Re: Debian (Unstable) problem with SSH and PAM
On 0, _El_ArKiTeKt0_DeL_FuTuR0_ [EMAIL PROTECTED] wrote: Yea... you are getting nice... LaMer... i am a system administrador and a coder... so...shut up. *sigh* there was a time when trolls studied their field before they started posting. If you want to start a hot flame war around here, abuse just doesn't cut it. Post a message like, 'Fix this or I'll change to another distribution,' or, 'You didn't help me,' that'll get the hackles up (judging by the wars on deb-user, anyway). Tom -- Tom Cook Information Technology Services, The University of Adelaide Beware of computer programmers that carry screwdrivers. - Leonard Brandwein Get my GPG public key: https://pinky.its.adelaide.edu.au/~tkcook/tom.cook-at-adelaide.edu.au msg07198/pgp0.pgp Description: PGP signature
Re: Re: Debian (Unstable) problem with SSH and PAM
Thanks all for your replies. I'll get to apt-proxy by the end of this week. Statu Nascendi Master of Disaster. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian (Unstable) problem with SSH and PAM
Hi. Tom Cook wrote: Yea... you are getting nice... LaMer... i am a system administrador and a coder... so...shut up. *sigh* there was a time when trolls studied their field before they started posting. Trolls never know something about the field they are talking about, but they claim they are a pro in that subject. This is (amongst other things) what make trolls being a troll. Therefor: just ignore that one. Bye, Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Apache 1.3.27 is out...
Hi, Does a deb already exist for this new version ? Thanks, ES -- .''`. Debian GNU/Linux 3.0 released ! (\___/) : :' :Use it ! ;) (='.'=) `. `~' http://www.debianworld.org()_() `- -Message d'origine- De: Paul Baker [mailto:[EMAIL PROTECTED]] Date: Thursday, October 03, 2002 10:55 PM À: [EMAIL PROTECTED] Objet: Apache 1.3.27 is out... Apache 1.3.27 is out to fix 3 security vulnerabilities in 1.3.26 and below. Are fixed pacakges on their way to security.debian.org? Did ASF notify any vendors in advance of their announcement today? http://www.apache.org/dist/httpd/Announcement.html -- Paul Baker They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 GPG Key: http://homepage.mac.com/pauljbaker/public.asc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] * Ce message et toutes les pièces jointes (ci-après le message) sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisée est interdite. Tout message électronique est susceptible d'altération. La SOCIETE GENERALE et ses filiales déclinent toute responsabilité au titre de ce message s'il a été altéré, déformé ou falsifié. This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration. Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. * -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Apache 1.3.27 is out...
El vie, 04-10-2002 a las 10:36, STOJICEVIC Edi EXPSIA escribió: Does a deb already exist for this new version ? Not yet, I guess. At least officially: Reading Package Lists... Done Building Dependency Tree... Done Reading Package Lists... Done Building Dependency Tree... Done Calculating Upgrade... Done 0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. -- Luis Gómez Miralles InfoEmergencias - Technical Department Phone (+34) 654 24 01 34 Fax (+34) 963 49 31 80 [EMAIL PROTECTED] PGP Public Key available at http://www.infoemergencias.com/lgomez.asc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
AW: Debian (Unstable) problem with SSH and PAM
You're right. Apparently he IS a lamer, at least his name is lamer style. I remember those from my Amiga times... And further more they usually have a bigger problem with their spelling... Marcel PGP / GPG Key:http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc -Ursprungliche Nachricht- Von: Michael Renzmann [mailto:[EMAIL PROTECTED]] Gesendet: Freitag, 4. Oktober 2002 09:52 An: Tom Cook Cc: [EMAIL PROTECTED] Betreff: Re: Debian (Unstable) problem with SSH and PAM Hi. Tom Cook wrote: Yea... you are getting nice... LaMer... i am a system administrador and a coder... so...shut up. *sigh* there was a time when trolls studied their field before they started posting. Trolls never know something about the field they are talking about, but they claim they are a pro in that subject. This is (amongst other things) what make trolls being a troll. Therefor: just ignore that one. Bye, Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Apache 1.3.27 is out...
Be carefoul, 1.3.27 stills in not so tested... i recomend use 1.3.26 Have a nice day On Fri, 2002-10-04 at 08:36, STOJICEVIC Edi EXPSIA wrote: Hi, Does a deb already exist for this new version ? Thanks, ES -- .''`. Debian GNU/Linux 3.0 released ! (\___/) : :' :Use it ! ;) (='.'=) `. `~' http://www.debianworld.org()_() `- -Message d'origine- De: Paul Baker [mailto:[EMAIL PROTECTED]] Date: Thursday, October 03, 2002 10:55 PM À: [EMAIL PROTECTED] Objet: Apache 1.3.27 is out... Apache 1.3.27 is out to fix 3 security vulnerabilities in 1.3.26 and below. Are fixed pacakges on their way to security.debian.org? Did ASF notify any vendors in advance of their announcement today? http://www.apache.org/dist/httpd/Announcement.html -- Paul Baker They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 GPG Key: http://homepage.mac.com/pauljbaker/public.asc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] * Ce message et toutes les pièces jointes (ci-après le message) sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisée est interdite. Tout message électronique est susceptible d'altération. La SOCIETE GENERALE et ses filiales déclinent toute responsabilité au titre de ce message s'il a été altéré, déformé ou falsifié. This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration. Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. * -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Here is a tip for those... Who always are calling lamer to all... Only because you have linux... But. If you still being kind of windows user... then dont callme lamer.. Just because you are one.. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Report on last cmd
Hello I have been having a lot of trouble with my sendmail setup, someone is using my system. I have found that when I run the last cmd, I find a lot of strange entries such as ftp ftp p50852BD8.dip.t- Sun Oct 6 03:57 - 03:57 (00:00)ftp ftp p508ECDDA.dip.t- Sun Oct 6 03:37 - 03:37 (00:00)ftp ftp 212.171.38.1 Sat Oct 5 23:16 - 23:16 (00:00)ftp ftp 210.23.10.25 Sat Oct 5 18:40 - 18:40 (00:00) Can anyone tell me what these are, are they the result of programs accessing my TCP/IP addresses? Tx in advance. glt
Re: Report on last cmd
Those lines indicate that people have been logging in to your machine via anonymous ftp. Also, your clock is fast! October 5 is only just starting, and I'm in New Zealand (we get the new day first). Tim On Fri, Oct 04, 2002 at 07:03:21PM +0800, Glen Tapley wrote: Hello I have been having a lot of trouble with my sendmail setup, someone is using my system. I have found that when I run the last cmd, I find a lot of strange entries such as ftp ftp p50852BD8.dip.t- Sun Oct 6 03:57 - 03:57 (00:00) ftp ftp p508ECDDA.dip.t- Sun Oct 6 03:37 - 03:37 (00:00) ftp ftp 212.171.38.1 Sat Oct 5 23:16 - 23:16 (00:00) ftp ftp 210.23.10.25 Sat Oct 5 18:40 - 18:40 (00:00) Can anyone tell me what these are, are they the result of programs accessing my TCP/IP addresses? Tx in advance. glt -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]|| Dunedin, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 113 0399 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Apache 1.3.x shared memory scoreboard vulnerabilities
