Re: Syslog config file.
On Wed, Dec 05, 2001 at 09:00:57AM +0100, Robert Magier wrote: On Wed, 5 Dec 2001, Yotam Rubin wrote: Nothing, it's a runtime argument. When invoking syslogd, use the -f argument to specify an alternative configuration file. This is documented in the man page. Regards, Yotam Rubin Yes, I know it is an runtime argument,but if you don't set this, and just type syslogd /etc/syslog.conf will be load by default. This is what I want to change. For example, I want my syslog to forward all logs to another server, but I don't want anyone who would compromise my system to get it know too easly. A simple 'grep syslog\.conf' in the source tree revealed that the default configuration file path is contained in paths. This does not provide any sort of protection. The intruder can strace syslogd and determine which file it opens. I'm against this sort of security, but you can try to obscure the configuration file location in the following manner: Create a wrapper script which copies the real configuration file to some temporary location, e.g. /tmp/zaboo.conf. Invoke syslogd in the wrapper specifying the temporary configuration file. After syslogd detaches, remove the temporary configuration file. Of course, you need to obscure the location of the wrapper, so this is an endless game, unless you add some non-standard ACL features to your kernel. Regards, Yotam Rubin -- Robert Magier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
Thanks for all the response, comments and suggestions. Moving portmapper from /etc/init.d solved my issue. As for commenting our services in /etc/services, I am surprised that this isn't supposed to work and that it is not the proper way to disable services. I have a restricted services file and a default (open) services file. Some services are disabled, i.e. 9/tcp opendiscard 13/tcp opendaytime 109/tcpopenpop-2 987/tcpopenunknown by commenting them out of /etc/services. Thanks, J. Paul Bruns-Bielkowicz http://www.america.prv.pl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
J. Paul Bruns-Bielkowicz ([EMAIL PROTECTED]) wrote: I have a restricted services file and a default (open) services file. Some services are disabled, i.e. 9/tcp opendiscard 13/tcp opendaytime 109/tcpopenpop-2 987/tcpopenunknown by commenting them out of /etc/services. Commenting out things in /etc/services doesn't disable anything. If you want to disable services, edit /etc/inetd.conf, /etc/hosts.allow, /etc/hosts.deny and the scripts in /etc/init.d/, but maybe that's what you meant. Then portscan you maschine to make sure, the ports are deactivated. - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
J. Paul Bruns-Bielkowicz ([EMAIL PROTECTED]) wrote: Commenting out things in /etc/services doesn't disable anything. It seems to. The above ports were closed just by commenting them out of /etc/services and then rebooting. How did you verify? No, I just changed /etc/services It's just mapping ports, so $ telnet 127.0.0.1 nntp works, if you have a newsserver installed, but $ telnet 127.0.0.1 119 should still work. - Rolf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: How do I disable (close) ports?
Hi, J. Paul Bruns-Bielkowicz wrote: Commenting out things in /etc/services doesn't disable anything. It seems to. The above ports were closed just by commenting them out of /etc/services and then rebooting. well, there are daemons which don't know on which port they should run. they look in /etc/services for a special name and want to run on the specific port. if they don't find the special name in /etc/services they abort with an error message. so removing lines from /etc/services might help, but now, every time, when you are booting, the daemon tries to start and generates an error message. but who says, that if you do an apt-get update/upgrade, that newer versions of the same daemon does not have a default port? and why do you want to upgrade software, that you don't need? well, it is just like installing mysql and never starting it...useless. Bye Ralf -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
On Wed, Dec 05, 2001 at 01:24:54PM +0100, J. Paul Bruns-Bielkowicz wrote: - Original Message - From: Rolf Kutz [EMAIL PROTECTED] Commenting out things in /etc/services doesn't disable anything. It seems to. The above ports were closed just by commenting them out of /etc/services and then rebooting. This is *purely* by coincidence, because the startup-scripts does indeed use the NAME for the startup, and not the port. It's quite possible that some package upgrade will change this, and suddenly, the services will start. Trust us, this is *not* the way to disable services. Did you even read all things said in this thread? I gave a rather lengthy description in an earlier mail, and there's also been numerous good replys, most of them telling you that editing /etc/services is not the correct way to disable services. It might work, yes, but system changes may change that later, and you'll have to use the *correct* way then. Just use the correct way in the FIRST place, i.e. removing the startup scripts from the correct /etc/rc?.d/-catalog, as I described, and commenting out from /etc/inetd.conf You're not going to become a good Linux-administrator before you realize that you should UNDERSTAND what you do instead of just guessing and be happy because it worked. -- - Vegard Engen, member of the first RFC1149 implementation team. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
How did you verify? I'm using nmap netstat. J. Paul Bruns-Bielkowicz http://www.america.prv.pl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Fw: Re: How do I disable (close) ports?
