from:"Petre Daniel"

A Happy New Year From Romania to all of you!

2001-12-31 Thread Petre Daniel




Petre L. Daniel,System Administrator
Canad Systems Pitesti Romania,
http://www.cyber.ro, email:[EMAIL PROTECTED]
Tel:+4048220044, +4048206200

A Happy New Year From Romania to all of you!

2001-12-31 Thread Petre Daniel




Petre L. Daniel,System Administrator
Canad Systems Pitesti Romania,
http://www.cyber.ro, email:[EMAIL PROTECTED]
Tel:+4048220044, +4048206200


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Securing bind..

2001-12-30 Thread Petre Daniel


thank you all very much.
you're right.if one doesn't have anything useful to say i'll recommand him 
to let others help..

thx guys.

At 10:02 PM 12/30/01 +0100, jernej horvat wrote:

On Sunday 30 December 2001 18:46, P Prince wrote:
> The eaisest and most failsafe way to secure bind is to install djbdns.

If you have nothing to say - do not speak.
--
Configuration options for BIND are listed on
http://www.isc.org/products/BIND/docs/config/

List of URL that might be usefull is here:
http://www.isc.org/products/BIND/contributions.html

Cricket Liu's presentation on how to secure BIND:
http://www.acmebw.com/papers/securing.pdf

Securing DNS:
http://www.psionic.com/papers/dns/
-
"acl" defines hosts or networks that you can either allow or deny access

"version" defines version number that bind answers if asked for it.
(like: 'this space for rent. contact hostmaster' ;])

"blackhole" defines hosts or networks that bind will not answer at all.
(ie.: 10.x.x.x, 192.168.x.x, 224.x)

"allow-recursion/allow-query" defines hosts or networks that can use your
server to get non-auth answers or do recursive queries.

"listen-on" defines interfaces and ports bind will listen on. If you don't
have any domains to server to the "outside" world, you just list the intranet
(NAT) interface in here.

"forward only" means that you will forward all request (and work ;]) to the
dns servers listed in "forwarders".
--
BOFH excuse #57:

Groundskeepers stole the root password


Petre L. Daniel,System Administrator
Canad Systems Pitesti Romania,
http://www.cyber.ro, email:[EMAIL PROTECTED]
Tel:+4048220044, +4048206200

Re: Securing bind..

2001-12-30 Thread Petre Daniel


thank you all very much.
you're right.if one doesn't have anything useful to say i'll recommand him 
to let others help..
thx guys.

At 10:02 PM 12/30/01 +0100, jernej horvat wrote:
>On Sunday 30 December 2001 18:46, P Prince wrote:
> > The eaisest and most failsafe way to secure bind is to install djbdns.
>
>If you have nothing to say - do not speak.
>--
>Configuration options for BIND are listed on
>http://www.isc.org/products/BIND/docs/config/
>
>List of URL that might be usefull is here:
>http://www.isc.org/products/BIND/contributions.html
>
>Cricket Liu's presentation on how to secure BIND:
>http://www.acmebw.com/papers/securing.pdf
>
>Securing DNS:
>http://www.psionic.com/papers/dns/
>-
>"acl" defines hosts or networks that you can either allow or deny access
>
>"version" defines version number that bind answers if asked for it.
>(like: 'this space for rent. contact hostmaster' ;])
>
>"blackhole" defines hosts or networks that bind will not answer at all.
>(ie.: 10.x.x.x, 192.168.x.x, 224.x)
>
>"allow-recursion/allow-query" defines hosts or networks that can use your
>server to get non-auth answers or do recursive queries.
>
>"listen-on" defines interfaces and ports bind will listen on. If you don't
>have any domains to server to the "outside" world, you just list the intranet
>(NAT) interface in here.
>
>"forward only" means that you will forward all request (and work ;]) to the
>dns servers listed in "forwarders".
>--
>BOFH excuse #57:
>
>Groundskeepers stole the root password

Petre L. Daniel,System Administrator
Canad Systems Pitesti Romania,
http://www.cyber.ro, email:[EMAIL PROTECTED]
Tel:+4048220044, +4048206200


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Securing bind..