Title: Apache 1.3.x shared memory scoreboard vulnerabilities Damn :/ Domonkos Czinke -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 10.03.2002 Apache 1.3.x shared memory scoreboard vulnerabilities 16:00 GMT, October 3, 2002 I. BACKGROUND The Apache Software Foundation's HTTP Server is an effort to develop and maintain an open-source HTTP server for modern operating systems including Unix and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. More details about it are available at http://httpd.apache.org . II. DESCRIPTION Apache HTTP Server contains a vulnerability in its shared memory scoreboard. Attackers who can execute commands under the Apache UID can either send a (SIGUSR1) signal to any process as root, in most cases killing the process, or launch a local denial of service (DoS) attack. III. ANALYSIS Exploitation requires execute permission under the Apache UID. This can be obtained by any local user with a legitimate Apache scripting resource (ie: PHP, Perl), exploiting a vulnerability in web-based applications written in the above example languages, or through the use of some other local/remote Apache exploit. Once such a status is attained, the attacker can then attach to the httpd daemon's 'scoreboard', which is stored in a shared memory segment owned by Apache. The attacker can then cause a DoS condition on the system by continuously filling the table with null values and causing the server to spawn new children. The attacker also has the ability to send any process a SIGUSR1 signal as root. This is accomplished by continuously overwriting the parent[].pid and parent[].last_rtime segments within the scoreboard to the pid of the target process and a time in the past. When the target pid receives the signal SIGUSR1, it will react according to how it is designed to manage the signal. According to the man page (man 7 signal), if the signal is un-handled then the default action is to terminate: ... SIGUSR1 30,10,16 A User-defined signal 1 ... The letters in the Action column have the following meanings: A Default action is to terminate the process. ... iDEFENSE successfully terminated arbitrary processes, including those that kicked people off the system. IV. DETECTION Apache HTTP Server 1.3.x, running on all applicable Unix platforms, is affected. V. VENDOR FIX/RESPONSE Apache HTTP Server 1.3.27 fixes this problem. It should be available on October 3 at http://www.apache.org/dist/httpd/ . VI. CVE INFORMATION The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project has assigned the identification number CAN-2002-0839 to this issue. VII. DISCLOSURE TIMELINE 8/27/2002 Issue disclosed to iDEFENSE 9/18/2002 Vendor notified at [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 9/18/2002 iDEFENSE clients notified 9/19/2002 Response received from Mark J Cox ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED]) 10/3/2002 Coordinated public disclosure VIII. CREDIT zen-parse ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED]) disclosed this issue to iDEFENSE. Get paid for security research http://www.idefense.com/contributor.html Subscribe to iDEFENSE Advisories: send email to [EMAIL PROTECTED] mailto:[EMAIL PROTECTED], subject line: subscribe About iDEFENSE: iDEFENSE is a global security intelligence company that proactively monitors sources throughout the world from technical vulnerabilities and hacker profiling to the global spread of viruses and other malicious code. iALERT, our security intelligence service, provides decision-makers, frontline security professionals and network administrators with timely access to actionable intelligence and decision support on cyber-related threats. For more information, visit http://www.idefense.com. - -dave David Endler, CISSP Director, Technical Intelligence iDEFENSE, Inc. 14151 Newbrook Drive Suite 100 Chantilly, VA 20151 voice: 703-344-2632 fax: 703-961-1071 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.idefense.com http://www.idefense.com -BEGIN PGP SIGNATURE- Version: PGP 7.1.2 Comment: http://pgp.mit.edu:11371/pks/lookup?op=get=0x4B0ACC2A iQA/AwUBPZx0I0rdNYRLCswqEQIowQCfQT+FYR1FLTEzlf49SpJXwDnie8wAn3Kr CncduGV6EYHqVayQE90b7Yij =4T8j -END PGP SIGNATURE-
Re: Report on last cmd
On Friday 04 October 2002 04:03 am, Glen Tapley wrote: Hello I have been having a lot of trouble with my sendmail setup, someone is using my system. I have found that when I run the last cmd, I find a lot of strange entries such as ftp ftp p50852BD8.dip.t- Sun Oct 6 03:57 - 03:57 (00:00) ftp ftp p508ECDDA.dip.t- Sun Oct 6 03:37 - 03:37 (00:00) ftp ftp 212.171.38.1 Sat Oct 5 23:16 - 23:16 (00:00) ftp ftp 210.23.10.25 Sat Oct 5 18:40 - 18:40 (00:00) Can anyone tell me what these are, are they the result of programs accessing my TCP/IP addresses? the first ip address seems to be relaying across interbusiness.it, and the second may well be an unallocated ip address belong to super.net.sg unless you can think of a good reason why anyone should think they have a legitimate reason to connect to you in that manner, you might want to get in touch with both of those to let them know what's going on--especially super.net, since they run one of the main gateways in singapore and will surely want to know about anyone spoofing their ip's. i just tried an ftp connection to you and an anonymous login was rejected, so it's unlikely that anybody has done any harm there. the incidents in your sendmail logs are probably part of a port scan. you should make sure that the rest of your system is solid. ben -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian (Unstable) problem with SSH and PAM
What? You're a coder? A sysadmin? Why do you need help setting up an ISP on your MODEM, setting up postfix, and also with package version control? All things debian provides easily, through dpkg, the debian-policy, and its inclusion of documentation in the base distribution. Please don't flood this mailing list with useless crap blasting us for reasons far above your head. And don't try to appear like a experienced sysadmin giving out your advice like it is god-given word. Some people find your nature offensive, while others doing a little bit of research find your personality quite amusing :) DO support whichever distribution you like best, but DON'T claim to be a sysadmin unless you are. Some of us get paid for it and actually are. -Roger - [From the gentoo-USER list] Hugo [EMAIL PROTECTED] writes: anybody knows where i can find a doc talking about postfix and his configuration? Tanks in advance... DiOz [EMAIL PROTECTED] Sun, 25 Aug 2002 16:49:41 + writes: Yea that is a *must* have to Gentoo... i hope this is already done... or it is in the way :) Have a nice day --- From: Hugo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 