Re: Major TCP Vulnerability
Greg Folkert [EMAIL PROTECTED] writes: This Vulnerability is ancient news, and it is not really a Vulnerability. It's one instance of a more general set of vulnerabilities which stem from the lack of control plane separation. What happens if the route goes dead? Same effect. Not quite. ISPs hope that link failures are not correlated (to some extend, they bet their business on it). If you can bring down links with deliberate attacks, there is a correlation, and the ISP typically suffers far more than from random link failures. Overloading a router with too many MAC addresses(overflow) has a similar effect, But this doesn't happen on a properly configured core router. It's an issue closer to the edge, not in the core. I don't quite understand this. Poisoning BGP would be more effective. It's not that easy. 8-) It's being done, mostly to cover up all kinds of net abuse, but not an extremely large scale. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Squid proxy help
I was just wondering if you know how I could possibly setup squid so that it will accept connections from the internet and filter before they hit a IIS6 hosted intranet. RTFM! http://www.squid-cache.org/Doc/FAQ/FAQ-10.html http://squid.visolve.com/squid/squid24s1/access_controls.htm Bye Volker Tanger ITK Security -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Squid proxy help
Craig Schneider a dit : Hi Guys I was just wondering if you know how I could possibly setup squid so that it will accept connections from the internet and filter before they hit a IIS6 hosted intranet. Any ideas at this point would be welcome. Thanks Craig Squid has quite nice docs that explain that kind of reverse-proxy setup. You can also consider using Apache with mod_proxy, and possibly mod_security Vincent -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody Backport of tripwire
On Thursday, 2004-04-22 at 20:32:42 -0400, Phillip Hofmeister wrote: Can anyone refer me to a woody backport of tripwire (or a version such as 2.3.1.2+)? I recently did a backport, but it's not up for downloads. I could mail it to you, or you can do it yourself from the package source. If you do that, you will need to use CXX=g++-3.0 GCC=gcc-3.0 dpkg-buildpackage -rfakeroot -us -uc (Or similar) g++ 2.95 will not do. HTH, Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | ... putting a mail server on the Internet without filtering is like | | covering yourself with barbecue sauce and breaking into the Charity| | Home for Badgers with Rabies.Michael Lucas | -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: kernel security problems again?
On Fri, 23 Apr 2004, Henrique de Moraes Holschuh wrote: There is also: * e1000: fix probable security hole yes, but while the other two problems affect almost any Linux workstation running 2.4.x the latter is relevant only to a specific piece of hardware (although I do have a few of those as well...). This makes it a bit less worrisome for me. Bye Giacomo -- _ Giacomo Mulas [EMAIL PROTECTED] _ OSSERVATORIO ASTRONOMICO DI CAGLIARI Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA) Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222 Tel. (UNICA): +39 070 675 4916 _ When the storms are raging around you, stay right where you are (Freddy Mercury) _ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody Backport of tripwire
On Fri, 23 Apr 2004, Phillip Hofmeister wrote: I did not realize 3.0+ was needed. The build dependencies did not specify that. I might file a bug against tripwire for that build dependency. it is meant for sid, the default compiler in sid is 3.3. I suppose this is the reason it does not need to be specified. This is what the maintainer might tell you if you file such a bug. Bye Giacomo -- _ Giacomo Mulas [EMAIL PROTECTED] _ OSSERVATORIO ASTRONOMICO DI CAGLIARI Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA) Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222 Tel. (UNICA): +39 070 675 4916 _ When the storms are raging around you, stay right where you are (Freddy Mercury) _ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody Backport of tripwire
On Fri, Apr 23, 2004 at 03:48:59PM -0400, Phillip Hofmeister wrote: Therefore, in my mind, it is mean for sid is not an excuse to omit a build dependency. What is to say there won't be a g++2 and g++3 package in sarge when it is released? If the build dependency is part of build-essential then it doesn't need to be explicitly stated by a given package. apt-cache show build-essential or see http://www.debian.org/doc/debian-policy/ch-source.html#s-pkg-relations noah pgp0.pgp Description: PGP signature