2001-12-30 Thread Petre Daniel

Well,i know Karsten's on my back and all,but i have not much time to 
learn,and too many things to do at my firm,so i am asking if one of you has 
any idea how can bind be protected against that DoS attack and if someone 
has some good firewall for a dns server ( that resolves names for internal 
clients and also keeps some .ro domains) please post it to the list.. both 
ipchains and iptables variants are welcome..

thank you.

Petre L. Daniel,System Administrator
Canad Systems Pitesti Romania,
http://www.cyber.ro, email:[EMAIL PROTECTED]
Tel:+4048220044, +4048206200

Securing bind..

2001-12-30 Thread Petre Daniel


Well,i know Karsten's on my back and all,but i have not much time to 
learn,and too many things to do at my firm,so i am asking if one of you has 
any idea how can bind be protected against that DoS attack and if someone 
has some good firewall for a dns server ( that resolves names for internal 
clients and also keeps some .ro domains) please post it to the list.. both 
ipchains and iptables variants are welcome..
thank you.

Petre L. Daniel,System Administrator
Canad Systems Pitesti Romania,
http://www.cyber.ro, email:[EMAIL PROTECTED]
Tel:+4048220044, +4048206200


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: /etc/passwd ?

2001-12-27 Thread Petre Daniel

most of them are relics of software that you probably dont need,but be 
carefully what account you erase.
better comment them out.you can put a /etc/NOSHELL instead of /bin/sh or 
even /bin/false and they won't be able to login into the machine no more..


At 06:24 PM 12/27/01 -0600, Daniel Rychlik wrote:
I was wandering if I edited my /etc/passwd file and replaced all the 
/bin/sh to /bin/false , will that break anything?
What Im seeing is accounts like lp, games, uucp, proxy, postgres, and a 
slew of others that I dont use.


Thanks in advance Debian Guruz!
Daniel


Petre L. Daniel,System Administrator
Canad Systems Pitesti Romania,
http://www.cyber.ro, email:[EMAIL PROTECTED]
Tel:+4048220044, +4048206200

Re: /etc/passwd ?

2001-12-27 Thread Petre Daniel

most of them are relics of software that you probably dont need,but be 
carefully what account you erase.
better comment them out.you can put a /etc/NOSHELL instead of /bin/sh or 
even /bin/false and they won't be able to login into the machine no more..

At 06:24 PM 12/27/01 -0600, Daniel Rychlik wrote:
>I was wandering if I edited my /etc/passwd file and replaced all the 
>/bin/sh to /bin/false , will that break anything?
>What Im seeing is accounts like lp, games, uucp, proxy, postgres, and a 
>slew of others that I dont use.
>
>Thanks in advance Debian Guruz!
>Daniel

Petre L. Daniel,System Administrator
Canad Systems Pitesti Romania,
http://www.cyber.ro, email:[EMAIL PROTECTED]
Tel:+4048220044, +4048206200

-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Răspuns: How do I disable (close) ports?

2001-12-04 Thread Petre Daniel


-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Well,111 is the portmap port..carefully,its a gate for intrusion with
rpc attacks..
you must disable portmap. try something like "update-rc -f remove
portmap" or
"update-rc -f portmap remove" i forgot..

if that doesn work try blocking ports vias ipchains with something
like
"/sbin/ipchains -s 0/0 -d MY_MACHINE_IP 111 -p tcp -j DENY -l"
 cya

 Petre L. Daniel
 Linux Administrator,Canad Systems Pitesti
 http://www.cyber.ro email:[EMAIL PROTECTED]
 phone: +4048220044,+4048206200

- -Mesaj original-
De la: J. Paul Bruns-Bielkowicz [mailto:[EMAIL PROTECTED]
Trimis: Tuesday, December 04, 2001 12:18 PM
Către: debian-security@lists.debian.org
Subiect: How do I disable (close) ports?


Hi,
I disabled all but a few ports in /etc/services, but I have
tcp0  0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
ESTABLISHED
when I netstat my machine. What exactly does this mean? I just want
25/tcp opensmtp
37/tcp opentime
66/tcp opensql*net
80/tcp openhttp
110/tcpopenpop-3
443/tcpopenhttps
3306/tcp   openmysql
open. How can I close ports 111 and 859? They are not enabled in
/etc/services
Thanks,
J. Paul Bruns-Bielkowicz
http://www.america.prv.pl


- --
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBPA3VnSVopXqImSTYEQLWmACfeHFgiD5RXNVZlkTQR2TzJqAEiAAAn2Rl
dDQS28W+nY02Y6QyAN+NwrOU
=XZqf
-END PGP SIGNATURE-

Rãspuns: per IP billing

2001-12-04 Thread Petre Daniel

 what about ip accounting?