19, 2002 5:36 AM Subject: [gentoo-user] other off topic Hi I was searching by how to make an little isp (thought my unused modem) but i cant find nothing about... Is there a portage to do this? or some info about? Tanks in advance -- On Sun, 2002-08-25 at 21:57, Tim Head wrote: Hi maybe i am a bit stupid or not reading the screen but is there a realy easy,obvious way of fidning out which version of a package is installed? or is it possible to get emerge to tell you from wich version it is updating xyz if i do emerge --update world/system/single package . for a few packages (webserver et al) you know the version and for a few things you can find out by searching for the package but for some things (libs are a thing if idn very difficult to keep track of) this search/remember thing is to much for my small brain. if not here where should i put this sort of Want-to-have feature? tim or perhaps there is already what i'm looking for but i can't find it -- There are only 10 types of people in the world: Those who understand binary, and those who don't On 04 Oct 2002 00:37:52 + _El_ArKiTeKt0_DeL_FuTuR0_ [EMAIL PROTECTED] wrote: Yea... you are getting nice... LaMer... i am a system administrador and a coder... so...shut up. On Thu, 2002-10-03 at 18:24, Ian Greenhoe wrote: ROTFLMAO When I want an insecure OS, I might take your advice. BTW, any time that *I* compile a program, *I* have to deal with any of the problems of compiling that program. That's the nice thing about Debian: I know that there is an active community out there discovering and reporting bugs (as I have done a few times), and an active community out there fixing them. Not only that, but there is also an active community helping to support people who want to use it. So, please do one of the following: 1) Be nice 2) If Debian sucks* in your opinion, don't complain obnoxiously -- DO SOMETHING ABOUT IT 3) Go away * Debian is the /least/ sucky OS, IMNSHO. -Ian PS. Speaking as a developer and a sysadmin. Thus spake _ArKiTeKt0_: A tip: Put debian's cd in trashcan and buy windows xp x or you can do other thing... more bether... Download linux Gentoo. and learn how to do the things GOOD, not like redhat, debian, or mandrake... Have a nice day -- Here is a tip for those... Who always are calling lamer to all... Only because you have linux... But. If you still being kind of windows user... then dont callme lamer.. Just because you are one.. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
IBM and wrong DSA
[joey, CCing you to make sure you see this immediately. you probably read debian-security too, i'd assume...] Check out http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2002.765.1 DSA 169 is htcheck, not tomcat, right? At least that's the case on www.debian.org. What's up? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; net@madduck i have the power to channel my imagination into ever-soaring levels of suspicion and paranoia. msg07210/pgp0.pgp Description: PGP signature
Re: IBM and wrong DSA
martin f krafft wrote: [joey, CCing you to make sure you see this immediately. you probably read debian-security too, i'd assume...] Check out http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2002.765.1 DSA 169 is htcheck, not tomcat, right? At least that's the case on www.debian.org. What's up? Read the mail I sent to -private. Regards, Joey -- It's time to close the windows. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: IBM and wrong DSA
also sprach martin f krafft [EMAIL PROTECTED] [2002.10.04.1810 +0200]: Check out http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2002.765.1 DSA 169 is htcheck, not tomcat, right? At least that's the case on www.debian.org. Sorry, this has already been addressed. Joey was stressed and forgot to change the header to 170. htcheck - 169, tomcat - 170. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; net@madduck and no one sings me lullabies, and no one makes me close my eyes, and so i throw the windows wide, and call to you across the sky -- pink floyd, 1971 msg07212/pgp0.pgp Description: PGP signature
Re: IBM and wrong DSA
On Fri, 04 Oct 2002 at 06:26:08PM +0200, martin f krafft wrote: Sorry, this has already been addressed. Joey was stressed and forgot to change the header to 170. htcheck - 169, tomcat - 170. We're all human and we all (users) appreciate the work you guys do to keep our systems safe. A screw up on a number is easily forgiven.. Thank you guys for the hard work... -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/ | gpg --import XP Source Code: #include win2k.h #include extra_pretty_things_with_bugs.h #include more_bugs.h #include require_system_activation.h #include phone_home_every_so_often.h #include remote_admin_abilities_for_MS.h #include more_restrictive_EULA.h #include sell_your_soul_to_MS_EULA.h //os_ver=Windows 2000 os_ver=Windows XP msg07213/pgp0.pgp Description: PGP signature
Re: Report on last cmd
Not sure that your sendmail problem is related to this issue but... It looks like you have an anonymous ftp account enabled on your machine. Considering that these IPs are logging in for less than one minute I would venture to guess that they are scanning IPs looking for anonymous ftp accounts that they can go back to later and use in whatever way they want to. If you do not require outside anon ftp access I would suggest you block the ftp port along with all the other ports that do not require outside access. Also, if you are not in need of anon ftp, disable it. If you don't need ftp at all, disable the ftpd demon. I have noted that it is pretty common to see this sort of activity on a system with anon ftp enabled. have fun, Ted On Fri, Oct 04, 2002 at 07:03:21PM +0800, Glen Tapley wrote: Hello I have been having a lot of trouble with my sendmail setup, someone is using my system. I have found that when I run the last cmd, I find a lot of strange entries such as ftp ftp p50852BD8.dip.t- Sun Oct 6 03:57 - 03:57 (00:00) ftp ftp p508ECDDA.dip.t- Sun Oct 6 03:37 - 03:37 (00:00) ftp ftp 212.171.38.1 Sat Oct 5 23:16 - 23:16 (00:00) ftp ftp 210.23.10.25 Sat Oct 5 18:40 - 18:40 (00:00) Can anyone tell me what these are, are they the result of programs accessing my TCP/IP addresses? Tx in advance. glt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- WAR IS GOOD FREEDOM IS SLAVERY IGNORANCE IS STRENGTH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian (Unstable) problem with SSH and PAM