Did you even read all things said in this thread? Of course I did (er, am reading) read it. All these comments are very insightful and I am saying that I am surprised, because commenting out services in /etc/services has been working for me for the most part. Not to add that the ports I posted previously are closed by commenting them out of /etc/services even though this is NOT the proper way to disable ports. J. Paul Bruns-Bielkowicz http://www.america.prv.pl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
You're not going to become a good Linux-administrator before you realize that you should UNDERSTAND what you do instead of just guessing and be happy because it worked. Becoming a good administrator is making it work and keeping it working. It seems there is an official way of closing the ports and an unofficial (wrong?) way of doing it. Understanding is gained, among others through experience, and this is quite an experience judging by quantity of replies Thanks, J. Paul Bruns-Bielkowicz http://www.america.prv.pl -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Re: How do I disable (close) ports?
On Wed, Dec 05, 2001 at 02:04:32PM +0100, J. Paul Bruns-Bielkowicz wrote: You're not going to become a good Linux-administrator before you realize that you should UNDERSTAND what you do instead of just guessing and be happy because it worked. Becoming a good administrator is making it work and keeping it working. It seems there is an official way of closing the ports and an unofficial (wrong?) way of doing it. Understanding is gained, among others through experience, and this is quite an experience judging by quantity of replies Yes, you are right, sorry about my rather harsh reply. Just that I've been in the game some time, seeing too many people who refuse to learn, who wants a simple way spoonfead to them, and refusing to even look at documentation even when pointed at specific documents. Sometimes, you jump to the wrong conclusions too early. But listen to what has been said, restore the original /etc/services file, and disable it the correct way instead. As has been pointed out, none of the things you have done are guaranteed to work after your next package update of Debian. -- - Vegard Engen, member of the first RFC1149 implementation team. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apache - bots
On Tue, Dec 04, 2001 at 05:04:09PM +0200, Johann Botha wrote: I am also interested in this. I experience frequent visits from a web robot on our ftp-site (with a web front). Going to the home page of this robot at www.inktomi.com there was a remark that the robot respects robot.txt-files. How do you set up those files? http://www.robotstxt.org/wc/robots.html Thanks Johann! -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch Go ye therefore, and teach all nations, baptizing them in the name of the Father, and of the Son, and of the Holy Ghost; Teaching them to observe all things whatsoever I have commanded you; and, lo, I am with you alway, even unto the end of the world. Amen. Matthew 28:19,20 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA-090-1] xtel symlink vulnerabilities
Hello, Is OpenSSH Version: 1:2.9p2-6 also vulernable? -- Patrick Hsieh [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: [SECURITY] [DSA-090-1] xtel symlink vulnerabilities
sorry. This is my mistake. I intended to ask the openssh problem but replied to another thread. :-( -- Patrick Hsieh [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
howto enable MD5 passwords after installation on woody
hi, I would like to enable MD5 passwords on a remote woody server. I wonder if it could create trouble with user accounts already configured and with the ssh package. Also, I don't know how to do it :) thanks for help, Alexis -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
ssh: Packet integrity error
Has anybody seen syslog msg like this: sshd[30847]: Accepted password for XY from x.x.x.x port 1034 sshd[30847]: Packet integrity error (58 != 62) at sshd.c:1953 sshd[30847]: Disconnecting: Packet integrity error. (34) Is this client side protocol incompatibility or net errors or ? I'm running potato (ssh 1.2.3-9.3). -Igor Mozetic -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: snorting bridges? [ Was: Re: iptables with a linux bridge ]
