember that you are not immune. > 2: if the script kiddie even has 2 tenths of a percent of clue he will >figure out how to move the file somewhere else, or use my earlier >mentiond ld//bin/sh method of execution. This is the whole point of a scriptkiddie; they don't know what they're dong -- they just download the sploits and run them. If they work, they work, if they don't they go on to the next machine in pac bell's DSL subnets =p -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M' msg04106/pgp0.pgp Description: PGP signature
Hard Disk Organization
Two days ago I've lost all my Personal Data on my Second HDD, Personal Data like Photos, Images, Audio Stuff, Source Code, Mails: everything gone...! I had some Backups fortuneatly but most stuff is lost forever. Well, now I'm Ready to start my Personal Data Organization from the begining, I've a Debian SCSI Workstation with 2 x 8GB SCSI Drives, "sda" and "sdb". Until now my Data Organization was like this: HD0 - /dev/sda1 = / (Debian root paritition)7900 MB /dev/sda2 = swap(swap paritition) 100 MB - HD1 - /dev/sdb1 = /mnt/d (Personal Data) 8000 MB - My user home directory is in "/home/eim" on sda1 but most of my Real Important Files are in "/mnt/d" which is sdb1. So I've lost sdb1 and all my important data, but fortunately my home dir is still there ! My question is, has somebody any suggestions on how to organize personal data, maybe some Real Life examples in order to share opinions on a Secure and Safe Data Organization. I'm of course talking about a Work Station and not a Server for many different users. If anyone has some examples or suggestions I'm ready to share any ideas... Thanks for any help, Have a good time... Ivo Marino -- Ivo Marino[EMAIL PROTECTED] UN*X Developer, running Debian GNU/Linux DALnet #flex http://eimbox.org
Re: FTP and security
* Brandon High ([EMAIL PROTECTED]) [011108 12:25]: > On Thu, Nov 08, 2001 at 10:29:08PM +0100, Luc MAIGNAN wrote: > > Is FTP really insecure ? > > I use a version of ProFtpd. > > The protocol is insecure, since it sends login and authentication > information over the wire in clear text. ...which has no bearing on anonymous ftp access. Again, it all comes down to what your needs are for functionality and for security. Anonymous ftp can be set up quite securely. As others have suggested, sftp works well for me. I use ssh.com's windows client (free for hobbyist use), which is simple enough for anyone familiar with windows' drag-and-drop interface. > Different FTP daemons have different security issues. This, of course, is very true, and, unfortunately, I can offer no good advice in terms of which are more secure than others (though I can warn that staying away from WU is probably a good idea). good times, -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M' msg04105/pgp0.pgp Description: PGP signature
Re: FTP and security
On 09.11.2001 00:52 Petter Abrahamsson wrote: > Try gftp, it will do the trick for you I tried it some time ago (and now again), but it seems to use some other kind of sftp system we have here... It tries to start sftpserv from remote machine, and there are none. Instead there are sftp-server (tried few machines, Linux with OpenSSH, SunOS with SSH2 etc.), which seems not to be compatible. Is there any option which I missed or is gftp just incompatible with 'normal' ssh? -- Jari Eskelinen * http://jarpatus.cjb.net/ * [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
On Thu, 2001-11-08 at 15:25, Jari Eskelinen wrote: > > > While were on the subject, is there an OpenSSH port of SFTP? > > openssh has a sftp subsystem, yes. > > How about sftp-client with decent (G)UI, is there one (for Linux, > preferable for Debian)? OpenSSH's sftp-client is pathetic. How you even > can upload/download whole subdirectories with it? Try gftp, it will do the trick for you > -- > Jari Eskelinen * http://jarpatus.cjb.net/ * [EMAIL PROTECTED] > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- \|/ (o o) *---oo0---(_)---0oo* | Petter Abrahamsson [EMAIL PROTECTED] | | +1 801 913 1876ICQ: 3366038 | *--* -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Hard Disk Organization
Just curious but how did you lose the data? I seem to hve run into huge disk prlbems with page defualts On 8 Nov 2001, eim wrote: >Date: 08 Nov 2001 22:28:11 +0100 >From: eim <[EMAIL PROTECTED]> >To: Debian-Security List <[EMAIL PROTECTED]> >Subject: Hard Disk Organization >Resent-From: [EMAIL PROTECTED] > >Two days ago I've lost all my Personal Data on my Second HDD, >Personal Data like Photos, Images, Audio Stuff, Source Code, >Mails: everything gone...! > >I had some Backups fortuneatly but most stuff is lost forever. > >Well, now I'm Ready to start my Personal Data Organization from >the begining, I've a Debian SCSI Workstation with 2 x 8GB SCSI >Drives, "sda" and "sdb". > >Until now my Data Organization was like this: > >HD0 >- >/dev/sda1 = / (Debian root paritition)7900 MB >/dev/sda2 = swap (swap paritition) 100 MB >- > >HD1 >- >/dev/sdb1 = /mnt/d (Personal Data) 8000 MB >- > > >My user home directory is in "/home/eim" on sda1 but most >of my Real Important Files are in "/mnt/d" which is sdb1. > >So I've lost sdb1 and all my important data, but fortunately >my home dir is still there ! > >My question is, has somebody any suggestions on how to >organize personal data, maybe some Real Life examples in >order to share opinions on a Secure and Safe Data Organization. >I'm of course talking about a Work Station and not a Server for >many different users. > >If anyone has some examples or suggestions I'm ready to >share any ideas... > >Thanks for any help, >Have a good time... > >Ivo Marino > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
