Re: Woody security updates report.
Alan James [EMAIL PROTECTED] writes: On Mon, 28 Jul 2003 09:18:31 -0500, Andrés Roldán [EMAIL PROTECTED] wrote: Is there any way, a tool or something to do that? You could install apt-listchanges. You'll get an email with the relevant changelog entries when something is upgraded. I have made a script (pretty bad coded) that makes half of what I needed. If you want to see it, it's located here: http://people.fluidsignal.com/~aroldan/debcheckupdates.sh I am still working on it. Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Andres Roldan [EMAIL PROTECTED] http://people.fluidsignal.com/~aroldan CSO, Fluidsignal Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Woody security updates report.
Alan James [EMAIL PROTECTED] writes: On Mon, 28 Jul 2003 09:18:31 -0500, Andrés Roldán [EMAIL PROTECTED] wrote: Is there any way, a tool or something to do that? You could install apt-listchanges. You'll get an email with the relevant changelog entries when something is upgraded. I have made a script (pretty bad coded) that makes half of what I needed. If you want to see it, it's located here: http://people.fluidsignal.com/~aroldan/debcheckupdates.sh I am still working on it. Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Andres Roldan [EMAIL PROTECTED] http://people.fluidsignal.com/~aroldan CSO, Fluidsignal Group
Woody security updates report.
Hi all. I have a Debian Woody up-to-date'd production server (it's daily updated) and I need a report of the security updates made in the server since a given time ago (a month, a couple of months or so). Is there any way, a tool or something to do that? Thanks in advance. -- Andres Roldan [EMAIL PROTECTED] http://people.fluidsignal.com/~aroldan CSO, Fluidsignal Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Woody security updates report.
Hi all. I have a Debian Woody up-to-date'd production server (it's daily updated) and I need a report of the security updates made in the server since a given time ago (a month, a couple of months or so). Is there any way, a tool or something to do that? Thanks in advance. -- Andres Roldan [EMAIL PROTECTED] http://people.fluidsignal.com/~aroldan CSO, Fluidsignal Group
iptables question
Hi. I was reading about certain kind of attacks about TCP sequence and I was wondering whether iptables is vulnerable to theses attacks. Especifically, whether iptables is capable to know if a RELATED or ESTABLISHED package is sent with a sequence number prediction attack and whether iptables is capable to know if the IP address has been spoofed by these means. -- Andres Roldan, CSO Fluidsignal Group -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
iptables question
Hi. I was reading about certain kind of attacks about TCP sequence and I was wondering whether iptables is vulnerable to theses attacks. Especifically, whether iptables is capable to know if a RELATED or ESTABLISHED package is sent with a sequence number prediction attack and whether iptables is capable to know if the IP address has been spoofed by these means. -- Andres Roldan, CSO Fluidsignal Group
kernel+grsecurity
Hi list. I am the CSO of a company and I am going to install several Debian woody machines with a kernel patched with grsecurity. Theses servers will be critical production-ready machines. The question is, what should I have to be aware of by compiling this kernel and what should I do to ensure a stability in those servers? Any input is aprreciated. Thanks in advance. -- Andres Roldan, CSO Fluidsignal Group -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi list. I am the CSO of a company and I am going to install several Debian woody machines with a kernel patched with grsecurity. Theses servers will be critical production-ready machines. The question is, what should I have to be aware of by compiling this kernel and what should I do to ensure a stability in those servers? Any input is aprreciated. Thanks in advance. - -- Andres Roldan, CSO Fluidsignal Group -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (GNU/Linux) iD8DBQE+yJgj2OByS7KTlusRAtv2AKDN7M/AVKGFDr0T9JFUWFHfRGbNqACfYE4n 7Vzp692AKWgIteUtTV+RRYM= =E3qq -END PGP SIGNATURE-