Well.. thanx Wietse Venema for making the default configuration for postfix spam-proof. :) - Original Message - From: Roger Ward [EMAIL PROTECTED] To: _El_ArKiTeKt0_DeL_FuTuR0_ [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, October 04, 2002 7:07 PM Subject: Re: Debian (Unstable) problem with SSH and PAM What? You're a coder? A sysadmin? Why do you need help setting up an ISP on your MODEM, setting up postfix, and also with package version control? All things debian provides easily, through dpkg, the debian-policy, and its inclusion of documentation in the base distribution. Please don't flood this mailing list with useless crap blasting us for reasons far above your head. And don't try to appear like a experienced sysadmin giving out your advice like it is god-given word. Some people find your nature offensive, while others doing a little bit of research find your personality quite amusing :) DO support whichever distribution you like best, but DON'T claim to be a sysadmin unless you are. Some of us get paid for it and actually are. -Roger - [From the gentoo-USER list] Hugo [EMAIL PROTECTED] writes: anybody knows where i can find a doc talking about postfix and his configuration? Tanks in advance... DiOz [EMAIL PROTECTED] Sun, 25 Aug 2002 16:49:41 + writes: Yea that is a *must* have to Gentoo... i hope this is already done... or it is in the way :) Have a nice day --- From: Hugo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 19, 2002 5:36 AM Subject: [gentoo-user] other off topic Hi I was searching by how to make an little isp (thought my unused modem) but i cant find nothing about... Is there a portage to do this? or some info about? Tanks in advance -- On Sun, 2002-08-25 at 21:57, Tim Head wrote: Hi maybe i am a bit stupid or not reading the screen but is there a realy easy,obvious way of fidning out which version of a package is installed? or is it possible to get emerge to tell you from wich version it is updating xyz if i do emerge --update world/system/single package . for a few packages (webserver et al) you know the version and for a few things you can find out by searching for the package but for some things (libs are a thing if idn very difficult to keep track of) this search/remember thing is to much for my small brain. if not here where should i put this sort of Want-to-have feature? tim or perhaps there is already what i'm looking for but i can't find it -- There are only 10 types of people in the world: Those who understand binary, and those who don't On 04 Oct 2002 00:37:52 + _El_ArKiTeKt0_DeL_FuTuR0_ [EMAIL PROTECTED] wrote: Yea... you are getting nice... LaMer... i am a system administrador and a coder... so...shut up. On Thu, 2002-10-03 at 18:24, Ian Greenhoe wrote: ROTFLMAO When I want an insecure OS, I might take your advice. BTW, any time that *I* compile a program, *I* have to deal with any of the problems of compiling that program. That's the nice thing about Debian: I know that there is an active community out there discovering and reporting bugs (as I have done a few times), and an active community out there fixing them. Not only that, but there is also an active community helping to support people who want to use it. So, please do one of the following: 1) Be nice 2) If Debian sucks* in your opinion, don't complain obnoxiously -- DO SOMETHING ABOUT IT 3) Go away * Debian is the /least/ sucky OS, IMNSHO. -Ian PS. Speaking as a developer and a sysadmin. Thus spake _ArKiTeKt0_: A tip: Put debian's cd in trashcan and buy windows xp x or you can do other thing... more bether... Download linux Gentoo. and learn how to do the things GOOD, not like redhat, debian, or mandrake... Have a nice day -- Here is a tip for those... Who always are calling lamer to all... Only because you have linux... But. If you still being kind of windows user... then dont callme lamer.. Just because you are one.. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Report on last cmd
ftp scans are just common. just look in /var/log/daemon.log for ftp sessions - opened,closed pairs or log the connections. Statu Nascendi, Master of Disaster - Original Message - From: Ted Parvu [EMAIL PROTECTED] To: Glen Tapley [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Friday, October 04, 2002 9:08 PM Subject: Re: Report on last cmd Not sure that your sendmail problem is related to this issue but... It looks like you have an anonymous ftp account enabled on your machine. Considering that these IPs are logging in for less than one minute I would venture to guess that they are scanning IPs looking for anonymous ftp accounts that they can go back to later and use in whatever way they want to. If you do not require outside anon ftp access I would suggest you block the ftp port along with all the other ports that do not require outside access. Also, if you are not in need of anon ftp, disable it. If you don't need ftp at all, disable the ftpd demon. I have noted that it is pretty common to see this sort of activity on a system with anon ftp enabled. have fun, Ted On Fri, Oct 04, 2002 at 07:03:21PM +0800, Glen Tapley wrote: Hello I have been having a lot of trouble with my sendmail setup, someone is using my system. I have found that when I run the last cmd, I find a lot of strange entries such as ftp ftp p50852BD8.dip.t- Sun Oct 6 03:57 - 03:57 (00:00) ftp ftp p508ECDDA.dip.t- Sun Oct 6 03:37 - 03:37 (00:00) ftp ftp 212.171.38.1 Sat Oct 5 23:16 - 23:16 (00:00) ftp ftp 210.23.10.25 Sat Oct 5 18:40 - 18:40 (00:00) Can anyone tell me what these are, are they the result of programs accessing my TCP/IP addresses? Tx in advance. glt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=- WAR IS GOOD FREEDOM IS SLAVERY IGNORANCE IS STRENGTH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
unsubscribe kaschulze@web.de
__ WEB.DE Club - jetzt testen fur 1 Euro! Nutzen Sie Ihre Chance unter https://digitaledienste.web.de/Club/?mc=021105 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: unsubscribe kaschulze@web.de
bye bye :-/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Debian (Unstable) problem with SSH and PAM
On Thu, Oct 03, 2002 at 09:32:30PM +0200, Statu Nascendi wrote: btw... does anyone have a conf file for apt-proxy? a working one for woody - full option: main. contrib, non-free, non-US, security... i tried to make one, but didn't work like i expected and time is an issue for me here. Grab the latest version from sarge (it'll install on Woody), which contains a full apt-proxy.conf with lots of examples. Or go to the CVS link at http://apt-proxy.sf.net and look at apt-proxy.conf there. Chris pgpPD4uEHtI0M.pgp Description: PGP signature
RE: Debian (Unstable) problem with SSH and PAM
Yea... you are getting nice... LaMer... i am a system administrador and a coder... so...shut up. On Thu, 2002-10-03 at 18:24, Ian Greenhoe wrote: ROTFLMAO When I want an insecure OS, I might take your advice. BTW, any time that *I* compile a program, *I* have to deal with any of the problems of compiling that program. That's the nice thing about Debian: I know that there is an active community out there discovering and reporting bugs (as I have done a few times), and an active community out there fixing them. Not only that, but there is also an active community helping to support people who want to use it. So, please do one of the following: 1) Be nice 2) If Debian sucks* in your opinion, don't complain obnoxiously -- DO SOMETHING ABOUT IT 3) Go away * Debian is the /least/ sucky OS, IMNSHO. -Ian PS. Speaking as a developer and a sysadmin. Thus spake _ArKiTeKt0_: A tip: Put debian's cd in trashcan and buy windows xp x or you can do other thing... more bether... Download linux Gentoo. and learn how to do the things GOOD, not like redhat, debian, or mandrake... Have a nice day -- Here is a tip for those... Who always are calling lamer to all... Only because you have linux... But. If you still being kind of windows user... then dont callme lamer.. Just because you are one..