(2001-11-09) Jari Eskelinen sed : | > > While were on the subject, is there an OpenSSH port of SFTP? | > openssh has a sftp subsystem, yes. | | How about sftp-client with decent (G)UI, is there one (for Linux, | preferable for Debian)? OpenSSH's sftp-client is pathetic. How you even | can upload/download whole subdirectories with it? Hum, using the port forwarding of ssh, it's easy. Just ssh -L 2000:remote_host:21 remote_host, then use any ftp client you want to connect on the port 2000 of localhost. -- VALLIET Emmanuel Webmotion Inc. (-> http://www.webmotion.com <-) Does killing time damage eternity? -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
Previously Rolf Kutz wrote: > If you mount partitions of a different OS or > machine, whose programs can't or shouldn't be > executed. Any sane OS will gave a sane error when you do that anyway. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: FTP and security
On Thu, Nov 08, 2001 at 04:57:22PM -0500, Adam Spickler wrote: > Is there a decent Windows FTP application that supports sftp? Unfortunately, I have >to use Windows at work. :/ Well, there's always cygwin. It almost makes Windows liveable. > On Thu, Nov 08, 2001 at 10:55:17PM +0100, Wichert Akkerman wrote: > > Previously Lars Bjarby wrote: > > > While were on the subject, is there an OpenSSH port of SFTP? > > > > openssh has a sftp subsystem, yes. > > > > Wichert. > > > > -- > > _ > > [EMAIL PROTECTED] This space intentionally left occupied \ > > | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | > > | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | > > > > > > -- > > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > > > > - > Adam Spickler > Whaddu LLC. > http://www.whaddu.com > WebHosting and Design/Development Unlimited > - > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
> > While were on the subject, is there an OpenSSH port of SFTP? > openssh has a sftp subsystem, yes. How about sftp-client with decent (G)UI, is there one (for Linux, preferable for Debian)? OpenSSH's sftp-client is pathetic. How you even can upload/download whole subdirectories with it? -- Jari Eskelinen * http://jarpatus.cjb.net/ * [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
On Thu, Nov 08, 2001 at 10:29:08PM +0100, Luc MAIGNAN wrote: > Is FTP really insecure ? > I use a version of ProFtpd. The protocol is insecure, since it sends login and authentication information over the wire in clear text. Different FTP daemons have different security issues. -B -- Brandon High [EMAIL PROTECTED] The careful application of terror is also a form of communication. pgpmncbXAKOjq.pgp Description: PGP signature
RE: FTP and security
Be more specific about your concerns. The question is, what about it might be insecure? The network transport method? Authentication method? The daemon to remote exploits? The daemon for local exploits? A problem may be related to the specific implementation of the standard, or the standard itself may be flawed, depending upon your concerns and needs. # Jesse Molina lanner, Snow # Network Engineer Maximum Charisma Studios Inc. # [EMAIL PROTECTED] 1.303.432.0286 # end of sig > -Original Message- > From: Luc MAIGNAN [mailto:[EMAIL PROTECTED] > Sent: Thursday, November 08, 2001 2:29 PM > To: debian-security@lists.debian.org > Subject: FTP and security > > > Is FTP really insecure ? > I use a version of ProFtpd. > > Regards > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] >
FTP and security
Is FTP really insecure ? I use a version of ProFtpd. Regards
RE: Re: FTP and security
There's also putty. Free software that will allow your windows box to ssh into your linux machine and supports vim syntax coloring. Mark Janssen <[EMAIL PROTECTED]> wrote: >On Thu, Nov 08, 2001 at 04:57:22PM -0500, Adam Spickler wrote: >> Is there a decent Windows FTP application that supports sftp? Unfortunately, I >have to use Windows at work. :/ > >cygwin includes openssh... and the sftp it has supports everything you >need. > >-- >Mark Janssen Unix Consultant @ SyConOS IT >E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178 >http: maniac.nl, unix-god.[net|org], markjanssen.[com|net|org|nl] > __ Your favorite stores, helpful shopping tools and great gift ideas. Experience the convenience of buying online with Shop@Netscape! http://shopnow.netscape.com/ Get your own FREE, personal Netscape Mail account today at http://webmail.netscape.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
RE: FTP and security
You can try SecureFX from Van Dyke Technologies, www.vandyke.com I think. It works pretty well. It supports ftp and sftp. # Jesse Molina lanner, Snow # Network Engineer Maximum Charisma Studios Inc. # [EMAIL PROTECTED]1.303.432.0286 # end of sig > -Original Message- > From: Adam Spickler [mailto:[EMAIL PROTECTED]] > Sent: Thursday, November 08, 2001 2:57 PM > To: [EMAIL PROTECTED] > Subject: Re: FTP and security > > > Is there a decent Windows FTP application that supports sftp? > Unfortunately, I have to use Windows at work. :/ > > Thanks, > Adam > > > On Thu, Nov 08, 2001 at 10:55:17PM +0100, Wichert Akkerman wrote: > > Previously Lars Bjarby wrote: > > > While were on the subject, is there an OpenSSH port of SFTP? > > > > openssh has a sftp subsystem, yes. > > > > Wichert. > > > > -- > > _ > > [EMAIL PROTECTED] This space intentionally left occupied \ > > | [EMAIL PROTECTED] http://www.liacs.nl/~wichert/ | > | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