Re: found this in my /var/log/apache/access.log
It's a trojan virus that tries to find any IIS vulnerable using random IP. This is itself not a dangerous attack (of course, if you have a IIS around, it is), indeed it is not intended to be for you. Konstantin Filtschew [EMAIL PROTECTED] writes: hi, found this in my /var/log/apache/access.log, what does that mean: 217.37.212.241 - - [04/May/2003:15:17:22 +0200] GET /default.ida?XX XX%u9090%u6858%ucbd3%u7801%u 9090 %u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b 00%u 531b%u53ff%u0078%u%u00=a HTTP/1.0 404 277 - - 217.128.213.22 - - [04/May/2003:14:50:16 +0200] GET /default.ida?XX XX%u9090%u6858%ucbd3%u7801%u 9090 %u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b 00%u 531b%u53ff%u0078%u%u00=a HTTP/1.0 404 277 - - 217.218.66.141 - - [04/May/2003:13:39:56 +0200] GET /default.ida?XX XX%u9090%u6858%ucbd3%u7801%u 9090 %u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b 00%u 531b%u53ff%u0078%u%u00=a HTTP/1.0 404 277 - - 212.65.17.26 - - [04/May/2003:06:30:32 +0200] GET /.hash=680d6f5c4d584f6b5d941a f136938db3751a840b HTTP/1.1 404 324 - - 212.65.17.26 - - [04/May/2003:06:30:32 +0200] GET /.hash=e175a0da67b1fefbb5acd8 cdc7ccc516ede015d1 HTTP/1.1 404 324 - - 212.65.17.26 - - [04/May/2003:06:30:32 +0200] GET /.hash=8c10ba0aae81edb7ae51eb 156b2fcb770b66864a HTTP/1.1 404 324 - - thx for help Konstantin Filtschew -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- Andres Roldan, CSO Fluidsignal Group
Re: iptables forwarding to inside firewall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think you must chech your default policies. Besides, you should check the traffic from within your mail server with a tool such as snort or tcpdump and try logging your rules with the -j LOG match. Hanasaki JiJi [EMAIL PROTECTED] writes: Working on running a SMTP server inside the firewall that takes incoming SMTP traffic from outside the firewall. The below rules are not working. The firewall refuses connections. Any input on what wrong? Thanks, internal mailserver = 192.168.1.2 #$PROG -t nat -A PREROUTING -i $NIC_EXTERNAL -p tcp \ #-s 0/0 \ #--dport smtp -j DNAT --to-destination 192.168.1.2:25 #$PROG -A FORWARD -i $NIC_EXTERNAL -s 0/0 \ #-o $NIC_INTERNAL -d 192.168.1.2 -p tcp --dport smtp \ #-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #$PROG -A FORWARD -i $NIC_INTERNAL -s 192.168.1.2 \ #-o $NIC_EXTERNAL -d 0/0 -p tcp \ #-m state --state ESTABLISHED,RELATED -j ACCEPT -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - -- Andres Roldan CSO, Fluidsignal Group S.A. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+hWHG2OByS7KTlusRAiDGAKCnU+W5O4wF9x4vYpy80dfgHfJ0NwCffy71 89njxxEPMLIzsCR0p44W/XM= =18HH -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: iptables forwarding to inside firewall
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think you must chech your default policies. Besides, you should check the traffic from within your mail server with a tool such as snort or tcpdump and try logging your rules with the -j LOG match. Hanasaki JiJi [EMAIL PROTECTED] writes: Working on running a SMTP server inside the firewall that takes incoming SMTP traffic from outside the firewall. The below rules are not working. The firewall refuses connections. Any input on what wrong? Thanks, internal mailserver = 192.168.1.2 #$PROG -t nat -A PREROUTING -i $NIC_EXTERNAL -p tcp \ #-s 0/0 \ #--dport smtp -j DNAT --to-destination 192.168.1.2:25 #$PROG -A FORWARD -i $NIC_EXTERNAL -s 0/0 \ #-o $NIC_INTERNAL -d 192.168.1.2 -p tcp --dport smtp \ #-m state --state NEW,ESTABLISHED,RELATED -j ACCEPT #$PROG -A FORWARD -i $NIC_INTERNAL -s 192.168.1.2 \ #-o $NIC_EXTERNAL -d 0/0 -p tcp \ #-m state --state ESTABLISHED,RELATED -j ACCEPT -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] - -- Andres Roldan CSO, Fluidsignal Group S.A. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+hWHG2OByS7KTlusRAiDGAKCnU+W5O4wF9x4vYpy80dfgHfJ0NwCffy71 89njxxEPMLIzsCR0p44W/XM= =18HH -END PGP SIGNATURE-