 Petre L. Daniel
 Linux Administrator,Canad Systems Pitesti
 http://www.cyber.ro email:[EMAIL PROTECTED]
 phone: +4048220044,+4048206200

-Mesaj original-
De la: Yotam Rubin [mailto:[EMAIL PROTECTED]
Trimis: Tuesday, December 04, 2001 1:51 AM
Catre: Debian-Security List
Subiect: Re: per IP billing

On Tue, Dec 04, 2001 at 04:35:04PM +0800, Marcel Welschbillig wrote:
> Hi all !
>
> Know this is a bit off subject but dose anybody know any good programs
> to use for monitoring Megabytes per IP address. What i want to do is
> have a LAN and be able to get data on how many MB each host downloaded
> for billing purposes.

argus is a fairly general tool which can accommodate this type of
monitoring.
Fetch both the argus-server and the argus-client packages. racount in
argus-client is probably what you need.

Regards, Yotam Rubin

>
> Any help much appreciated
>
>
> Marcel
>
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]

Răspuns: How do I disable (close) ports?

2001-12-04 Thread Petre Daniel



-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Well,111 is the portmap port..carefully,its a gate for intrusion with
rpc attacks..
you must disable portmap. try something like "update-rc -f remove
portmap" or
"update-rc -f portmap remove" i forgot..

if that doesn work try blocking ports vias ipchains with something
like
"/sbin/ipchains -s 0/0 -d MY_MACHINE_IP 111 -p tcp -j DENY -l"
 cya

 Petre L. Daniel
 Linux Administrator,Canad Systems Pitesti
 http://www.cyber.ro email:[EMAIL PROTECTED]
 phone: +4048220044,+4048206200

- -Mesaj original-
De la: J. Paul Bruns-Bielkowicz [mailto:[EMAIL PROTECTED]]
Trimis: Tuesday, December 04, 2001 12:18 PM
Către: [EMAIL PROTECTED]
Subiect: How do I disable (close) ports?


Hi,
I disabled all but a few ports in /etc/services, but I have
tcp0  0 pa237.olsztyn.sdi.t:111 80.116.215.37:1064
ESTABLISHED
when I netstat my machine. What exactly does this mean? I just want
25/tcp opensmtp
37/tcp opentime
66/tcp opensql*net
80/tcp openhttp
110/tcpopenpop-3
443/tcpopenhttps
3306/tcp   openmysql
open. How can I close ports 111 and 859? They are not enabled in
/etc/services
Thanks,
J. Paul Bruns-Bielkowicz
http://www.america.prv.pl


- --
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]

-BEGIN PGP SIGNATURE-
Version: PGPfreeware 7.0.3 for non-commercial use 

iQA/AwUBPA3VnSVopXqImSTYEQLWmACfeHFgiD5RXNVZlkTQR2TzJqAEiAAAn2Rl
dDQS28W+nY02Y6QyAN+NwrOU
=XZqf
-END PGP SIGNATURE-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Rãspuns: per IP billing

2001-12-04 Thread Petre Daniel


 what about ip accounting?

 Petre L. Daniel
 Linux Administrator,Canad Systems Pitesti
 http://www.cyber.ro email:[EMAIL PROTECTED]
 phone: +4048220044,+4048206200

-Mesaj original-
De la: Yotam Rubin [mailto:[EMAIL PROTECTED]]
Trimis: Tuesday, December 04, 2001 1:51 AM
Catre: Debian-Security List
Subiect: Re: per IP billing


On Tue, Dec 04, 2001 at 04:35:04PM +0800, Marcel Welschbillig wrote:
> Hi all !
>
> Know this is a bit off subject but dose anybody know any good programs
> to use for monitoring Megabytes per IP address. What i want to do is
> have a LAN and be able to get data on how many MB each host downloaded
> for billing purposes.

argus is a fairly general tool which can accommodate this type of
monitoring.
Fetch both the argus-server and the argus-client packages. racount in
argus-client is probably what you need.