martin f krafft wrote: * Rens Houben [EMAIL PROTECTED] [2001.12.03 13:02:50+0100]: Anyways, I've been following this thread and wondering: Is there any reason why snort would or would not work with a bridge? snort is a tool that primarily assesses ip, tcp, and application level protocols. if you run it on a bridge, it will have a hard time seeing any data because the bridge will relay before ip is touched. snort should still be able to get the data because while the bridging code may or may not rewrite the frame and send it out on another interface, it does not prevent the encapsulated data to be branched off for snort's use. but i am not sure actually. They who post before searching deserve what they get. Hogwash (see http://hogwash.sourceforge.net/ ) is exactly the marriage of snort and a bridge. It works quite well, and doesn't have any sort of hard time seeing data. wes -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Unidentified subject!
unsubsribe -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Packet integrity error
From: Igor Mozetic [mailto:[EMAIL PROTECTED]] Sent: Mittwoch, 5. Dezember 2001 18:46 To: [EMAIL PROTECTED] Subject: ssh: Packet integrity errorI saw the same Has anybody seen syslog msg like this: sshd[30847]: Accepted password for XY from x.x.x.x port 1034 sshd[30847]: Packet integrity error (58 != 62) at sshd.c:1953 sshd[30847]: Disconnecting: Packet integrity error. (34) Is this client side protocol incompatibility or net errors or ? I'm running potato (ssh 1.2.3-9.3). I saw the same message as I tried to establish a ssh protocol-version 2 connection ... alas the ssh-daemon from potato supports ssh version 1 and 1.5 connections only ;/ -Udo -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
get in the action
Title: Untitled Document
Re: How do I disable (close) ports?
Dmitriy Kropivnitskiy [[EMAIL PROTECTED]] wrote: [snip stuff which is correct] can point out that portmap, https, https, mysql etc cannot be stopped this way. As for the inetd managed services you should comment stuff out of inetd.conf or better disable inetd altogether. I my opinion inetd (and better still xinetd) is a Good Thing (TM). It allows you to add access control lists easily to services which may not a have a good if even have a access control system. It also allows you to write a network program quickly without having to learning about network protocols (really) and instead do everything through stdin/stdout. Also it gives you a very nice way to add unpackaged services, cleanly and securely to your machine. Also the program you are running only runs as with a certain user privilage and doesn't need to be root to bind to a port less than 1024. My preference is to use xinetd over statically loaded services. However I do only run linux on a laptop and small student flat server. For services which are being constantly being started and stopped then (x)inetd is a bad idea. Another thing is that (x)inetd saves memory and resources if you are only occasionly using the server as it only starts the service when it is needed. Things not to run under inetd would be, apache, mysql, etc have fun Alex -- __ / Money is a powerful aphrodisiac. But \ | flowers work almost as well. | | | \ -- Lazarus Long / -- \ ^__^ \ (oo)\___ (__)\ )\/\ ||w | || || msg04661/pgp0.pgp Description: PGP signature
Re: per IP billing
I have ip tables running and i did a test with the -c flag but i get the following response. proxy:/home# iptables -A INPUT -s 10.10.1.31 -i eth0 -c ACCEPT iptables v1.2.4: -c requires packet and byte counter What am i missing ? where do i get a packet and byte counter ?? Marcel Antropov Anton wrote: The simplest way - is to LOG packets using IPTABLES. My friends from Internet-provider are doing so. Another way is to use proxy-servers (like SQUID). Know this is a bit off subject but dose anybody know any good programs to use for monitoring Megabytes per IP address. What i want to do is have a LAN and be able to get data on how many MB each host downloaded for billing purposes. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Netscape running as root
Hi, Why is running Netscape as root considered to be a security problem? I just tried installing vmware on my system and it needs root to install, and it searched for Netscape. The installer, fortunately, was an intelligent one and proceeded with the install after I cancelled its search for Netscape (it said the install help wouldnt be available without Netscape). If it is something really stupid to run Netscape as root, I'd like to point out to VMWare that their requirement to have Netscape for the install is bad. Thanks in advance for any enlightenment on this matter, Jor-el
Re: Syslog config file.