> On Thu, Nov 08, 2001 at 04:57:22PM -0500, Adam Spickler wrote: > > Is there a decent Windows FTP application that supports sftp? Unfortunately, I >have to use Windows at work. :/ > > cygwin includes openssh... and the sftp it has supports everything you > need. Or, try Putty: http://www.chiark.greenend.org.uk/~sgtatham/putty/ It's not bad - small footprint and runs pretty well. The ssh client is pretty much like an xterm (it's what I'm using from work right now). KEN -- Kenneth J. Pronovici <[EMAIL PROTECTED]> Personal Homepage: http://www.skyjammer.com/~pronovic/ "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
On Thu, Nov 08, 2001 at 04:57:22PM -0500, Adam Spickler wrote: > Is there a decent Windows FTP application that supports sftp? Unfortunately, I have >to use Windows at work. :/ cygwin includes openssh... and the sftp it has supports everything you need. -- Mark Janssen Unix Consultant @ SyConOS IT E-mail: [EMAIL PROTECTED] GnuPG Key Id: 357D2178 http: maniac.nl, unix-god.[net|org], markjanssen.[com|net|org|nl] msg04095/pgp0.pgp Description: PGP signature
Re: FTP and security
Is there a decent Windows FTP application that supports sftp? Unfortunately, I have to use Windows at work. :/ Thanks, Adam On Thu, Nov 08, 2001 at 10:55:17PM +0100, Wichert Akkerman wrote: > Previously Lars Bjarby wrote: > > While were on the subject, is there an OpenSSH port of SFTP? > > openssh has a sftp subsystem, yes. > > Wichert. > > -- > _ > [EMAIL PROTECTED] This space intentionally left occupied \ > | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | > | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > - Adam Spickler Whaddu LLC. http://www.whaddu.com WebHosting and Design/Development Unlimited - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
Previously Lars Bjarby wrote: > While were on the subject, is there an OpenSSH port of SFTP? openssh has a sftp subsystem, yes. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP and security
At 22:29 2001-11-08, Luc MAIGNAN wrote: >Is FTP really insecure ? >I use a version of ProFtpd. A protocol that sends the passwords in clear text is anything but secure. If you have to use FTP you should probably have diffrent usernames and/or passwords in the ftpd. While were on the subject, is there an OpenSSH port of SFTP? .oO laban - [EMAIL PROTECTED] - 311885@ICQ - PGP key available Oo. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: log iptables
Osvaldo Mundim Junior writes: > Hi, > > does anybody knowns what are TOS,PREC,TTL and RES of iptables`s log?? These are fields in IP packets : TOS stands for Type Of Service PREC stands for precedence These one may be usefull to determine priority for packets, but i think they're not very used for the moment. TTL stands for Time To Live Which is a little bit more used by traceroute by example or for network load tests. RES may stands for Reset flag used to ... reset a connection, but i'm note sure since this flag is often named RST flag, but thats the way i would understand it. -- Davy Gigan System & Network Administration University Of Caen (France)
Hard Disk Organization
Two days ago I've lost all my Personal Data on my Second HDD, Personal Data like Photos, Images, Audio Stuff, Source Code, Mails: everything gone...! I had some Backups fortuneatly but most stuff is lost forever. Well, now I'm Ready to start my Personal Data Organization from the begining, I've a Debian SCSI Workstation with 2 x 8GB SCSI Drives, "sda" and "sdb". Until now my Data Organization was like this: HD0 - /dev/sda1 = / (Debian root paritition)7900 MB /dev/sda2 = swap(swap paritition) 100 MB - HD1 - /dev/sdb1 = /mnt/d (Personal Data) 8000 MB - My user home directory is in "/home/eim" on sda1 but most of my Real Important Files are in "/mnt/d" which is sdb1. So I've lost sdb1 and all my important data, but fortunately my home dir is still there ! My question is, has somebody any suggestions on how to organize personal data, maybe some Real Life examples in order to share opinions on a Secure and Safe Data Organization. I'm of course talking about a Work Station and not a Server for many different users. If anyone has some examples or suggestions I'm ready to share any ideas... Thanks for any help, Have a good time... Ivo Marino -- Ivo Marino[EMAIL PROTECTED] UN*X Developer, running Debian GNU/Linux DALnet #flex http://eimbox.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
log iptables
Hi, does anybody knowns what are TOS,PREC,TTL and RES of iptables`s log?? tks ___ Osvaldo
Re: Debconf and noexec on /tmp
Previously Rolf Kutz wrote: > If you mount partitions of a different OS or > machine, whose programs can't or shouldn't be > executed. Any sane OS will gave a sane error when you do that anyway. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
On 2001-11-08 16:47 Wichert Akkerman wrote: Previously Emmanuel Lacour wrote: EL> What's the use of noexec flag??? WA> Historic thing mostly with very little practical use these days. At least it's a Good Thing to have around when mounting DOSish floppies and such to avoid having all files marked executable. Executable .tar files is not my kind of fun. Øyvind +== http://www.sunbase.org/sunny ===+ | OpenPGP: 0xAD19826C 2000-01-24 Øyvind A. Holm <[EMAIL PROTECTED]> | | Fingerprint: EAE5 DCA0 0626 5DAA 72F8 0435 2E2B E476 AD19 826C | +=== 2 + 2 = 5 for extremely large values of 2. +