Squid proxy help
Hi Guys I was just wondering if you know how I could possibly setup squid so that it will accept connections from the internet and filter before they hit a IIS6 hosted intranet. Any ideas at this point would be welcome. Thanks Craig
Re: Squid proxy help
Try this link: http://www.google.com/search?q=squid+web+acceleratorsourceid=operanum=0ie=utf-8oe=utf-8 -- Adrian Minta [EMAIL PROTECTED]
Re: Major TCP Vulnerability
Greg Folkert [EMAIL PROTECTED] writes: This Vulnerability is ancient news, and it is not really a Vulnerability. It's one instance of a more general set of vulnerabilities which stem from the lack of control plane separation. What happens if the route goes dead? Same effect. Not quite. ISPs hope that link failures are not correlated (to some extend, they bet their business on it). If you can bring down links with deliberate attacks, there is a correlation, and the ISP typically suffers far more than from random link failures. Overloading a router with too many MAC addresses(overflow) has a similar effect, But this doesn't happen on a properly configured core router. It's an issue closer to the edge, not in the core. I don't quite understand this. Poisoning BGP would be more effective. It's not that easy. 8-) It's being done, mostly to cover up all kinds of net abuse, but not an extremely large scale. -- Current mail filters: many dial-up/DSL/cable modem hosts, and the following domains: atlas.cz, bigpond.com, postino.it, tiscali.co.uk, tiscali.cz, tiscali.it, voila.fr.
Re: Squid proxy help
I was just wondering if you know how I could possibly setup squid so that it will accept connections from the internet and filter before they hit a IIS6 hosted intranet. RTFM! http://www.squid-cache.org/Doc/FAQ/FAQ-10.html http://squid.visolve.com/squid/squid24s1/access_controls.htm Bye Volker Tanger ITK Security
kernel security problems again?
I just read the changelog for the 2.4.27-pre1 kernel released by Marcelo Tosatti, and saw two worrying lines in there: * Fix potential memory leak in devpts * Fix potential memory access to free memory in /proc handling Since most people use devpts and almost all use procfs, this would seem to affect just about anybody who is using a 2.4.x kernel, right? Can someone who is current with the linux kernel mailing list comment a bit about these two problems and their possible security implications? And maybe send a link to some thread in the mailing archives where these problems are discussed along with possible fixes for mere mortals like me who are decent programmers but not kernel hackers... Thanks, bye Giacomo -- _ Giacomo Mulas [EMAIL PROTECTED] _ OSSERVATORIO ASTRONOMICO DI CAGLIARI Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA) Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222 Tel. (UNICA): +39 070 675 4916 _ When the storms are raging around you, stay right where you are (Freddy Mercury) _
Re: kernel security problems again?
On Fri, 23 Apr 2004, Giacomo Mulas wrote: * Fix potential memory leak in devpts * Fix potential memory access to free memory in /proc handling There is also: * e1000: fix probable security hole -- One disk to rule them all, One disk to find them. One disk to bring them all and in the darkness grind them. In the Land of Redmond where the shadows lie. -- The Silicon Valley Tarot Henrique Holschuh
Re: Squid proxy help
Craig Schneider a dit : Hi Guys I was just wondering if you know how I could possibly setup squid so that it will accept connections from the internet and filter before they hit a IIS6 hosted intranet. Any ideas at this point would be welcome. Thanks Craig Squid has quite nice docs that explain that kind of reverse-proxy setup. You can also consider using Apache with mod_proxy, and possibly mod_security Vincent
Re: Woody Backport of tripwire
On Thursday, 2004-04-22 at 20:32:42 -0400, Phillip Hofmeister wrote: Can anyone refer me to a woody backport of tripwire (or a version such as 2.3.1.2+)? I recently did a backport, but it's not up for downloads. I could mail it to you, or you can do it yourself from the package source. If you do that, you will need to use CXX=g++-3.0 GCC=gcc-3.0 dpkg-buildpackage -rfakeroot -us -uc (Or similar) g++ 2.95 will not do. HTH, Lupe Christoph -- | [EMAIL PROTECTED] | http://www.lupe-christoph.de/ | | ... putting a mail server on the Internet without filtering is like | | covering yourself with barbecue sauce and breaking into the Charity| | Home for Badgers with Rabies.Michael Lucas |
Re: kernel security problems again?