On Wed, 5 Dec 2001, Yotam Rubin wrote: Nothing, it's a runtime argument. When invoking syslogd, use the -f argument to specify an alternative configuration file. This is documented in the man page. Regards, Yotam Rubin Yes, I know it is an runtime argument,but if you don't set this, and just type syslogd /etc/syslog.conf will be load by default. This is what I want to change. For example, I want my syslog to forward all logs to another server, but I don't want anyone who would compromise my system to get it know too easly. -- Robert Magier
Re: Syslog config file.
On Wed, Dec 05, 2001 at 09:00:57AM +0100, Robert Magier wrote: On Wed, 5 Dec 2001, Yotam Rubin wrote: Nothing, it's a runtime argument. When invoking syslogd, use the -f argument to specify an alternative configuration file. This is documented in the man page. Regards, Yotam Rubin Yes, I know it is an runtime argument,but if you don't set this, and just type syslogd /etc/syslog.conf will be load by default. This is what I want to change. For example, I want my syslog to forward all logs to another server, but I don't want anyone who would compromise my system to get it know too easly. A simple 'grep syslog\.conf' in the source tree revealed that the default configuration file path is contained in paths. This does not provide any sort of protection. The intruder can strace syslogd and determine which file it opens. I'm against this sort of security, but you can try to obscure the configuration file location in the following manner: Create a wrapper script which copies the real configuration file to some temporary location, e.g. /tmp/zaboo.conf. Invoke syslogd in the wrapper specifying the temporary configuration file. After syslogd detaches, remove the temporary configuration file. Of course, you need to obscure the location of the wrapper, so this is an endless game, unless you add some non-standard ACL features to your kernel. Regards, Yotam Rubin -- Robert Magier -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: VI wrapper for SUDO? - another bad way ??
On Tue, Dec 04, 2001 at 08:44:34PM +0100, Gerfried Fuchs wrote: You have a misinformation/misinterpretation there. It's not disabled, it's simply not possible in the way scripts are run. They are passed to the program that is given in it's first line, after the #! - or to the current shell, if there is no such line. As *argument*. Of course it's possible. Solaris does it, for example. The security issues do require careful thought, though. Btw, why was this mailed to debian-security? I don't see anything related to debian in that, some general linux (security) mailinglist/newsgroup would suit better. Probably mismailed, intended for [EMAIL PROTECTED] Jules
Re: Netscape running as root
On Tue, Dec 04, 2001 at 11:56:19PM -0600, Jor-el wrote: Hi, Why is running Netscape as root considered to be a security problem? I just tried installing vmware on my system and it needs root to install, and it searched for Netscape. The installer, fortunately, was an intelligent one and proceeded with the install after I cancelled its search for Netscape (it said the install help wouldnt be available without Netscape). Well, it's stupid to surf as root, because there *might* be some uncovered security holes in Netscape, and if you surf as root, any malicious things a web-page abusing such a hole does, have the potential to do damage to the whole machine, not only the user running it. In addition, you might revel that a probable unix-machine is running at such and such IP, and there is a root-user there. However, security by obscurity never was that effective, so this is not that large a problem. Running netscape as root to view some local html pages is not that much of a security risk, but it depends whether or not you trust the source of the web-pages. If it is something really stupid to run Netscape as root, I'd like to point out to VMWare that their requirement to have Netscape for the install is bad. Depends how they did it. If it was to render local web-pages, it can be forgiven. -- - Vegard Engen, member of the first RFC1149 implementation team.
