Crypto-Swap questions

2004-01-21 Thread Johannes Graumann 
Hello,

Following loosely this document:
http://www.sdc.org/~leila/usb-dongle/readme.html
I have set up (or tried) to encrypt my swap partition (/dev/hda2).
Here is what I did:
* create /usr/local/sbin/crypto-swap (modified!)
#!/bin/sh
# Run this script somewhere in your startup scripts _after_
# random number generator has been initialized and /usr has
# been mounted. (md5sum, uuencode, tail and head programs usually
# reside in /usr/bin/)  
+# insert cypher module into kernel
+   modprobe aes

# encrypted swap partition
SWAPDEVICE=/dev/hda2

# loop device name
LOOPDEV=/dev/loop6

MD=`dd if=${SWAPDEVICE} bs=4k count=10 2/dev/null | md5sum`
for X in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 ; do
   dd if=/dev/zero of=${SWAPDEVICE} bs=4k count=10 \ 
   conv=notrunc 2/dev/null
   sync
done
UR=`dd if=/dev/urandom bs=18 count=1 2/dev/null \  
|uuencode -m - | head -n 2 | tail-n 1`
+echo ${MD}${UR} | losetup -p 0 -e aes -k 256 ${LOOPDEV}${SWAPDEVICE}   -echo 
${MD}${UR} | losetup -p 0-e aes-256-cbc${LOOPDEV} ${SWAPDEVICE} 
MD=
UR=
dd if=/dev/zero of=${LOOPDEV} bs=4k count=10 conv=notrunc 2/dev/null   sync
mkswap ${LOOPDEV}
sync
swapon ${LOOPDEV}
-- chmod 700 /usr/local/sbin/crypto-swap
* wipe -k /dev/hda2
* crypto-swap -- works!
* edit /etc/init.d/checkroot.sh:
+ outcomment:
[ $VERBOSE != no ]  echo Activating swap.
swapon -a 2 /dev/null
+ REPLACE WITH:
[ $VERBOSE != no ]  echo Activating CRYPTO-swap.
/usr/local/sbin/crypto-swap

Upon inspection of dmesg I see the following:
Adding 1461904k swap on /dev/loop6. Priority:-1 extents:1
Looks good, no?
However, a little further I read:
Unable to find swap-space signature

'cat /proc/swaps' gives me this output:
Filename   TypeSizeUsedPriority
/dev/loop6 partition   1461904 0   -1

I would greatly appreciate if someone could give me any insight into
whether I now have encrypted swap or not.

Also: do people have benchmarks how much this procedure might slow
things down? Is the encryptionloop significantly slower than
diskwrite/read speed?

Thanks for any hints -

Joh


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: 2.6.1 CryptoAPI woes

2004-01-21 Thread Johannes Graumann 
I feel this is kind of over my head ... to boil it down: does it even
make sense to run reiserfs inside a loopback partition?

Thanks, Joh


On Wed, 21 Jan 2004 01:34:25 -0400
Peter Cordes [EMAIL PROTECTED] wrote:

 On Tue, Jan 20, 2004 at 11:58:41PM -0500, Hubert Chan wrote:
   Johannes == Johannes Graumann [EMAIL PROTECTED] writes:
  
  [...]
  
  Johannes And on another note: in
  Johannes
  http://www.mirrors.wiretapped.net/security/cryptography/filesystems/loop-aes/loop-AES.README
  Johannes I read the following: Don't use a journaling file system
  on Johannes top of file backed loop device, unless underlying file
  system Johannes is journaled and guarantees data=ordered or
  data=journal. Johannes Can anybody comment on whether I can use
  reiserfs on top of my Johannes loopback?
  
  The comment has nothing to do with whether or not your encrypted
  filesystem is a journaling filesystem with or without data=ordered. 
 
  Actually, it does.
 
  It
  has to do with using a file-backed loop device (versus
  partition-backed loop device), where the file is sitting on a
  journaling filesystem.  If your loop device is a partition, or is
  file-based, but sits on top of a non-journaled filesystem
 
  Wait a second;  I think this one doesn't belong in the list of things
  that
 will be correct.
 
  or a journaled filesystem with data=ordered or
  journaled, then you can use any filesystem without problems.  (Or,
  at least, you won't (shouldn't) run into any problems other than
  what you might run into if it were not on a loopback device.)
  