Re: Debian (Unstable) problem with SSH and PAM
On 0, _El_ArKiTeKt0_DeL_FuTuR0_ [EMAIL PROTECTED] wrote: Yea... you are getting nice... LaMer... i am a system administrador and a coder... so...shut up. *sigh* there was a time when trolls studied their field before they started posting. If you want to start a hot flame war around here, abuse just doesn't cut it. Post a message like, 'Fix this or I'll change to another distribution,' or, 'You didn't help me,' that'll get the hackles up (judging by the wars on deb-user, anyway). Tom -- Tom Cook Information Technology Services, The University of Adelaide Beware of computer programmers that carry screwdrivers. - Leonard Brandwein Get my GPG public key: https://pinky.its.adelaide.edu.au/~tkcook/tom.cook-at-adelaide.edu.au pgpSnNQ0fAqKP.pgp Description: PGP signature
Re: Re: Debian (Unstable) problem with SSH and PAM
Thanks all for your replies. I'll get to apt-proxy by the end of this week. Statu Nascendi Master of Disaster.
Re: Debian (Unstable) problem with SSH and PAM
Hi. Tom Cook wrote: Yea... you are getting nice... LaMer... i am a system administrador and a coder... so...shut up. *sigh* there was a time when trolls studied their field before they started posting. Trolls never know something about the field they are talking about, but they claim they are a pro in that subject. This is (amongst other things) what make trolls being a troll. Therefor: just ignore that one. Bye, Mike
RE: Apache 1.3.27 is out...
Hi, Does a deb already exist for this new version ? Thanks, ES -- .''`. Debian GNU/Linux 3.0 released ! (\___/) : :' :Use it ! ;) (='.'=) `. `~' http://www.debianworld.org()_() `- -Message d'origine- De: Paul Baker [mailto:[EMAIL PROTECTED] Date: Thursday, October 03, 2002 10:55 PM À: debian-security@lists.debian.org Objet: Apache 1.3.27 is out... Apache 1.3.27 is out to fix 3 security vulnerabilities in 1.3.26 and below. Are fixed pacakges on their way to security.debian.org? Did ASF notify any vendors in advance of their announcement today? http://www.apache.org/dist/httpd/Announcement.html -- Paul Baker They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 GPG Key: http://homepage.mac.com/pauljbaker/public.asc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] * Ce message et toutes les pièces jointes (ci-après le message) sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisée est interdite. Tout message électronique est susceptible d'altération. La SOCIETE GENERALE et ses filiales déclinent toute responsabilité au titre de ce message s'il a été altéré, déformé ou falsifié. This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration. Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. *
RE: Apache 1.3.27 is out...
El vie, 04-10-2002 a las 10:36, STOJICEVIC Edi EXPSIA escribió: Does a deb already exist for this new version ? Not yet, I guess. At least officially: Reading Package Lists... Done Building Dependency Tree... Done Reading Package Lists... Done Building Dependency Tree... Done Calculating Upgrade... Done 0 packages upgraded, 0 newly installed, 0 to remove and 0 not upgraded. -- Luis Gómez Miralles InfoEmergencias - Technical Department Phone (+34) 654 24 01 34 Fax (+34) 963 49 31 80 [EMAIL PROTECTED] PGP Public Key available at http://www.infoemergencias.com/lgomez.asc
AW: Debian (Unstable) problem with SSH and PAM
You're right. Apparently he IS a lamer, at least his name is lamer style. I remember those from my Amiga times... And further more they usually have a bigger problem with their spelling... Marcel PGP / GPG Key:http://www.ncpro.com/GPG/mmweber-at-ncpro-com.asc -Ursprungliche Nachricht- Von: Michael Renzmann [mailto:[EMAIL PROTECTED] Gesendet: Freitag, 4. Oktober 2002 09:52 An: Tom Cook Cc: debian-security@lists.debian.org Betreff: Re: Debian (Unstable) problem with SSH and PAM Hi. Tom Cook wrote: Yea... you are getting nice... LaMer... i am a system administrador and a coder... so...shut up. *sigh* there was a time when trolls studied their field before they started posting. Trolls never know something about the field they are talking about, but they claim they are a pro in that subject. This is (amongst other things) what make trolls being a troll. Therefor: just ignore that one. Bye, Mike -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Apache 1.3.27 is out...
Be carefoul, 1.3.27 stills in not so tested... i recomend use 1.3.26 Have a nice day On Fri, 2002-10-04 at 08:36, STOJICEVIC Edi EXPSIA wrote: Hi, Does a deb already exist for this new version ? Thanks, ES -- .''`. Debian GNU/Linux 3.0 released ! (\___/) : :' :Use it ! ;) (='.'=) `. `~' http://www.debianworld.org()_() `- -Message d'origine- De: Paul Baker [mailto:[EMAIL PROTECTED] Date: Thursday, October 03, 2002 10:55 PM À: debian-security@lists.debian.org Objet: Apache 1.3.27 is out... Apache 1.3.27 is out to fix 3 security vulnerabilities in 1.3.26 and below. Are fixed pacakges on their way to security.debian.org? Did ASF notify any vendors in advance of their announcement today? http://www.apache.org/dist/httpd/Announcement.html -- Paul Baker They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. -- Benjamin Franklin, 1759 GPG Key: http://homepage.mac.com/pauljbaker/public.asc -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] * Ce message et toutes les pièces jointes (ci-après le message) sont confidentiels et établis à l'intention exclusive de ses destinataires. Toute utilisation ou diffusion non autorisée est interdite. Tout message électronique est susceptible d'altération. La SOCIETE GENERALE et ses filiales déclinent toute responsabilité au titre de ce message s'il a été altéré, déformé ou falsifié. This message and any attachments (the message) are confidential and intended solely for the addressees. Any unauthorised use or dissemination is prohibited. E-mails are susceptible to alteration. Neither SOCIETE GENERALE nor any of its subsidiaries or affiliates shall be liable for the message if altered, changed or falsified. * -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Here is a tip for those... Who always are calling lamer to all... Only because you have linux... But. If you still being kind of windows user... then dont callme lamer.. Just because you are one..