Re: FTP and security
On Thu, Nov 08, 2001 at 10:29:08PM +0100, Luc MAIGNAN wrote: > Is FTP really insecure ? > I use a version of ProFtpd. The protocol is insecure, since it sends login and authentication information over the wire in clear text. Different FTP daemons have different security issues. -B -- Brandon High [EMAIL PROTECTED] The careful application of terror is also a form of communication. msg04089/pgp0.pgp Description: PGP signature
RE: FTP and security
Be more specific about your concerns. The question is, what about it might be insecure? The network transport method? Authentication method? The daemon to remote exploits? The daemon for local exploits? A problem may be related to the specific implementation of the standard, or the standard itself may be flawed, depending upon your concerns and needs. # Jesse Molina lanner, Snow # Network Engineer Maximum Charisma Studios Inc. # [EMAIL PROTECTED]1.303.432.0286 # end of sig > -Original Message- > From: Luc MAIGNAN [mailto:[EMAIL PROTECTED]] > Sent: Thursday, November 08, 2001 2:29 PM > To: [EMAIL PROTECTED] > Subject: FTP and security > > > Is FTP really insecure ? > I use a version of ProFtpd. > > Regards > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
FTP and security
Is FTP really insecure ? I use a version of ProFtpd. Regards -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: log iptables
Osvaldo Mundim Junior writes: > Hi, > > does anybody knowns what are TOS,PREC,TTL and RES of iptables`s log?? These are fields in IP packets : TOS stands for Type Of Service PREC stands for precedence These one may be usefull to determine priority for packets, but i think they're not very used for the moment. TTL stands for Time To Live Which is a little bit more used by traceroute by example or for network load tests. RES may stands for Reset flag used to ... reset a connection, but i'm note sure since this flag is often named RST flag, but thats the way i would understand it. -- Davy Gigan System & Network Administration University Of Caen (France) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
log iptables
Hi, does anybody knowns what are TOS,PREC,TTL and RES of iptables`s log?? tks ___ Osvaldo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Strange auth.log entry
> the **unknown* is due to if there is not a correct uid (number) match to a > username (your login name) in /etc/passwd. I only know this because of a bug > in the dialy server I use (connectd) which didn't for whatever reason collect > the correct uid for the user 'nobody'. Obviously something (maybe in yer > cron job or an application running as root) is trying to lower its privilages > but failing. It could be a normal application (such as apache) trying to > change its userid to 'www-data' only to find its not there. Look out for > these kind of things. > > As for the 4704 I think if I'm correct that is the PID (process id, use top > or ps ax to find out) that tried to lower its privilages. When you see this > error again do a 'ps ax' and see if you can match up the 'upset' application. I see entries like this when someone attempts to log into the machine (i.e. with telnet) but doesn't enter a username. Off the top of my head, I can't remember whether I get this entry when I goof up an ssh login or not. I just remember seeing it for telnet. That might be easy to reproduce... or maybe you remember goofing up a login that you can correlate to this entry? KEN -- Kenneth J. Pronovici <[EMAIL PROTECTED]> Personal Homepage: http://www.skyjammer.com/~pronovic/ "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, Historical Review of Pennsylvania, 1759
Re: Strange auth.log entry
Brian P. Flaherty [EMAIL PROTECTED] wrote: > > I found this in my auth.log yesterday and I am puzzeled by it. > > Nov 7 00:52:56 localhost PAM_unix[4704]: authentication failure; (uid=0) -> > **unknown** for passwd service > > I don't know how to interpret the (uid=0) -> **unknown** part. I > don't think I was working as root at the time (in fact, I don't think > I was working at all at the time). I know sometimes a root process > switches over to nobody (for example, wwwoffle). I searched through > all my past auth.log* files and did not find any other examples of > this, so I don't think it is a (daily) cron job. Finally, I don't see > any record of someone trying to access the machine in kern.log or the > ippl log. > > Also, how do I find out what PAM_unix[4704] refers to? I assume 4704 > is some sort of message, but I don't know where to look. I perused > the libpam-doc in /usr/doc, but did not see any sections that looked > like a code reference. > the **unknown* is due to if there is not a correct uid (number) match to a username (your login name) in /etc/passwd. I only know this because of a bug in the dialy server I use (connectd) which didn't for whatever reason collect the correct uid for the user 'nobody'. Obviously something (maybe in yer cron job or an application running as root) is trying to lower its privilages but failing. It could be a normal application (such as apache) trying to change its userid to 'www-data' only to find its not there. Look out for these kind of things. As for the 4704 I think if I'm correct that is the PID (process id, use top or ps ax to find out) that tried to lower its privilages. When you see this error again do a 'ps ax' and see if you can match up the 'upset' application. good luck Alex --