  Basically, if you don't have data=ordered, or data=journaled, any
  system crash could completely screw up your entire loopback,
  rendering it completely unusable.  If you don't plan on having any
  system crashes or hard reboots, I think you can still run a loopback
  on top a non-data=ordered journaled filesystem fairly safely.
 
  No, the point is that journaling file systems depend on stuff being
  written
 to disk in the order they want, so if something goes wrong at _any_
 moment, they can pick up the pieces.  ext3 with data=writeback, for
 example, only bothers to strictly control the order of metadata.  A
 loopback to a file on such a filesystem will not preserve write
 ordering, so a journaling filesystem on top of it will be making false
 assumptions.  Filesystem metadata (which needs to be ordered) is just
 data on the loopback device. However, if the underlying filesystem
 preserves data ordering, it can satisfy the requirements of the
 journaling filesystem that's on top of it.
 
  I'm not sure if you need data=journal on the underlying filesystem
  for
 data=journal on the loopback filesystem to make sense, but I don't
 think so.
 
 -- 
 #define X(x,y) x##y
 Peter Cordes ;  e-mail: X([EMAIL PROTECTED] , des.ca)
 
 The gods confound the man who first found out how to distinguish the
 hours!
  Confound him, too, who in this place set up a sundial, to cut and
  hack my day so wretchedly into small pieces! -- Plautus, 200 BC
 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: strange apache error.log entry

2004-01-21 Thread Markus Schabel 
Jan Minar wrote:
On Wed, Jan 21, 2004 at 01:28:32AM +0100, Markus Schabel wrote:

I don't know what the surrounding lines are, but the core of your
posting is a wget(1) logfile/stderr output :-)  This isn't the standard
wget in the main distribution; IIRC, it's the busybox' one.  Busybox'
small footprint makes it ideal for floppy-based distros  rescue disks
(such as Debian boot-floppies).
sure, i know what wget is ;-)
the interesting thing is that these lines are in the apache log-file
(the surrounding two lines belong to apache)
best regards

/var/log/apache/error.log:

[Sun Jan 18 14:54:35 2004] [error] [client 80.142.221.116] File does not 
exist: /var/www/sammy/www/bc-nrw/images/halb_banner_med.jpg


Beginning of wget output:


--14:59:21--  http://www.geocities.com/fonias28/psybnc.tgz
snip

14:59:24 (273.38 KB/s) - `psybnc.tgz' saved [577509/577509]


End of wget output (maybe the following blank line belongs to it,
too).


[Sun Jan 18 15:23:42 2004] [error] [client 217.24.233.220] File does not 
exist: /var/www/sammy/www/bc-nrw/images/halb_banner_med.jpg


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: strange apache error.log entry

2004-01-21 Thread Markus Schabel 
François TOURDE wrote:
Le 12438ième jour après Epoch,
[EMAIL PROTECTED] écrivait:

Hi,


can you tell me what the following means in an apache error.log and
The log is the out put of wget command.Most probably the command which
resulted in this entry is wget
http://www.geocities.com/fonias28/psybnc.tgz -o
/var/log/apache/error.log


Or just a php script allowing execution of commands, then wget was
launched this way...
Check your machine, it can be compromised :)
I already know that the machine got compromised, I came across these log
lines while searching which hole was used...
best regards
markus
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: 2.6.1 CryptoAPI woes

2004-01-21 Thread Peter Cordes 
On Tue, Jan 20, 2004 at 11:07:51PM -0800, Johannes Graumann wrote:
 I feel this is kind of over my head ... to boil it down: does it even
 make sense to run reiserfs inside a loopback partition?

 Yes, if the file you're looping back to is on a journalled filesystem, or
is a partition.

 (ext3 is fine, but you need to patch reiserfs for ordered data.)

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X([EMAIL PROTECTED] , des.ca)

The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces! -- Plautus, 200 BC


signature.asc
Description: Digital signature

Re: strange apache error.log entry

2004-01-21 Thread Bastian Blank 
On Wed, Jan 21, 2004 at 12:04:58PM +1100, Russell Coker wrote:
 Looks like they used wget to download psybnc, it's an IRC bot.