Re: Re: How do I disable (close) ports?
Thanks for all the response, comments and suggestions. Moving portmapper from /etc/init.d solved my issue. As for commenting our services in /etc/services, I am surprised that this isn't supposed to work and that it is not the proper way to disable services. I have a restricted services file and a default (open) services file. Some services are disabled, i.e. 9/tcp opendiscard 13/tcp opendaytime 109/tcpopenpop-2 987/tcpopenunknown by commenting them out of /etc/services. Thanks, J. Paul Bruns-Bielkowicz http://www.america.prv.pl
Re: Re: How do I disable (close) ports?
J. Paul Bruns-Bielkowicz ([EMAIL PROTECTED]) wrote: I have a restricted services file and a default (open) services file. Some services are disabled, i.e. 9/tcp opendiscard 13/tcp opendaytime 109/tcpopenpop-2 987/tcpopenunknown by commenting them out of /etc/services. Commenting out things in /etc/services doesn't disable anything. If you want to disable services, edit /etc/inetd.conf, /etc/hosts.allow, /etc/hosts.deny and the scripts in /etc/init.d/, but maybe that's what you meant. Then portscan you maschine to make sure, the ports are deactivated. - Rolf
Re: Re: How do I disable (close) ports?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 5 Dec 2001, Rolf Kutz wrote: J. Paul Bruns-Bielkowicz ([EMAIL PROTECTED]) wrote: I have a restricted services file and a default (open) services file. Some services are disabled, i.e. 9/tcp opendiscard 13/tcp opendaytime 109/tcpopenpop-2 987/tcpopenunknown by commenting them out of /etc/services. Commenting out things in /etc/services doesn't disable anything. If you want to disable services, edit /etc/inetd.conf, /etc/hosts.allow, /etc/hosts.deny and the scripts in /etc/init.d/, but maybe that's what you meant. Then portscan you maschine to make sure, the ports are deactivated. - Rolf If you do edit the init.d scripts don't forget to end the processes too. Also don't just use a port scanner like nmap. have a look at lsof too lsof -Pan -i tcp -i udp It's quite useful. -BEGIN PGP SIGNATURE- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQA/AwUBPA4PktZK+ucCabUAEQIsCQCg50isGcNUXXF3gFn9OsOa9G1es/cAn1zX bxOS4dEjRcAfKgK04DrvZkHm =46SW -END PGP SIGNATURE-
Re: Re: How do I disable (close) ports?
basilisk ([EMAIL PROTECTED]) wrote: If you do edit the init.d scripts don't forget to end the processes too. ACK. Also don't just use a port scanner like nmap. have a look at lsof too lsof -Pan -i tcp -i udp It's quite useful. Right, but it doesn't help with hosts.[allow|deny] entries, cause inetd will still listen to that port. It's very useful to identify the process listening, anyhow. - Rolf
Re: Re: How do I disable (close) ports?
- Original Message - From: Rolf Kutz [EMAIL PROTECTED] J. Paul Bruns-Bielkowicz ([EMAIL PROTECTED]) wrote: I have a restricted services file and a default (open) services file. Some services are disabled, i.e. 9/tcp opendiscard 13/tcp opendaytime 109/tcpopenpop-2 987/tcpopenunknown by commenting them out of /etc/services. Commenting out things in /etc/services doesn't disable anything. It seems to. The above ports were closed just by commenting them out of /etc/services and then rebooting. If you want to disable services, edit /etc/inetd.conf, /etc/hosts.allow, /etc/hosts.deny and the scripts in /etc/init.d/, but maybe that's what you meant. No, I just changed /etc/services J. Paul Bruns-Bielkowicz http://www.america.prv.pl
Re: Re: How do I disable (close) ports?