Report on last cmd
Hello I have been having a lot of trouble with my sendmail setup, someone is using my system. I have found that when I run the last cmd, I find a lot of strange entries such as ftp ftp p50852BD8.dip.t- Sun Oct 6 03:57 - 03:57 (00:00)ftp ftp p508ECDDA.dip.t- Sun Oct 6 03:37 - 03:37 (00:00)ftp ftp 212.171.38.1 Sat Oct 5 23:16 - 23:16 (00:00)ftp ftp 210.23.10.25 Sat Oct 5 18:40 - 18:40 (00:00) Can anyone tell me what these are, are they the result of programs accessing my TCP/IP addresses? Tx in advance. glt
Re: Report on last cmd
Those lines indicate that people have been logging in to your machine via anonymous ftp. Also, your clock is fast! October 5 is only just starting, and I'm in New Zealand (we get the new day first). Tim On Fri, Oct 04, 2002 at 07:03:21PM +0800, Glen Tapley wrote: Hello I have been having a lot of trouble with my sendmail setup, someone is using my system. I have found that when I run the last cmd, I find a lot of strange entries such as ftp ftp p50852BD8.dip.t- Sun Oct 6 03:57 - 03:57 (00:00) ftp ftp p508ECDDA.dip.t- Sun Oct 6 03:37 - 03:37 (00:00) ftp ftp 212.171.38.1 Sat Oct 5 23:16 - 23:16 (00:00) ftp ftp 210.23.10.25 Sat Oct 5 18:40 - 18:40 (00:00) Can anyone tell me what these are, are they the result of programs accessing my TCP/IP addresses? Tx in advance. glt -- Tim Nicholas || Cilix Email: [EMAIL PROTECTED]|| Dunedin, New Zealand http://tim.nicholas.net.nz/ || Cell/SMS: +64 21 113 0399
Apache 1.3.x shared memory scoreboard vulnerabilities
Title: Apache 1.3.x shared memory scoreboard vulnerabilities Damn :/ Domonkos Czinke -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 iDEFENSE Security Advisory 10.03.2002 Apache 1.3.x shared memory scoreboard vulnerabilities 16:00 GMT, October 3, 2002 I. BACKGROUND The Apache Software Foundation's HTTP Server is an effort to develop and maintain an open-source HTTP server for modern operating systems including Unix and Windows NT. The goal of this project is to provide a secure, efficient and extensible server that provides HTTP services in sync with the current HTTP standards. More details about it are available at http://httpd.apache.org . II. DESCRIPTION Apache HTTP Server contains a vulnerability in its shared memory scoreboard. Attackers who can execute commands under the Apache UID can either send a (SIGUSR1) signal to any process as root, in most cases killing the process, or launch a local denial of service (DoS) attack. III. ANALYSIS Exploitation requires execute permission under the Apache UID. This can be obtained by any local user with a legitimate Apache scripting resource (ie: PHP, Perl), exploiting a vulnerability in web-based applications written in the above example languages, or through the use of some other local/remote Apache exploit. Once such a status is attained, the attacker can then attach to the httpd daemon's 'scoreboard', which is stored in a shared memory segment owned by Apache. The attacker can then cause a DoS condition on the system by continuously filling the table with null values and causing the server to spawn new children. The attacker also has the ability to send any process a SIGUSR1 signal as root. This is accomplished by continuously overwriting the parent[].pid and parent[].last_rtime segments within the scoreboard to the pid of the target process and a time in the past. When the target pid receives the signal SIGUSR1, it will react according to how it is designed to manage the signal. According to the man page (man 7 signal), if the signal is un-handled then the default action is to terminate: ... SIGUSR1 30,10,16 A User-defined signal 1 ... The letters in the Action column have the following meanings: A Default action is to terminate the process. ... iDEFENSE successfully terminated arbitrary processes, including those that kicked people off the system. IV. DETECTION Apache HTTP Server 1.3.x, running on all applicable Unix platforms, is affected. V. VENDOR FIX/RESPONSE Apache HTTP Server 1.3.27 fixes this problem. It should be available on October 3 at http://www.apache.org/dist/httpd/ . VI. CVE INFORMATION The Mitre Corp.'s Common Vulnerabilities and Exposures (CVE) Project has assigned the identification number CAN-2002-0839 to this issue. VII. DISCLOSURE TIMELINE 8/27/2002 Issue disclosed to iDEFENSE 9/18/2002 Vendor notified at [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] 9/18/2002 iDEFENSE clients notified 9/19/2002 Response received from Mark J Cox ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED]) 10/3/2002 Coordinated public disclosure VIII. CREDIT zen-parse ([EMAIL PROTECTED] mailto:[EMAIL PROTECTED]) disclosed this issue to iDEFENSE. Get paid for security research http://www.idefense.com/contributor.html Subscribe to iDEFENSE Advisories: send email to [EMAIL PROTECTED] mailto:[EMAIL PROTECTED], subject line: subscribe About iDEFENSE: iDEFENSE is a global security intelligence company that proactively monitors sources throughout the world from technical vulnerabilities and hacker profiling to the global spread of viruses and other malicious code. iALERT, our security intelligence service, provides decision-makers, frontline security professionals and network administrators with timely access to actionable intelligence and decision support on cyber-related threats. For more information, visit http://www.idefense.com. - -dave David Endler, CISSP Director, Technical Intelligence iDEFENSE, Inc. 14151 Newbrook Drive Suite 100 Chantilly, VA 20151 voice: 703-344-2632 fax: 703-961-1071 [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] www.idefense.com http://www.idefense.com -BEGIN PGP SIGNATURE- Version: PGP 7.1.2 Comment: http://pgp.mit.edu:11371/pks/lookup?op=get=0x4B0ACC2A iQA/AwUBPZx0I0rdNYRLCswqEQIowQCfQT+FYR1FLTEzlf49SpJXwDnie8wAn3Kr CncduGV6EYHqVayQE90b7Yij =4T8j -END PGP SIGNATURE-
Re: Report on last cmd
On Friday 04 October 2002 04:03 am, Glen Tapley wrote: Hello I have been having a lot of trouble with my sendmail setup, someone is using my system. I have found that when I run the last cmd, I find a lot of strange entries such as ftp ftp p50852BD8.dip.t- Sun Oct 6 03:57 - 03:57 (00:00) ftp ftp p508ECDDA.dip.t- Sun Oct 6 03:37 - 03:37 (00:00) ftp ftp 212.171.38.1 Sat Oct 5 23:16 - 23:16 (00:00) ftp ftp 210.23.10.25 Sat Oct 5 18:40 - 18:40 (00:00) Can anyone tell me what these are, are they the result of programs accessing my TCP/IP addresses? the first ip address seems to be relaying across interbusiness.it, and the second may well be an unallocated ip address belong to super.net.sg unless you can think of a good reason why anyone should think they have a legitimate reason to connect to you in that manner, you might want to get in touch with both of those to let them know what's going on--especially super.net, since they run one of the main gateways in singapore and will surely want to know about anyone spoofing their ip's. i just tried an ftp connection to you and an anonymous login was rejected, so it's unlikely that anybody has done any harm there. the incidents in your sendmail logs are probably part of a port scan. you should make sure that the rest of your system is solid. ben