Regards, Yotam Rubin

>
> Any help much appreciated
>
>
> Marcel
>
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Rãspuns: Rãspuns: finding hidden processes

2001-12-03 Thread Petre Daniel

its okay to me.i didn't followed so close your emails and replies,
your system was compromised,or you just suspect that?
is that a permanent online box? can you unplugged it and look closely into
it?
chkrootkit is pretty gewd,but personally i trust only me. *grin*
take care,
Dani.

-Mesaj original-
De la: Tarjei Huse [mailto:[EMAIL PROTECTED]
Trimis: Monday, December 03, 2001 1:01 PM
Catre: debian-security@lists.debian.org
Cc: debian-security@lists.debian.org
Subiect: Re: Rãspuns: finding hidden processes

Thanks, I got:
dev_to_tty
tdev
/dev/pts/%s
/dev/%s
/dev/tty%s
/dev/pty%s
/dev/%snsole
Obsolete W option not supported. (You have a /dev/drum?)

Any comments? Does this look ok?

Tarjei

Petre Daniel wrote:
>
> -Mesaj original-
> De la: Tarjei Huse [mailto:[EMAIL PROTECTED]
> Trimis: Monday, December 03, 2001 9:15 AM
> Catre: debian-security@lists.debian.org
> Cc: debian-security@lists.debian.org
> Subiect: finding hidden processes
>
> Hi If I run chkproc from the chkrootid package I get:
> You have 3 process hidden for readdir command
> You have 3 process hidden for ps command
>
> How can I find these processes?
> Tarjei
>
> try "strings /bin/ps | grep dev" and if ps is corrupted you will see the
> location
> of the configuration files for the rootkit.go there and look into
them.good
> luck.
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>
> _
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com

--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]

_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Rãspuns: finding hidden processes

2001-12-03 Thread Petre Daniel



-Mesaj original-
De la: Tarjei Huse [mailto:[EMAIL PROTECTED]
Trimis: Monday, December 03, 2001 9:15 AM
Catre: debian-security@lists.debian.org
Cc: debian-security@lists.debian.org
Subiect: finding hidden processes


Hi If I run chkproc from the chkrootid package I get:
You have 3 process hidden for readdir command
You have 3 process hidden for ps command

How can I find these processes?
Tarjei

try "strings /bin/ps | grep dev" and if ps is corrupted you will see the
location
of the configuration files for the rootkit.go there and look into them.good
luck.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Rãspuns: Rãspuns: finding hidden processes

2001-12-03 Thread Petre Daniel


its okay to me.i didn't followed so close your emails and replies,
your system was compromised,or you just suspect that?
is that a permanent online box? can you unplugged it and look closely into
it?
chkrootkit is pretty gewd,but personally i trust only me. *grin*
take care,
Dani.

-Mesaj original-
De la: Tarjei Huse [mailto:[EMAIL PROTECTED]]
Trimis: Monday, December 03, 2001 1:01 PM
Catre: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subiect: Re: Rãspuns: finding hidden processes


Thanks, I got:
dev_to_tty
tdev
/dev/pts/%s
/dev/%s
/dev/tty%s
/dev/pty%s
/dev/%snsole
Obsolete W option not supported. (You have a /dev/drum?)

Any comments? Does this look ok?

Tarjei

Petre Daniel wrote:
>
> -Mesaj original-
> De la: Tarjei Huse [mailto:[EMAIL PROTECTED]]
> Trimis: Monday, December 03, 2001 9:15 AM
> Catre: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subiect: finding hidden processes
>
> Hi If I run chkproc from the chkrootid package I get:
> You have 3 process hidden for readdir command
> You have 3 process hidden for ps command
>
> How can I find these processes?
> Tarjei
>
> try "strings /bin/ps | grep dev" and if ps is corrupted you will see the
> location
> of the configuration files for the rootkit.go there and look into
them.good
> luck.
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact
> [EMAIL PROTECTED]
>
> _
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Rãspuns: finding hidden processes

2001-12-03 Thread Petre Daniel




-Mesaj original-
De la: Tarjei Huse [mailto:[EMAIL PROTECTED]]
Trimis: Monday, December 03, 2001 9:15 AM
Catre: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subiect: finding hidden processes


Hi If I run chkproc from the chkrootid package I get:
You have 3 process hidden for readdir command
You have 3 process hidden for ps command

How can I find these processes?
Tarjei

try "strings /bin/ps | grep dev" and if ps is corrupted you will see the
location
of the configuration files for the rootkit.go there and look into them.good
luck.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact
[EMAIL PROTECTED]


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

What this means in my logs?