No, psybnc is an IRC bouncer and the archive includes a binary and the
sources:

| $ file psybnc
| psybnc: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for GNU/Linux 
2.0.0, statically linked, stripped

So i assume its a script kiddy which wants to abuse several IRC servers.

Bastian

-- 
Superior ability breeds superior ambition.
-- Spock, Space Seed, stardate 3141.9


signature.asc
Description: Digital signature

Re: Crypto-Swap questions

2004-01-21 Thread Peter Cordes 
On Tue, Jan 20, 2004 at 10:53:10PM -0800, Johannes Graumann wrote:
 Is the encryptionloop significantly slower than
 diskwrite/read speed?

 No, but it uses CPU, and disk I/O doesn't (when using dma:  with IDE, use
hdparm -v /dev/hda  to check.  With SCSI, well, you bought it so you
wouldn't have to worry about crap like that. :)

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X([EMAIL PROTECTED] , des.ca)

The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces! -- Plautus, 200 BC


signature.asc
Description: Digital signature

subscribe

2004-01-21 Thread Johannes Weiss 

-- 
-BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDvcCvERBAD6wb5wTnnHT2mqikeu91PdHSR+fGOOdtqTz638CFNupGw7yF9q
Cljs7koC5aN8cF3Zusy40XE4vtpoHUzYR4WZkRNh66wq2XUqWbfDnaCDGZmv8UKi
lsfklAUugCLHwr2moViimViDZJrHB4vrvs0EejR93iiKJtej5Rd389306wCg1a4c
c4j/f8l5zbg57B5JW64NeEcEAL+6ogQsFNz5RGZjo3gpXrDMUhMxS41wtxLQBctR
kC1+dSLJV21Ct2+11DO855vjfJ6s6vc/gzfsJpJNebjlzhei8TlTnq6scRFy2dqq
TxcT+KCae/TRt0EtMZmIcwNT/BlCL6Hu0tq1qYHlDNEH4LPYWxc2VBH8umdKdFsc
EKLiBADaklj0JNiYuMZ/a8Ten1ZiOaYZtJpwBIs40VIzC8tV4mNaWUTyKdwIJ5y0
AgsH4NvE59O/tNdFKKjeAJZkXJ+TfSCUAiSMU+qVwnj7qFp6bWbb4fQC9QACfReY
EEof4PlcfD5wNHt0OgG9Ld/N/WmqQVXcD9hUlPyhzUEZa85tx7QgSm9oYW5uZXMg
V2Vpc3MgPHdlaXNzaUB0dXg0dS5kZT6IVwQTEQIAFwUCO9wK8QULBwoDBAMVAwID
FgIBAheAAAoJEN5ZFZLy/RaXLuYAoKuYhpALoUZri+Ot6s/jZbVr6C5VAKCdWoxR
MKnsBhTswupXig0zWTmbArkBDQQ73AsHEAQA349UY31h4Mm5pus5E24i6iavwfQb
5oH4SOmI63f/5K1uh2NNzc/D2kQHc1C2bLabGtMClodntSEH2gSSp7hVuQsoWlMp
U+3XazP+nu43NP5EAqnF6/2XyQZDCkHeCKMFNzdGE2MohGXFgt0r0BHgidKbhX98
lt8uv9iIt630xSMAAwUEAJfhYru1cUnLX7TUHm23UaD3Jbb91kYhvnjByGgwOKP7
DAgp0RShMPXRTVDjjm04hD0tPFPa72IB+o+LI2Z0fP4LSSiz3+iSCG+xzsIAURNU
+wjkPckg/lF246Kp8SSmObWhFtbykhB1RCs2XskWgnfyUoiXfROejIIYxb2WUyOb
iEYEGBECAAYFAjvcCwcACgkQ3lkVkvL9FpetdwCfaeGpZK4bXTgQTLpTaWPCpaEA
6bQAn3fCp58k0bqtMOFuHA0BolXG+eNJ
=RF52
-END PGP PUBLIC KEY BLOCK-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: 2.6.1 CryptoAPI woes

2004-01-21 Thread Johannes Graumann 
On Wed, 21 Jan 2004 05:12:18 -0400
Peter Cordes [EMAIL PROTECTED] wrote:

 On Tue, Jan 20, 2004 at 11:07:51PM -0800, Johannes Graumann wrote:
  I feel this is kind of over my head ... to boil it down: does it
  even make sense to run reiserfs inside a loopback partition?
 