Re: Debian (Unstable) problem with SSH and PAM
What? You're a coder? A sysadmin? Why do you need help setting up an ISP on your MODEM, setting up postfix, and also with package version control? All things debian provides easily, through dpkg, the debian-policy, and its inclusion of documentation in the base distribution. Please don't flood this mailing list with useless crap blasting us for reasons far above your head. And don't try to appear like a experienced sysadmin giving out your advice like it is god-given word. Some people find your nature offensive, while others doing a little bit of research find your personality quite amusing :) DO support whichever distribution you like best, but DON'T claim to be a sysadmin unless you are. Some of us get paid for it and actually are. -Roger - [From the gentoo-USER list] Hugo [EMAIL PROTECTED] writes: anybody knows where i can find a doc talking about postfix and his configuration? Tanks in advance... DiOz [EMAIL PROTECTED] Sun, 25 Aug 2002 16:49:41 + writes: Yea that is a *must* have to Gentoo... i hope this is already done... or it is in the way :) Have a nice day --- From: Hugo [EMAIL PROTECTED] To: gentoo-user@gentoo.org Sent: Monday, August 19, 2002 5:36 AM Subject: [gentoo-user] other off topic Hi I was searching by how to make an little isp (thought my unused modem) but i cant find nothing about... Is there a portage to do this? or some info about? Tanks in advance -- On Sun, 2002-08-25 at 21:57, Tim Head wrote: Hi maybe i am a bit stupid or not reading the screen but is there a realy easy,obvious way of fidning out which version of a package is installed? or is it possible to get emerge to tell you from wich version it is updating xyz if i do emerge --update world/system/single package . for a few packages (webserver et al) you know the version and for a few things you can find out by searching for the package but for some things (libs are a thing if idn very difficult to keep track of) this search/remember thing is to much for my small brain. if not here where should i put this sort of Want-to-have feature? tim or perhaps there is already what i'm looking for but i can't find it -- There are only 10 types of people in the world: Those who understand binary, and those who don't On 04 Oct 2002 00:37:52 + _El_ArKiTeKt0_DeL_FuTuR0_ [EMAIL PROTECTED] wrote: Yea... you are getting nice... LaMer... i am a system administrador and a coder... so...shut up. On Thu, 2002-10-03 at 18:24, Ian Greenhoe wrote: ROTFLMAO When I want an insecure OS, I might take your advice. BTW, any time that *I* compile a program, *I* have to deal with any of the problems of compiling that program. That's the nice thing about Debian: I know that there is an active community out there discovering and reporting bugs (as I have done a few times), and an active community out there fixing them. Not only that, but there is also an active community helping to support people who want to use it. So, please do one of the following: 1) Be nice 2) If Debian sucks* in your opinion, don't complain obnoxiously -- DO SOMETHING ABOUT IT 3) Go away * Debian is the /least/ sucky OS, IMNSHO. -Ian PS. Speaking as a developer and a sysadmin. Thus spake _ArKiTeKt0_: A tip: Put debian's cd in trashcan and buy windows xp x or you can do other thing... more bether... Download linux Gentoo. and learn how to do the things GOOD, not like redhat, debian, or mandrake... Have a nice day -- Here is a tip for those... Who always are calling lamer to all... Only because you have linux... But. If you still being kind of windows user... then dont callme lamer.. Just because you are one.. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
IBM and wrong DSA
[joey, CCing you to make sure you see this immediately. you probably read debian-security too, i'd assume...] Check out http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2002.765.1 DSA 169 is htcheck, not tomcat, right? At least that's the case on www.debian.org. What's up? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] i have the power to channel my imagination into ever-soaring levels of suspicion and paranoia. pgpoYyFH5tKUz.pgp Description: PGP signature
Re: IBM and wrong DSA
martin f krafft wrote: [joey, CCing you to make sure you see this immediately. you probably read debian-security too, i'd assume...] Check out http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2002.765.1 DSA 169 is htcheck, not tomcat, right? At least that's the case on www.debian.org. What's up? Read the mail I sent to -private. Regards, Joey -- It's time to close the windows.
Re: IBM and wrong DSA
also sprach martin f krafft [EMAIL PROTECTED] [2002.10.04.1810 +0200]: Check out http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2002.765.1 DSA 169 is htcheck, not tomcat, right? At least that's the case on www.debian.org. Sorry, this has already been addressed. Joey was stressed and forgot to change the header to 170. htcheck - 169, tomcat - 170. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] and no one sings me lullabies, and no one makes me close my eyes, and so i throw the windows wide, and call to you across the sky -- pink floyd, 1971 pgpBB3owvKvxE.pgp Description: PGP signature
Re: IBM and wrong DSA
On Fri, 04 Oct 2002 at 06:26:08PM +0200, martin f krafft wrote: Sorry, this has already been addressed. Joey was stressed and forgot to change the header to 170. htcheck - 169, tomcat - 170. We're all human and we all (users) appreciate the work you guys do to keep our systems safe. A screw up on a number is easily forgiven.. Thank you guys for the hard work... -- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/ | gpg --import XP Source Code: #include win2k.h #include extra_pretty_things_with_bugs.h #include more_bugs.h #include require_system_activation.h #include phone_home_every_so_often.h #include remote_admin_abilities_for_MS.h #include more_restrictive_EULA.h #include sell_your_soul_to_MS_EULA.h //os_ver=Windows 2000 os_ver=Windows XP pgpLQ37lCKXie.pgp Description: PGP signature
RE: Debian (Unstable) problem with SSH and PAM
Wow. LaMer. New one for me. Goodbye. *Plonk* -Ian P.S. For the rest of you, I apologize for littering your mailboxes with my conversation with this ... person. _El_ArKiTeKt0_DeL_FuTuR0_ [mailto:[EMAIL PROTECTED] hath spoken: Yea... you are getting nice... LaMer... i am a system administrador and a coder... so...shut up.