2001-11-30 Thread Petre Daniel

Heya,i got those lines often lately..Can anyone explain me every
little part of it?
If you can drop an url link too,it would be great..
Thank you.

Nov 30 16:16:28 brutus-gw kernel: Packet log: input DENY eth1 PROTO=6 
210.86.20.213:1621
194.102.92.21:6000 L=48 S=0x00 I=52039 F=0x4000 T=102 SYN (#1)

c yah,
Dani.


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

What this means in my logs?

2001-11-30 Thread Petre Daniel


Heya,i got those lines often lately..Can anyone explain me every
little part of it?
If you can drop an url link too,it would be great..
Thank you.

Nov 30 16:16:28 brutus-gw kernel: Packet log: input DENY eth1 PROTO=6 
210.86.20.213:1621
194.102.92.21:6000 L=48 S=0x00 I=52039 F=0x4000 T=102 SYN (#1)

c yah,
Dani.


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Debian GNU/Linux 2.2r3 vulnerabilities ?

2001-10-24 Thread Petre Daniel

-BEGIN PGP SIGNED MESSAGE-
Hash: MD5

Heya,
 I run a potato at home and i will set the computer at work
  with potato as well.Since that will be a 24h internet connected
 pc,i am wondering what are the 2.2 release 3 vulnerabilities for
  the sistem installed from the cds without any online update.
 Is the ssh package in potato vulnerable?
 I'd appreciate it if you can give me some urls.
 thx,
 Dani,
 hackers unsupport.

-BEGIN PGP SIGNATURE-
Version: 2.6

iQCVAwUAO9d5bcw1CXXrWGBbAQED7gQAmoKv0NVCTKa2MuEiPcVBHg27TMu58WCa
IcmoCDe9BAgq9VDQUENPzlRiFceFQQkK1skoO0+sCn8I4SXu+cO2vdVuaPyHtdlg
UpLpI5mx0BBYavLmQ1AmdUp0z4aTFkpMneTiXV1GEwvz6xzFXGRFqBkNbQGOnvvO
bjMyDw60aT4=
=wDVj
-END PGP SIGNATURE-


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Debian GNU/Linux 2.2r3 vulnerabilities ?

2001-10-24 Thread Petre Daniel


-BEGIN PGP SIGNED MESSAGE-
Hash: MD5

Heya,
 I run a potato at home and i will set the computer at work
  with potato as well.Since that will be a 24h internet connected
 pc,i am wondering what are the 2.2 release 3 vulnerabilities for
  the sistem installed from the cds without any online update.
 Is the ssh package in potato vulnerable?
 I'd appreciate it if you can give me some urls.
 thx,
 Dani,
 hackers unsupport.

-BEGIN PGP SIGNATURE-
Version: 2.6

iQCVAwUAO9d5bcw1CXXrWGBbAQED7gQAmoKv0NVCTKa2MuEiPcVBHg27TMu58WCa
IcmoCDe9BAgq9VDQUENPzlRiFceFQQkK1skoO0+sCn8I4SXu+cO2vdVuaPyHtdlg
UpLpI5mx0BBYavLmQ1AmdUp0z4aTFkpMneTiXV1GEwvz6xzFXGRFqBkNbQGOnvvO
bjMyDw60aT4=
=wDVj
-END PGP SIGNATURE-


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re[2]: Port Scan for UDP

2001-10-21 Thread Petre Daniel

-BEGIN PGP SIGNED MESSAGE-
Hash: MD5

also netstat -n -p -t --listening | grep ":PORT"


VD> Hi,

VD> On Sat, Oct 20, 2001 at 09:22:57PM -0700,
VD> tony mancill <[EMAIL PROTECTED]> wrote:
>> On Sat, 20 Oct 2001, Marc Wilson wrote:
>>
>> > Adding or removing lines in /etc/services doesn't open or close ports...
>> > this is a common misconception.  Removing what's listening on a particular
>> > port is what closes that port.
>>
>> A good way to find out what process is listening on a port is to load the
>> lsof package and use "lsof -i" (as root so that you'll see everything).