Re: Debconf and noexec on /tmp
Wichert Akkerman ([EMAIL PROTECTED]) wrote: > Previously Emmanuel Lacour wrote: > > What's the use of noexec flag??? > > Historic thing mostly with very little practical use these days. man mount - Rolf
Re: Debconf and noexec on /tmp
Emmanuel Lacour ([EMAIL PROTECTED]) wrote: > What's the use of noexec flag??? If you mount partitions of a different OS or machine, whose programs can't or shouldn't be executed. - Rolf
Re: Debconf and noexec on /tmp
On 2001-11-08 16:47 Wichert Akkerman wrote: Previously Emmanuel Lacour wrote: EL> What's the use of noexec flag??? WA> Historic thing mostly with very little practical use these days. At least it's a Good Thing to have around when mounting DOSish floppies and such to avoid having all files marked executable. Executable .tar files is not my kind of fun. Øyvind +== http://www.sunbase.org/sunny ===+ | OpenPGP: 0xAD19826C 2000-01-24 Øyvind A. Holm <[EMAIL PROTECTED]> | | Fingerprint: EAE5 DCA0 0626 5DAA 72F8 0435 2E2B E476 AD19 826C | +=== 2 + 2 = 5 for extremely large values of 2. + -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
Previously Ethan Benson wrote: > 1: if your system is vulnerable to script kiddies then admin needs to >be taken out back and beaten with a large LART. Sure, but I don't mind having a hopefully completely redundant extra layer in there. > 2: if the script kiddie even has 2 tenths of a percent of clue he will >figure out how to move the file somewhere else, or use my earlier >mentiond ld//bin/sh method of execution. You overestimate scriptkiddies. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Strange auth.log entry
Hello, I found this in my auth.log yesterday and I am puzzeled by it. Nov 7 00:52:56 localhost PAM_unix[4704]: authentication failure; (uid=0) -> **unknown** for passwd service I don't know how to interpret the (uid=0) -> **unknown** part. I don't think I was working as root at the time (in fact, I don't think I was working at all at the time). I know sometimes a root process switches over to nobody (for example, wwwoffle). I searched through all my past auth.log* files and did not find any other examples of this, so I don't think it is a (daily) cron job. Finally, I don't see any record of someone trying to access the machine in kern.log or the ippl log. Also, how do I find out what PAM_unix[4704] refers to? I assume 4704 is some sort of message, but I don't know where to look. I perused the libpam-doc in /usr/doc, but did not see any sections that looked like a code reference. Thanks for any thoughts or suggestions. Brian Flaherty
Re: Debconf and noexec on /tmp
On Thu, Nov 08, 2001 at 03:43:56PM +0100, Wichert Akkerman wrote: > Previously Ethan Benson wrote: > > its not, it provides you NO extra security whatsoever, and will break > > many many things. > > It breaks a fair number of scripts that script-kiddies use, and as > such it is somewhat useful. 1: if your system is vulnerable to script kiddies then admin needs to be taken out back and beaten with a large LART. 2: if the script kiddie even has 2 tenths of a percent of clue he will figure out how to move the file somewhere else, or use my earlier mentiond ld//bin/sh method of execution. its security through obscurity IMO, and a waste of time. -- Ethan Benson http://www.alaska.net/~erbenson/ pgpGzYIeCxrpF.pgp Description: PGP signature
Re: Debconf and noexec on /tmp
Previously Emmanuel Lacour wrote: > What's the use of noexec flag??? Historic thing mostly with very little practical use these days. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Debconf and noexec on /tmp
Ok, thanks for all the comments, I remember have been seen that we could run a program in a noexec partition like you said. So I will continue without noexec (and do more stuff on more usefull security tricks). Just one question: What's the use of noexec flag??? -- Easter-eggsSp?cialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - M?tro Gait? Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com pgpnq6W0jHSnk.pgp Description: PGP signature
Re: Strange auth.log entry
> the **unknown* is due to if there is not a correct uid (number) match to a > username (your login name) in /etc/passwd. I only know this because of a bug > in the dialy server I use (connectd) which didn't for whatever reason collect > the correct uid for the user 'nobody'. Obviously something (maybe in yer > cron job or an application running as root) is trying to lower its privilages > but failing. It could be a normal application (such as apache) trying to > change its userid to 'www-data' only to find its not there. Look out for > these kind of things. > > As for the 4704 I think if I'm correct that is the PID (process id, use top > or ps ax to find out) that tried to lower its privilages. When you see this > error again do a 'ps ax' and see if you can match up the 'upset' application. I see entries like this when someone attempts to log into the machine (i.e. with telnet) but doesn't enter a username. Off the top of my head, I can't remember whether I get this entry when I goof up an ssh login or not. I just remember seeing it for telnet. That might be easy to reproduce... or maybe you remember goofing up a login that you can correlate to this entry? KEN -- Kenneth J. Pronovici <[EMAIL PROTECTED]> Personal Homepage: http://www.skyjammer.com/~pronovic/ "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." - Benjamin Franklin, Historical Review of Pennsylvania, 1759 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