  Yes, if the file you're looping back to is on a journalled
  filesystem, or
 is a partition.
 
  (ext3 is fine, but you need to patch reiserfs for ordered data.)

OK, I'm using a partition - will stick with ext3 for now to circumvent
patching. I'm sufficiently fighting with the swsuspend2 patch ;0)

Thanks!

Joh


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

get error: /bin/sh: line1: myfilter: command in boot messages...

2004-01-21 Thread Walter Tautz 
specically I have a /bin/sh script in /etc/network/if-pre-up.d/myfilter:

#! /bin/sh

iptables -X
iptables -F


iptables -A OUTPUT -p tcp --destination-port telnet -j REJECT



which DOES work. I wonder why it's complaining about the line #! /bin/sh
during the boot messages. Note no such output is in dmesg.

NOTE if I take it out it completely fails...





-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: get error: /bin/sh: line1: myfilter: command in boot messages...

2004-01-21 Thread Horst Pflugstaedt 
On Wed, Jan 21, 2004 at 02:11:39PM -0500, Walter Tautz wrote:
 #! /bin/sh
[...]
 which DOES work. I wonder why it's complaining about the line #! /bin/sh
 during the boot messages. Note no such output is in dmesg.

Hi,


ever tried the line 
#!/bin/sh
?

all my scripts seem to lack the space.

hope I'm right :-)

Horst.

-- 
Join the army, see the world, meet interesting, exciting people, and kill them.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

information security trends and patterns for 2003

2004-01-21 Thread abe.usher 



By studying messages on various information 
security mailing lists, I've created a visual depiction of INFOSEC community 
trends over time. You can view my report at:http://www.sharp-ideas.net/research/infosec_zeitgeist.html

If you'd like to leave me comments, you can post 
them to my blog at:http://www.sharp-ideas.net/archives/16.html#more

Cheers,Abe Usher, 
CISSP

Crypto-Swap questions

2004-01-21 Thread Johannes Graumann 
Hello,

Following loosely this document:
http://www.sdc.org/~leila/usb-dongle/readme.html
I have set up (or tried) to encrypt my swap partition (/dev/hda2).
Here is what I did:
* create /usr/local/sbin/crypto-swap (modified!)
#!/bin/sh
# Run this script somewhere in your startup scripts _after_
# random number generator has been initialized and /usr has
# been mounted. (md5sum, uuencode, tail and head programs usually
# reside in /usr/bin/)  
+# insert cypher module into kernel
+   modprobe aes

# encrypted swap partition
SWAPDEVICE=/dev/hda2

# loop device name
LOOPDEV=/dev/loop6

MD=`dd if=${SWAPDEVICE} bs=4k count=10 2/dev/null | md5sum`
for X in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 ; do
   dd if=/dev/zero of=${SWAPDEVICE} bs=4k count=10 \ 
   conv=notrunc 2/dev/null
   sync
done
UR=`dd if=/dev/urandom bs=18 count=1 2/dev/null \  
|uuencode -m - | head -n 2 | tail-n 1`
+echo ${MD}${UR} | losetup -p 0 -e aes -k 256 ${LOOPDEV}${SWAPDEVICE}   -echo 
${MD}${UR} | losetup -p 0-e aes-256-cbc${LOOPDEV} ${SWAPDEVICE} 
MD=
UR=
dd if=/dev/zero of=${LOOPDEV} bs=4k count=10 conv=notrunc 2/dev/null   sync
mkswap ${LOOPDEV}
sync
swapon ${LOOPDEV}
-- chmod 700 /usr/local/sbin/crypto-swap
* wipe -k /dev/hda2
* crypto-swap -- works!
* edit /etc/init.d/checkroot.sh:
+ outcomment:
[ $VERBOSE != no ]  echo Activating swap.
swapon -a 2 /dev/null
+ REPLACE WITH:
[ $VERBOSE != no ]  echo Activating CRYPTO-swap.
/usr/local/sbin/crypto-swap

Upon inspection of dmesg I see the following:
Adding 1461904k swap on /dev/loop6. Priority:-1 extents:1
Looks good, no?
However, a little further I read:
Unable to find swap-space signature

'cat /proc/swaps' gives me this output:
Filename   TypeSizeUsedPriority
/dev/loop6 partition   1461904 0   -1

I would greatly appreciate if someone could give me any insight into
whether I now have encrypted swap or not.