J. Paul Bruns-Bielkowicz ([EMAIL PROTECTED]) wrote: Commenting out things in /etc/services doesn't disable anything. It seems to. The above ports were closed just by commenting them out of /etc/services and then rebooting. How did you verify? No, I just changed /etc/services It's just mapping ports, so $ telnet 127.0.0.1 nntp works, if you have a newsserver installed, but $ telnet 127.0.0.1 119 should still work. - Rolf
Re: How do I disable (close) ports?
Hi, J. Paul Bruns-Bielkowicz wrote: Commenting out things in /etc/services doesn't disable anything. It seems to. The above ports were closed just by commenting them out of /etc/services and then rebooting. well, there are daemons which don't know on which port they should run. they look in /etc/services for a special name and want to run on the specific port. if they don't find the special name in /etc/services they abort with an error message. so removing lines from /etc/services might help, but now, every time, when you are booting, the daemon tries to start and generates an error message. but who says, that if you do an apt-get update/upgrade, that newer versions of the same daemon does not have a default port? and why do you want to upgrade software, that you don't need? well, it is just like installing mysql and never starting it...useless. Bye Ralf
Re: Re: How do I disable (close) ports?
On Wed, Dec 05, 2001 at 01:24:54PM +0100, J. Paul Bruns-Bielkowicz wrote: - Original Message - From: Rolf Kutz [EMAIL PROTECTED] Commenting out things in /etc/services doesn't disable anything. It seems to. The above ports were closed just by commenting them out of /etc/services and then rebooting. This is *purely* by coincidence, because the startup-scripts does indeed use the NAME for the startup, and not the port. It's quite possible that some package upgrade will change this, and suddenly, the services will start. Trust us, this is *not* the way to disable services. Did you even read all things said in this thread? I gave a rather lengthy description in an earlier mail, and there's also been numerous good replys, most of them telling you that editing /etc/services is not the correct way to disable services. It might work, yes, but system changes may change that later, and you'll have to use the *correct* way then. Just use the correct way in the FIRST place, i.e. removing the startup scripts from the correct /etc/rc?.d/-catalog, as I described, and commenting out from /etc/inetd.conf You're not going to become a good Linux-administrator before you realize that you should UNDERSTAND what you do instead of just guessing and be happy because it worked. -- - Vegard Engen, member of the first RFC1149 implementation team.
Re: Re: How do I disable (close) ports?
How did you verify? I'm using nmap netstat. J. Paul Bruns-Bielkowicz http://www.america.prv.pl
Fw: Re: How do I disable (close) ports?
Did you even read all things said in this thread? Of course I did (er, am reading) read it. All these comments are very insightful and I am saying that I am surprised, because commenting out services in /etc/services has been working for me for the most part. Not to add that the ports I posted previously are closed by commenting them out of /etc/services even though this is NOT the proper way to disable ports. J. Paul Bruns-Bielkowicz http://www.america.prv.pl
Re: Re: How do I disable (close) ports?