Wichert Akkerman <[EMAIL PROTECTED]> writes: > Previously Ethan Benson wrote: > > its not, it provides you NO extra security whatsoever, and will break > > many many things. > > It breaks a fair number of scripts that script-kiddies use, and as > such it is somewhat useful. . FWIW it'll also break gzexe, as well (although why anyone would use that in this day & age...). Personally, I'd *like* to put noexec on /var and have done; for a firewall system tracking stable+secure that's not going to be dist-upgraded very often, being able to tighten these things down is reasonable. Still, dpkg has to have *somewhere* to run its pre/post-inst scripts. ~Tim -- We stood in the moonlight |[EMAIL PROTECTED] and the river flowed|http://spodzone.org.uk/
Re: Strange auth.log entry
Brian P. Flaherty [[EMAIL PROTECTED]] wrote: > > I found this in my auth.log yesterday and I am puzzeled by it. > > Nov 7 00:52:56 localhost PAM_unix[4704]: authentication failure; (uid=0) -> >**unknown** for passwd service > > I don't know how to interpret the (uid=0) -> **unknown** part. I > don't think I was working as root at the time (in fact, I don't think > I was working at all at the time). I know sometimes a root process > switches over to nobody (for example, wwwoffle). I searched through > all my past auth.log* files and did not find any other examples of > this, so I don't think it is a (daily) cron job. Finally, I don't see > any record of someone trying to access the machine in kern.log or the > ippl log. > > Also, how do I find out what PAM_unix[4704] refers to? I assume 4704 > is some sort of message, but I don't know where to look. I perused > the libpam-doc in /usr/doc, but did not see any sections that looked > like a code reference. > the **unknown* is due to if there is not a correct uid (number) match to a username (your login name) in /etc/passwd. I only know this because of a bug in the dialy server I use (connectd) which didn't for whatever reason collect the correct uid for the user 'nobody'. Obviously something (maybe in yer cron job or an application running as root) is trying to lower its privilages but failing. It could be a normal application (such as apache) trying to change its userid to 'www-data' only to find its not there. Look out for these kind of things. As for the 4704 I think if I'm correct that is the PID (process id, use top or ps ax to find out) that tried to lower its privilages. When you see this error again do a 'ps ax' and see if you can match up the 'upset' application. good luck Alex -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
Wichert Akkerman ([EMAIL PROTECTED]) wrote: > Previously Emmanuel Lacour wrote: > > What's the use of noexec flag??? > > Historic thing mostly with very little practical use these days. man mount - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
Emmanuel Lacour ([EMAIL PROTECTED]) wrote: > What's the use of noexec flag??? If you mount partitions of a different OS or machine, whose programs can't or shouldn't be executed. - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
Previously Ethan Benson wrote: > its not, it provides you NO extra security whatsoever, and will break > many many things. It breaks a fair number of scripts that script-kiddies use, and as such it is somewhat useful. Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Debconf and noexec on /tmp
On Thu, Nov 08, 2001 at 03:13:05PM +0100, Emmanuel Lacour wrote: > Hi, > > I've got an ix86 with woody installed today, made a separate partition > for /tmp and mounted it noexec (I thinks it's a good Idea...). its not, it provides you NO extra security whatsoever, and will break many many things. (quite a few programs create temporary shell scripts and whatnot). try copying /bin/date to your noexec /tmp then run (varying slightly by architecture, but i386 example follows): try running /tmp/date, which fails, then run /lib/ld-linux.so.2 /tmp/date its basically the same thing as running /bin/sh /tmp/evilshellscript instead of just /tmp/evilshellscript -- Ethan Benson http://www.alaska.net/~erbenson/ pgpGI2VOLo0LA.pgp Description: PGP signature
Re: Debconf and noexec on /tmp
Previously Emmanuel Lacour wrote: > Is this due to debconf or to the scripts preinst from ntpdate?? You hit bug# 116448 (see http://bugs.debian.org/116448) Wichert. -- _ /[EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D |
Re: Debconf and noexec on /tmp
Previously Ethan Benson wrote: > 1: if your system is vulnerable to script kiddies then admin needs to >be taken out back and beaten with a large LART. Sure, but I don't mind having a hopefully completely redundant extra layer in there. > 2: if the script kiddie even has 2 tenths of a percent of clue he will >figure out how to move the file somewhere else, or use my earlier >mentiond ld//bin/sh method of execution. You overestimate scriptkiddies. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Debconf and noexec on /tmp
Hi, I've got an ix86 with woody installed today, made a separate partition for /tmp and mounted it noexec (I thinks it's a good Idea...). When apt-get installing ntpdate, I got the folowing error: Can't exec "/tmp/config.4271": Permission denied at /usr/share/perl/5.6.1/IPC/Open3.pm line 159 ... Is this due to debconf or to the scripts preinst from ntpdate?? I don't know really debconf, but I think it will be a great idea to not exec scripts in /tmp... -- Easter-eggsSp?cialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - M?tro Gait? Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com pgpHIelRn03Oy.pgp Description: PGP signature