On Fri, 23 Apr 2004, Henrique de Moraes Holschuh wrote: There is also: * e1000: fix probable security hole yes, but while the other two problems affect almost any Linux workstation running 2.4.x the latter is relevant only to a specific piece of hardware (although I do have a few of those as well...). This makes it a bit less worrisome for me. Bye Giacomo -- _ Giacomo Mulas [EMAIL PROTECTED] _ OSSERVATORIO ASTRONOMICO DI CAGLIARI Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA) Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222 Tel. (UNICA): +39 070 675 4916 _ When the storms are raging around you, stay right where you are (Freddy Mercury) _
Re: Woody Backport of tripwire
On Fri, 23 Apr 2004 at 11:07:23AM -0400, Lupe Christoph wrote: I recently did a backport, but it's not up for downloads. I could mail it to you, or you can do it yourself from the package source. If you do that, you will need to use CXX=g++-3.0 GCC=gcc-3.0 dpkg-buildpackage -rfakeroot -us -uc (Or similar) g++ 2.95 will not do. Thanks for shedding light on this. I had G++ installed (2.95) and it kept telling me no C++ Compiler, and I was getting quite frustrated (what the ^*^*(%(* do you mean no compiler, g++ is working?!?!?!)) I did not realize 3.0+ was needed. The build dependencies did not specify that. I might file a bug against tripwire for that build dependency. Thanks. -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import
Re: Woody Backport of tripwire
On Fri, 23 Apr 2004, Phillip Hofmeister wrote: I did not realize 3.0+ was needed. The build dependencies did not specify that. I might file a bug against tripwire for that build dependency. it is meant for sid, the default compiler in sid is 3.3. I suppose this is the reason it does not need to be specified. This is what the maintainer might tell you if you file such a bug. Bye Giacomo -- _ Giacomo Mulas [EMAIL PROTECTED] _ OSSERVATORIO ASTRONOMICO DI CAGLIARI Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA) Tel. (OAC): +39 070 71180 248 Fax : +39 070 71180 222 Tel. (UNICA): +39 070 675 4916 _ When the storms are raging around you, stay right where you are (Freddy Mercury) _
Re: Woody Backport of tripwire
On Fri, 23 Apr 2004 at 01:19:13PM -0400, Giacomo Mulas wrote: On Fri, 23 Apr 2004, Phillip Hofmeister wrote: I did not realize 3.0+ was needed. The build dependencies did not specify that. I might file a bug against tripwire for that build dependency. it is meant for sid, the default compiler in sid is 3.3. I suppose this is the reason it does not need to be specified. This is what the maintainer might tell you if you file such a bug. It is common for woody folk to backport packages from sid/sarge to woody by compiling them use apt-get source --compile or dpkg-buildpackage. I have seen packages with build depends of libxyz (=3.4). With few exceptions most packages that require a certain version of something to build it list that something as a build dependency (maybe a developer can help me out hereisn't it Debian policy to do so?) Therefore, in my mind, it is mean for sid is not an excuse to omit a build dependency. What is to say there won't be a g++2 and g++3 package in sarge when it is released? -- Phillip Hofmeister PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.asc | gpg --import
Re: Woody Backport of tripwire
On Fri, Apr 23, 2004 at 03:48:59PM -0400, Phillip Hofmeister wrote: Therefore, in my mind, it is mean for sid is not an excuse to omit a build dependency. What is to say there won't be a g++2 and g++3 package in sarge when it is released? If the build dependency is part of build-essential then it doesn't need to be explicitly stated by a given package. apt-cache show build-essential or see http://www.debian.org/doc/debian-policy/ch-source.html#s-pkg-relations noah pgputVmdKkpzp.pgp Description: PGP signature