Also: do people have benchmarks how much this procedure might slow
things down? Is the encryptionloop significantly slower than
diskwrite/read speed?

Thanks for any hints -

Joh

Re: 2.6.1 CryptoAPI woes

2004-01-21 Thread Johannes Graumann 
I feel this is kind of over my head ... to boil it down: does it even
make sense to run reiserfs inside a loopback partition?

Thanks, Joh


On Wed, 21 Jan 2004 01:34:25 -0400
Peter Cordes [EMAIL PROTECTED] wrote:

 On Tue, Jan 20, 2004 at 11:58:41PM -0500, Hubert Chan wrote:
   Johannes == Johannes Graumann [EMAIL PROTECTED] writes:
  
  [...]
  
  Johannes And on another note: in
  Johannes
  http://www.mirrors.wiretapped.net/security/cryptography/filesystems/loop-aes/loop-AES.README
  Johannes I read the following: Don't use a journaling file system
  on Johannes top of file backed loop device, unless underlying file
  system Johannes is journaled and guarantees data=ordered or
  data=journal. Johannes Can anybody comment on whether I can use
  reiserfs on top of my Johannes loopback?
  
  The comment has nothing to do with whether or not your encrypted
  filesystem is a journaling filesystem with or without data=ordered. 
 
  Actually, it does.
 
  It
  has to do with using a file-backed loop device (versus
  partition-backed loop device), where the file is sitting on a
  journaling filesystem.  If your loop device is a partition, or is
  file-based, but sits on top of a non-journaled filesystem
 
  Wait a second;  I think this one doesn't belong in the list of things
  that
 will be correct.
 
  or a journaled filesystem with data=ordered or
  journaled, then you can use any filesystem without problems.  (Or,
  at least, you won't (shouldn't) run into any problems other than
  what you might run into if it were not on a loopback device.)
  
  Basically, if you don't have data=ordered, or data=journaled, any
  system crash could completely screw up your entire loopback,
  rendering it completely unusable.  If you don't plan on having any
  system crashes or hard reboots, I think you can still run a loopback
  on top a non-data=ordered journaled filesystem fairly safely.
 
  No, the point is that journaling file systems depend on stuff being
  written
 to disk in the order they want, so if something goes wrong at _any_
 moment, they can pick up the pieces.  ext3 with data=writeback, for
 example, only bothers to strictly control the order of metadata.  A
 loopback to a file on such a filesystem will not preserve write
 ordering, so a journaling filesystem on top of it will be making false
 assumptions.  Filesystem metadata (which needs to be ordered) is just
 data on the loopback device. However, if the underlying filesystem
 preserves data ordering, it can satisfy the requirements of the
 journaling filesystem that's on top of it.
 
  I'm not sure if you need data=journal on the underlying filesystem
  for
 data=journal on the loopback filesystem to make sense, but I don't
 think so.
 
 -- 
 #define X(x,y) x##y
 Peter Cordes ;  e-mail: X([EMAIL PROTECTED] , des.ca)
 
 The gods confound the man who first found out how to distinguish the
 hours!
  Confound him, too, who in this place set up a sundial, to cut and
  hack my day so wretchedly into small pieces! -- Plautus, 200 BC

Re: strange apache error.log entry

2004-01-21 Thread Markus Schabel 

Jan Minar wrote:

On Wed, Jan 21, 2004 at 01:28:32AM +0100, Markus Schabel wrote:

I don't know what the surrounding lines are, but the core of your
posting is a wget(1) logfile/stderr output :-)  This isn't the standard
wget in the main distribution; IIRC, it's the busybox' one.  Busybox'
small footprint makes it ideal for floppy-based distros  rescue disks
(such as Debian boot-floppies).


sure, i know what wget is ;-)
the interesting thing is that these lines are in the apache log-file
(the surrounding two lines belong to apache)

best regards


/var/log/apache/error.log:

[Sun Jan 18 14:54:35 2004] [error] [client 80.142.221.116] File does not 
exist: /var/www/sammy/www/bc-nrw/images/halb_banner_med.jpg



Beginning of wget output:



--14:59:21--  http://www.geocities.com/fonias28/psybnc.tgz


snip


14:59:24 (273.38 KB/s) - `psybnc.tgz' saved [577509/577509]



End of wget output (maybe the following blank line belongs to it,
too).