Strange auth.log entry
Hello, I found this in my auth.log yesterday and I am puzzeled by it. Nov 7 00:52:56 localhost PAM_unix[4704]: authentication failure; (uid=0) -> **unknown** for passwd service I don't know how to interpret the (uid=0) -> **unknown** part. I don't think I was working as root at the time (in fact, I don't think I was working at all at the time). I know sometimes a root process switches over to nobody (for example, wwwoffle). I searched through all my past auth.log* files and did not find any other examples of this, so I don't think it is a (daily) cron job. Finally, I don't see any record of someone trying to access the machine in kern.log or the ippl log. Also, how do I find out what PAM_unix[4704] refers to? I assume 4704 is some sort of message, but I don't know where to look. I perused the libpam-doc in /usr/doc, but did not see any sections that looked like a code reference. Thanks for any thoughts or suggestions. Brian Flaherty -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
On Thu, Nov 08, 2001 at 03:43:56PM +0100, Wichert Akkerman wrote: > Previously Ethan Benson wrote: > > its not, it provides you NO extra security whatsoever, and will break > > many many things. > > It breaks a fair number of scripts that script-kiddies use, and as > such it is somewhat useful. 1: if your system is vulnerable to script kiddies then admin needs to be taken out back and beaten with a large LART. 2: if the script kiddie even has 2 tenths of a percent of clue he will figure out how to move the file somewhere else, or use my earlier mentiond ld//bin/sh method of execution. its security through obscurity IMO, and a waste of time. -- Ethan Benson http://www.alaska.net/~erbenson/ msg04077/pgp0.pgp Description: PGP signature
Re: Debconf and noexec on /tmp
Previously Emmanuel Lacour wrote: > What's the use of noexec flag??? Historic thing mostly with very little practical use these days. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
Ok, thanks for all the comments, I remember have been seen that we could run a program in a noexec partition like you said. So I will continue without noexec (and do more stuff on more usefull security tricks). Just one question: What's the use of noexec flag??? -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com msg04075/pgp0.pgp Description: PGP signature
Re: Debconf and noexec on /tmp
Wichert Akkerman <[EMAIL PROTECTED]> writes: > Previously Ethan Benson wrote: > > its not, it provides you NO extra security whatsoever, and will break > > many many things. > > It breaks a fair number of scripts that script-kiddies use, and as > such it is somewhat useful. . FWIW it'll also break gzexe, as well (although why anyone would use that in this day & age...). Personally, I'd *like* to put noexec on /var and have done; for a firewall system tracking stable+secure that's not going to be dist-upgraded very often, being able to tighten these things down is reasonable. Still, dpkg has to have *somewhere* to run its pre/post-inst scripts. ~Tim -- We stood in the moonlight |[EMAIL PROTECTED] and the river flowed|http://spodzone.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
Previously Ethan Benson wrote: > its not, it provides you NO extra security whatsoever, and will break > many many things. It breaks a fair number of scripts that script-kiddies use, and as such it is somewhat useful. Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Debconf and noexec on /tmp
On Thu, Nov 08, 2001 at 03:13:05PM +0100, Emmanuel Lacour wrote: > Hi, > > I've got an ix86 with woody installed today, made a separate partition > for /tmp and mounted it noexec (I thinks it's a good Idea...). its not, it provides you NO extra security whatsoever, and will break many many things. (quite a few programs create temporary shell scripts and whatnot). try copying /bin/date to your noexec /tmp then run (varying slightly by architecture, but i386 example follows): try running /tmp/date, which fails, then run /lib/ld-linux.so.2 /tmp/date its basically the same thing as running /bin/sh /tmp/evilshellscript instead of just /tmp/evilshellscript -- Ethan Benson http://www.alaska.net/~erbenson/ msg04072/pgp0.pgp Description: PGP signature
Re: Debconf and noexec on /tmp
Previously Emmanuel Lacour wrote: > Is this due to debconf or to the scripts preinst from ntpdate?? You hit bug# 116448 (see http://bugs.debian.org/116448) Wichert. -- _ [EMAIL PROTECTED] This space intentionally left occupied \ | [EMAIL PROTECTED]http://www.liacs.nl/~wichert/ | | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0 2805 3CB8 9250 2FA3 BC2D | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Debconf and noexec on /tmp
Hi, I've got an ix86 with woody installed today, made a separate partition for /tmp and mounted it noexec (I thinks it's a good Idea...). When apt-get installing ntpdate, I got the folowing error: Can't exec "/tmp/config.4271": Permission denied at /usr/share/perl/5.6.1/IPC/Open3.pm line 159 ... Is this due to debconf or to the scripts preinst from ntpdate?? I don't know really debconf, but I think it will be a great idea to not exec scripts in /tmp... -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com msg04070/pgp0.pgp Description: PGP signature
Re: question about something, but don't know if it exists...