Re: Debian (Unstable) problem with SSH and PAM
Well.. thanx Wietse Venema for making the default configuration for postfix spam-proof. :) - Original Message - From: Roger Ward [EMAIL PROTECTED] To: _El_ArKiTeKt0_DeL_FuTuR0_ [EMAIL PROTECTED] Cc: debian-security@lists.debian.org Sent: Friday, October 04, 2002 7:07 PM Subject: Re: Debian (Unstable) problem with SSH and PAM What? You're a coder? A sysadmin? Why do you need help setting up an ISP on your MODEM, setting up postfix, and also with package version control? All things debian provides easily, through dpkg, the debian-policy, and its inclusion of documentation in the base distribution. Please don't flood this mailing list with useless crap blasting us for reasons far above your head. And don't try to appear like a experienced sysadmin giving out your advice like it is god-given word. Some people find your nature offensive, while others doing a little bit of research find your personality quite amusing :) DO support whichever distribution you like best, but DON'T claim to be a sysadmin unless you are. Some of us get paid for it and actually are. -Roger - [From the gentoo-USER list] Hugo [EMAIL PROTECTED] writes: anybody knows where i can find a doc talking about postfix and his configuration? Tanks in advance... DiOz [EMAIL PROTECTED] Sun, 25 Aug 2002 16:49:41 + writes: Yea that is a *must* have to Gentoo... i hope this is already done... or it is in the way :) Have a nice day --- From: Hugo [EMAIL PROTECTED] To: gentoo-user@gentoo.org Sent: Monday, August 19, 2002 5:36 AM Subject: [gentoo-user] other off topic Hi I was searching by how to make an little isp (thought my unused modem) but i cant find nothing about... Is there a portage to do this? or some info about? Tanks in advance -- On Sun, 2002-08-25 at 21:57, Tim Head wrote: Hi maybe i am a bit stupid or not reading the screen but is there a realy easy,obvious way of fidning out which version of a package is installed? or is it possible to get emerge to tell you from wich version it is updating xyz if i do emerge --update world/system/single package . for a few packages (webserver et al) you know the version and for a few things you can find out by searching for the package but for some things (libs are a thing if idn very difficult to keep track of) this search/remember thing is to much for my small brain. if not here where should i put this sort of Want-to-have feature? tim or perhaps there is already what i'm looking for but i can't find it -- There are only 10 types of people in the world: Those who understand binary, and those who don't On 04 Oct 2002 00:37:52 + _El_ArKiTeKt0_DeL_FuTuR0_ [EMAIL PROTECTED] wrote: Yea... you are getting nice... LaMer... i am a system administrador and a coder... so...shut up. On Thu, 2002-10-03 at 18:24, Ian Greenhoe wrote: ROTFLMAO When I want an insecure OS, I might take your advice. BTW, any time that *I* compile a program, *I* have to deal with any of the problems of compiling that program. That's the nice thing about Debian: I know that there is an active community out there discovering and reporting bugs (as I have done a few times), and an active community out there fixing them. Not only that, but there is also an active community helping to support people who want to use it. So, please do one of the following: 1) Be nice 2) If Debian sucks* in your opinion, don't complain obnoxiously -- DO SOMETHING ABOUT IT 3) Go away * Debian is the /least/ sucky OS, IMNSHO. -Ian PS. Speaking as a developer and a sysadmin. Thus spake _ArKiTeKt0_: A tip: Put debian's cd in trashcan and buy windows xp x or you can do other thing... more bether... Download linux Gentoo. and learn how to do the things GOOD, not like redhat, debian, or mandrake... Have a nice day -- Here is a tip for those... Who always are calling lamer to all... Only because you have linux... But. If you still being kind of windows user... then dont callme lamer.. Just because you are one.. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Report on last cmd
ftp scans are just common. just look in /var/log/daemon.log for ftp sessions - opened,closed pairs or log the connections. Statu Nascendi, Master of Disaster - Original Message - From: Ted Parvu [EMAIL PROTECTED] To: Glen Tapley [EMAIL PROTECTED] Cc: debian-security@lists.debian.org Sent: Friday, October 04, 2002 9:08 PM Subject: Re: Report on last cmd Not sure that your sendmail problem is related to this issue but... It looks like you have an anonymous ftp account enabled on your machine. Considering that these IPs are logging in for less than one minute I would venture to guess that they are scanning IPs looking for anonymous ftp accounts that they can go back to later and use in whatever way they want to. If you do not require outside anon ftp access I would suggest you block the ftp port along with all the other ports that do not require outside access. Also, if you are not in need of anon ftp, disable it. If you don't need ftp at all, disable the ftpd demon. I have noted that it is pretty common to see this sort of activity on a system with anon ftp enabled. have fun, Ted On Fri, Oct 04, 2002 at 07:03:21PM +0800, Glen Tapley wrote: Hello I have been having a lot of trouble with my sendmail setup, someone is using my system. I have found that when I run the last cmd, I find a lot of strange entries such as ftp ftp p50852BD8.dip.t- Sun Oct 6 03:57 - 03:57 (00:00) ftp ftp p508ECDDA.dip.t- Sun Oct 6 03:37 - 03:37 (00:00) ftp ftp 212.171.38.1 Sat Oct 5 23:16 - 23:16 (00:00) ftp ftp 210.23.10.25 Sat Oct 5 18:40 - 18:40 (00:00) Can anyone tell me what these are, are they the result of programs accessing my TCP/IP addresses? Tx in advance. glt -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= -=-=- WAR IS GOOD FREEDOM IS SLAVERY IGNORANCE IS STRENGTH -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
unsubscribe kaschulze@web.de
__ WEB.DE Club - jetzt testen fur 1 Euro! Nutzen Sie Ihre Chance unter https://digitaledienste.web.de/Club/?mc=021105