[Sun Jan 18 15:23:42 2004] [error] [client 217.24.233.220] File does not 
exist: /var/www/sammy/www/bc-nrw/images/halb_banner_med.jpg

Re: strange apache error.log entry

2004-01-21 Thread Markus Schabel 

François TOURDE wrote:

Le 12438ième jour après Epoch,
[EMAIL PROTECTED] écrivait:



Hi,



can you tell me what the following means in an apache error.log and


The log is the out put of wget command.Most probably the command which
resulted in this entry is wget
http://www.geocities.com/fonias28/psybnc.tgz -o
/var/log/apache/error.log



Or just a php script allowing execution of commands, then wget was
launched this way...

Check your machine, it can be compromised :)


I already know that the machine got compromised, I came across these log
lines while searching which hole was used...

best regards
markus

Re: 2.6.1 CryptoAPI woes

2004-01-21 Thread Peter Cordes 
On Tue, Jan 20, 2004 at 11:07:51PM -0800, Johannes Graumann wrote:
 I feel this is kind of over my head ... to boil it down: does it even
 make sense to run reiserfs inside a loopback partition?

 Yes, if the file you're looping back to is on a journalled filesystem, or
is a partition.

 (ext3 is fine, but you need to patch reiserfs for ordered data.)

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X([EMAIL PROTECTED] , des.ca)

The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces! -- Plautus, 200 BC


signature.asc
Description: Digital signature

Re: strange apache error.log entry

2004-01-21 Thread Bastian Blank 
On Wed, Jan 21, 2004 at 12:04:58PM +1100, Russell Coker wrote:
 Looks like they used wget to download psybnc, it's an IRC bot.

No, psybnc is an IRC bouncer and the archive includes a binary and the
sources:

| $ file psybnc
| psybnc: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), for 
GNU/Linux 2.0.0, statically linked, stripped

So i assume its a script kiddy which wants to abuse several IRC servers.

Bastian

-- 
Superior ability breeds superior ambition.
-- Spock, Space Seed, stardate 3141.9


signature.asc
Description: Digital signature

subscribe

2004-01-21 Thread Johannes Weiss 

-- 
-BEGIN PGP PUBLIC KEY BLOCK-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

mQGiBDvcCvERBAD6wb5wTnnHT2mqikeu91PdHSR+fGOOdtqTz638CFNupGw7yF9q
Cljs7koC5aN8cF3Zusy40XE4vtpoHUzYR4WZkRNh66wq2XUqWbfDnaCDGZmv8UKi
lsfklAUugCLHwr2moViimViDZJrHB4vrvs0EejR93iiKJtej5Rd389306wCg1a4c
c4j/f8l5zbg57B5JW64NeEcEAL+6ogQsFNz5RGZjo3gpXrDMUhMxS41wtxLQBctR
kC1+dSLJV21Ct2+11DO855vjfJ6s6vc/gzfsJpJNebjlzhei8TlTnq6scRFy2dqq
TxcT+KCae/TRt0EtMZmIcwNT/BlCL6Hu0tq1qYHlDNEH4LPYWxc2VBH8umdKdFsc
EKLiBADaklj0JNiYuMZ/a8Ten1ZiOaYZtJpwBIs40VIzC8tV4mNaWUTyKdwIJ5y0
AgsH4NvE59O/tNdFKKjeAJZkXJ+TfSCUAiSMU+qVwnj7qFp6bWbb4fQC9QACfReY
EEof4PlcfD5wNHt0OgG9Ld/N/WmqQVXcD9hUlPyhzUEZa85tx7QgSm9oYW5uZXMg
V2Vpc3MgPHdlaXNzaUB0dXg0dS5kZT6IVwQTEQIAFwUCO9wK8QULBwoDBAMVAwID
FgIBAheAAAoJEN5ZFZLy/RaXLuYAoKuYhpALoUZri+Ot6s/jZbVr6C5VAKCdWoxR
MKnsBhTswupXig0zWTmbArkBDQQ73AsHEAQA349UY31h4Mm5pus5E24i6iavwfQb
5oH4SOmI63f/5K1uh2NNzc/D2kQHc1C2bLabGtMClodntSEH2gSSp7hVuQsoWlMp
U+3XazP+nu43NP5EAqnF6/2XyQZDCkHeCKMFNzdGE2MohGXFgt0r0BHgidKbhX98
lt8uv9iIt630xSMAAwUEAJfhYru1cUnLX7TUHm23UaD3Jbb91kYhvnjByGgwOKP7
DAgp0RShMPXRTVDjjm04hD0tPFPa72IB+o+LI2Z0fP4LSSiz3+iSCG+xzsIAURNU
+wjkPckg/lF246Kp8SSmObWhFtbykhB1RCs2XskWgnfyUoiXfROejIIYxb2WUyOb
iEYEGBECAAYFAjvcCwcACgkQ3lkVkvL9FpetdwCfaeGpZK4bXTgQTLpTaWPCpaEA
6bQAn3fCp58k0bqtMOFuHA0BolXG+eNJ
=RF52
-END PGP PUBLIC KEY BLOCK-