* Bryan Andersen <[EMAIL PROTECTED]> [2001.11.06 05:23:05-0600]: > Another possibility would be to have them replace the hubs with > switches, this assumes you are using twisted pair, not thin net > or thick net. which is not secure due to arp flooding. i'll happily give you a POP3 account over SSL... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; [EMAIL PROTECTED] qvid me anxivs svm? pgpZ5huXra6qE.pgp Description: PGP signature
Re: Hacked stable system?
On Wed, Nov 07, 2001 at 04:10:05PM -0800, Gleb Arshinov wrote: > I am running an up-to-date stable distribution. It looks like it may > have been hacked yesterday, but I am not sure how. You might want to run chkrootkit on the machine. It's apt-gettable for testing and unstable, and downloadable from http://www.chkrootkit.com/ -- Johan Kiviniemi ion at hassers.org http://ion.amigafin.org/
Re: question about something, but don't know if it exists...
* Bryan Andersen <[EMAIL PROTECTED]> [2001.11.06 05:23:05-0600]: > Another possibility would be to have them replace the hubs with > switches, this assumes you are using twisted pair, not thin net > or thick net. which is not secure due to arp flooding. i'll happily give you a POP3 account over SSL... -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck qvid me anxivs svm? msg04069/pgp0.pgp Description: PGP signature
Re: Hacked stable system?
On Wed, Nov 07, 2001 at 04:10:05PM -0800, Gleb Arshinov wrote: > I am running an up-to-date stable distribution. It looks like it may > have been hacked yesterday, but I am not sure how. You might want to run chkrootkit on the machine. It's apt-gettable for testing and unstable, and downloadable from http://www.chkrootkit.com/ -- Johan Kiviniemi ion at hassers.org http://ion.amigafin.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Hacked stable system?
Gleb Arshinov wrote: I am running an up-to-date stable distribution. It looks like it may have been hacked yesterday, but I am not sure how. So, what could have caused ssh/telnet to hang like this while ftp worked fine? What else should I check for break-in signs? I am thinking I should reinstall the system from scratch. However, same exploit could be used again. Have you checked ``hosts.deny'' and similar. If there was a temporary name server failure for the name server for the machine you were connecting _from_ you might get such an error or even your tinydns server. I realize that this should apply to ftp and imap as well, but obviously didn't - but this is always the problem when I experience timeouts or long login times with ssh and telnet. At least this would explain your initial symptom for alarm, while at the same time explaining how only some services where affected. -- Lars Bahner, http://lars.bahner.com/ All will reveal itself and things will be clear.
Re: question about something, but don't know if it exists...
* [EMAIL PROTECTED] ([EMAIL PROTECTED]) [011106 05:54]: > Hallo, > > > > > happen few times that students stole their passwords and so on and mainly > > > they could steal even teacher's these days.) > > > > Can you get a shell account on the outside of your local network? > > If so SSH over to it, then access the pop mail server. Without > > having a machine to serve as the endpoint for an excrypted pipe on > > the outside of your network I don't see a way to secure the > > communications. > > > > Another possibility would be to have them replace the hubs with > > switches, this assumes you are using twisted pair, not thin net > > or thick net. > no money in schools in Czech for something similar ;) > > I will have to think of about it a lot to make a decision, people > mentioned cipe, which is quite interesting but it doesn't support W95 and > I still don't know what it really does ;) > I was personally thinking about some simple proxy which might > change my SSL in CLEAR for port 80 on my proxy and create few accounts for > on gate which could periodically get data from outside net and using SSL > crypted connection for inner one. Ever seen www.anonymizer.com ? They may have a service that will suit your needs, although I believe they may charge you for it. I haven't checked them out in a while, but I thought it would be worth passing along the tip anyway. HTH. good times, -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M' pgpM1PwPVTZ0u.pgp Description: PGP signature