You're not going to become a good Linux-administrator before you realize that you should UNDERSTAND what you do instead of just guessing and be happy because it worked. Becoming a good administrator is making it work and keeping it working. It seems there is an official way of closing the ports and an unofficial (wrong?) way of doing it. Understanding is gained, among others through experience, and this is quite an experience judging by quantity of replies Thanks, J. Paul Bruns-Bielkowicz http://www.america.prv.pl
Re: apache - bots
On Tue, Dec 04, 2001 at 05:04:09PM +0200, Johann Botha wrote: I am also interested in this. I experience frequent visits from a web robot on our ftp-site (with a web front). Going to the home page of this robot at www.inktomi.com there was a remark that the robot respects robot.txt-files. How do you set up those files? http://www.robotstxt.org/wc/robots.html Thanks Johann! -- Johann Spies Telefoon: 021-808 4036 Informasietegnologie, Universiteit van Stellenbosch Go ye therefore, and teach all nations, baptizing them in the name of the Father, and of the Son, and of the Holy Ghost; Teaching them to observe all things whatsoever I have commanded you; and, lo, I am with you alway, even unto the end of the world. Amen. Matthew 28:19,20
Re: [SECURITY] [DSA-090-1] xtel symlink vulnerabilities
Hello, Is OpenSSH Version: 1:2.9p2-6 also vulernable? -- Patrick Hsieh [EMAIL PROTECTED]
Re: [SECURITY] [DSA-090-1] xtel symlink vulnerabilities
sorry. This is my mistake. I intended to ask the openssh problem but replied to another thread. :-( -- Patrick Hsieh [EMAIL PROTECTED]
howto enable MD5 passwords after installation on woody
hi, I would like to enable MD5 passwords on a remote woody server. I wonder if it could create trouble with user accounts already configured and with the ssh package. Also, I don't know how to do it :) thanks for help, Alexis
ssh: Packet integrity error
Has anybody seen syslog msg like this: sshd[30847]: Accepted password for XY from x.x.x.x port 1034 sshd[30847]: Packet integrity error (58 != 62) at sshd.c:1953 sshd[30847]: Disconnecting: Packet integrity error. (34) Is this client side protocol incompatibility or net errors or ? I'm running potato (ssh 1.2.3-9.3). -Igor Mozetic
Re: snorting bridges? [ Was: Re: iptables with a linux bridge ]
martin f krafft wrote: * Rens Houben [EMAIL PROTECTED] [2001.12.03 13:02:50+0100]: Anyways, I've been following this thread and wondering: Is there any reason why snort would or would not work with a bridge? snort is a tool that primarily assesses ip, tcp, and application level protocols. if you run it on a bridge, it will have a hard time seeing any data because the bridge will relay before ip is touched. snort should still be able to get the data because while the bridging code may or may not rewrite the frame and send it out on another interface, it does not prevent the encapsulated data to be branched off for snort's use. but i am not sure actually. They who post before searching deserve what they get. Hogwash (see http://hogwash.sourceforge.net/ ) is exactly the marriage of snort and a bridge. It works quite well, and doesn't have any sort of hard time seeing data. wes
Unidentified subject!
unsubsribe
Re: Packet integrity error
From: Igor Mozetic [mailto:[EMAIL PROTECTED] Sent: Mittwoch, 5. Dezember 2001 18:46 To: debian-security@lists.debian.org Subject: ssh: Packet integrity errorI saw the same Has anybody seen syslog msg like this: sshd[30847]: Accepted password for XY from x.x.x.x port 1034 sshd[30847]: Packet integrity error (58 != 62) at sshd.c:1953 sshd[30847]: Disconnecting: Packet integrity error. (34) Is this client side protocol incompatibility or net errors or ? I'm running potato (ssh 1.2.3-9.3). I saw the same message as I tried to establish a ssh protocol-version 2 connection ... alas the ssh-daemon from potato supports ssh version 1 and 1.5 connections only ;/ -Udo
Re: How do I disable (close) ports?
J. Paul Bruns-Bielkowicz [EMAIL PROTECTED] writes: You're not going to become a good Linux-administrator before you realize that you should UNDERSTAND what you do instead of just guessing and be happy because it worked. Becoming a good administrator is making it work and keeping it working. It seems there is an official way of closing the ports and an unofficial (wrong?) way of doing it. Understanding is gained, among others through experience, and this is quite an experience judging by quantity of replies Your method wil not keep it work. The unofficial way will actually fail to work if the demons in question are written correctly.
Re: How do I disable (close) ports?