Re: 2.6.1 CryptoAPI woes

2004-01-21 Thread Johannes Graumann 
On Wed, 21 Jan 2004 05:12:18 -0400
Peter Cordes [EMAIL PROTECTED] wrote:

 On Tue, Jan 20, 2004 at 11:07:51PM -0800, Johannes Graumann wrote:
  I feel this is kind of over my head ... to boil it down: does it
  even make sense to run reiserfs inside a loopback partition?
 
  Yes, if the file you're looping back to is on a journalled
  filesystem, or
 is a partition.
 
  (ext3 is fine, but you need to patch reiserfs for ordered data.)

OK, I'm using a partition - will stick with ext3 for now to circumvent
patching. I'm sufficiently fighting with the swsuspend2 patch ;0)

Thanks!

Joh

get error: /bin/sh: line1: myfilter: command in boot messages...

2004-01-21 Thread Walter Tautz 
specically I have a /bin/sh script in /etc/network/if-pre-up.d/myfilter:

#! /bin/sh

iptables -X
iptables -F


iptables -A OUTPUT -p tcp --destination-port telnet -j REJECT



which DOES work. I wonder why it's complaining about the line #! /bin/sh
during the boot messages. Note no such output is in dmesg.

NOTE if I take it out it completely fails...

Re: get error: /bin/sh: line1: myfilter: command in boot messages...

2004-01-21 Thread Horst Pflugstaedt 
On Wed, Jan 21, 2004 at 02:11:39PM -0500, Walter Tautz wrote:
 #! /bin/sh
[...]
 which DOES work. I wonder why it's complaining about the line #! /bin/sh
 during the boot messages. Note no such output is in dmesg.

Hi,


ever tried the line 
#!/bin/sh
?

all my scripts seem to lack the space.

hope I'm right :-)

Horst.

-- 
Join the army, see the world, meet interesting, exciting people, and kill them.

Re: 2.6.1 CryptoAPI woes

2004-01-21 Thread Adam ENDRODI 
On Wed, Jan 21, 2004 at 05:12:18AM -0400, Peter Cordes wrote:
 On Tue, Jan 20, 2004 at 11:07:51PM -0800, Johannes Graumann wrote:
  I feel this is kind of over my head ... to boil it down: does it even
  make sense to run reiserfs inside a loopback partition?
 
  Yes, if the file you're looping back to is on a journalled filesystem, or
 is a partition.

Does keeping the log off the loopbacked file make any difference?

bit,
adam

-- 
Am I a cleric? | 1024D/37B8D989
Or maybe a sinner? | 954B 998A E5F5 BA2A 3622
Unbeliever?| 82DD 54C2 843D 37B8 D989
Renegade?  | http://sks.dnsalias.net

Re: get error: /bin/sh: line1: myfilter: command in boot messages...

2004-01-21 Thread Bernd S. Brentrup 
On Wed, Jan 21, 2004 at 02:11:39PM -0500, Walter Tautz wrote:
 specically I have a /bin/sh script in /etc/network/if-pre-up.d/myfilter:
 
 #! /bin/sh
[...]
 which DOES work. I wonder why it's complaining about the line #! /bin/sh
 during the boot messages. Note no such output is in dmesg.

The shebang bites again :) Here's some reading on it:

  http://www.in-ulm.de/~mascheck/various/shebang/

Thanks
. Siggy