Ralf Dreibrodt [EMAIL PROTECTED] writes: well, there are daemons which don't know on which port they should run. they look in /etc/services for a special name and want to run on the specific port. if they don't find the special name in /etc/services they abort with an error message. Yeah, but that's really a bug. Demons should be more graceful and include a default port number to use in case /etc/services is broken.
Re: Fw: Re: How do I disable (close) ports?
The only thing you can accomplish by commenting stuff in /etc/services is that netstat and other programs will show the ports by number instead of by name ( you commented the translation entry ) :) The ports are still open. On Wednesday 05 December 2001 07:59 am, J. Paul Bruns-Bielkowicz wrote: Did you even read all things said in this thread? Of course I did (er, am reading) read it. All these comments are very insightful and I am saying that I am surprised, because commenting out services in /etc/services has been working for me for the most part. Not to add that the ports I posted previously are closed by commenting them out of /etc/services even though this is NOT the proper way to disable ports. J. Paul Bruns-Bielkowicz http://www.america.prv.pl
Re: How do I disable (close) ports?
After reading the whole thread, I think I finally understand what is going on. /etc/services really is only for mapping names to port numbers, but at least one daemon on your system uses service names instead of numbers. The daemon is inetd and it is that daemon that handles services such as chargen and echo and such. If you comment names out of /etc/services inetd gets confused and doesn't initialize the commented services. Effectively you did disable open ports. This is not an unofficial way of closing ports. This will work only with services managed by inetd and maybe for some other strange daemon that uses service names. It will not work even for inetd if it is configured properly. Effectively you are not stopping services. Instead you are confusing the hell out of your system forcing particular services crash on startup. It is the same as if you used winnuke to reboot your windows system. Works, but is not a good administration technique. From your initial mail I can point out that portmap, https, https, mysql etc cannot be stopped this way. As for the inetd managed services you should comment stuff out of inetd.conf or better disable inetd altogether.
get in the action
Title: Untitled Document
Re: How do I disable (close) ports?
Dmitriy Kropivnitskiy [EMAIL PROTECTED] wrote: [snip stuff which is correct] can point out that portmap, https, https, mysql etc cannot be stopped this way. As for the inetd managed services you should comment stuff out of inetd.conf or better disable inetd altogether. I my opinion inetd (and better still xinetd) is a Good Thing (TM). It allows you to add access control lists easily to services which may not a have a good if even have a access control system. It also allows you to write a network program quickly without having to learning about network protocols (really) and instead do everything through stdin/stdout. Also it gives you a very nice way to add unpackaged services, cleanly and securely to your machine. Also the program you are running only runs as with a certain user privilage and doesn't need to be root to bind to a port less than 1024. My preference is to use xinetd over statically loaded services. However I do only run linux on a laptop and small student flat server. For services which are being constantly being started and stopped then (x)inetd is a bad idea. Another thing is that (x)inetd saves memory and resources if you are only occasionly using the server as it only starts the service when it is needed. Things not to run under inetd would be, apache, mysql, etc have fun Alex -- __ / Money is a powerful aphrodisiac. But \ | flowers work almost as well. | | | \ -- Lazarus Long / -- \ ^__^ \ (oo)\___ (__)\ )\/\ ||w | || || pgpheFJ8CHIyn.pgp Description: PGP signature
Re: per IP billing
I have ip tables running and i did a test with the -c flag but i get the following response. proxy:/home# iptables -A INPUT -s 10.10.1.31 -i eth0 -c ACCEPT iptables v1.2.4: -c requires packet and byte counter What am i missing ? where do i get a packet and byte counter ?? Marcel Antropov Anton wrote: The simplest way - is to LOG packets using IPTABLES. My friends from Internet-provider are doing so. Another way is to use proxy-servers (like SQUID). Know this is a bit off subject but dose anybody know any good programs to use for monitoring Megabytes per IP address. What i want to do is have a LAN and be able to get data on how many MB each host downloaded for billing purposes.