VD> You can also use "netstat -pan" to find out which process is listening on
VD> which port.

VD> regards,
VD> Volker

-BEGIN PGP SIGNATURE-
Version: 2.6

iQCVAwUAO9LuA8w1CXXrWGBbAQHHfwQAnnPo0f/RkZMaQk4S40qKjciv+YG+vOMw
JHP5c6JVGyrwIVq51v0lNGjIFRzg/jXkuVBNfIoDhDXvNwbzoy30r+KG0jAYRmWX
eoTdQzcd3MayOEhENei+ON67g6Ndw8lLW35gTXuSuGPkuAUqZCqYIwDJkVkPR3j4
bCSwXXX4FS8=
=6XxD
-END PGP SIGNATURE-


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Re: nmap ...

2001-10-21 Thread Petre Daniel

-BEGIN PGP SIGNED MESSAGE-
Hash: MD5

well,first you gotta chill..:>>
do you have a lan there? is your debian a gateway/router for the lan?
maybe you use a masquerade for some of those computers..
there can be an aplication in windows that connects through that port
to the internet.
so like if that port is always changing perhaps there is traffic on
your network,and the windows applications connect to the internet on
those ports.note them and mail them here :>
Dani,
hackers unsupport.

sli> hi, when I make nmap I read my open ports more one suspect (every time is
sli> one new port). So I make nmap another time and I read my realy open ports
sli> without the last.

sli> ?

sli> what is it ?

sli> example:
sli> [EMAIL PROTECTED]:~$ nmap debian

sli> Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
sli> Interesting ports on debian (127.0.0.1):
sli> PortState   Protocol  Service
sli> 23  opentcptelnet
sli> 25  opentcpsmtp
sli> 111 opentcpsunrpc
sli> 2020opentcpxinupageserver
sli> 6000opentcpX11

sli> Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

sli> 2020 ???

sli> now I make nmap another time:
sli> [EMAIL PROTECTED]:~$ nmap debian

sli> Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
sli> Interesting ports on debian (127.0.0.1):
sli> PortState   Protocol  Service
sli> 23  opentcptelnet
sli> 25  opentcpsmtp
sli> 111 opentcpsunrpc
sli> 6000opentcpX11

sli> Nmap run completed -- 1 IP address (1 host up) scanned in 1 second





sli> the port is not the same every time 


sli> _

sli> Sebastian Ezequiel Ovide

-BEGIN PGP SIGNATURE-
Version: 2.6

iQCVAwUAO9LtUMw1CXXrWGBbAQFL9QQAo/vQgPh6B36bMNTWcDIoCY/R8lj3l40N
YY6HfO7HJS31pg621ZMvin9sfyTmSXREp2p43vOoRsCvK1BuZWgZaMlwReUdDjdA
AEf2sfnZ8EkFkp/Y2EZ4sorYekCw5tXogow77XfOWcPUN6NtFtfDwArqe/0wSxzT
fFgo9jcPIuE=
=e5jM
-END PGP SIGNATURE-


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Re[2]: Port Scan for UDP

2001-10-21 Thread Petre Daniel


-BEGIN PGP SIGNED MESSAGE-
Hash: MD5

also netstat -n -p -t --listening | grep ":PORT"


VD> Hi,

VD> On Sat, Oct 20, 2001 at 09:22:57PM -0700,
VD> tony mancill <[EMAIL PROTECTED]> wrote:
>> On Sat, 20 Oct 2001, Marc Wilson wrote:
>>
>> > Adding or removing lines in /etc/services doesn't open or close ports...
>> > this is a common misconception.  Removing what's listening on a particular
>> > port is what closes that port.
>>
>> A good way to find out what process is listening on a port is to load the
>> lsof package and use "lsof -i" (as root so that you'll see everything).

VD> You can also use "netstat -pan" to find out which process is listening on
VD> which port.

VD> regards,
VD> Volker

-BEGIN PGP SIGNATURE-
Version: 2.6

iQCVAwUAO9LuA8w1CXXrWGBbAQHHfwQAnnPo0f/RkZMaQk4S40qKjciv+YG+vOMw
JHP5c6JVGyrwIVq51v0lNGjIFRzg/jXkuVBNfIoDhDXvNwbzoy30r+KG0jAYRmWX
eoTdQzcd3MayOEhENei+ON67g6Ndw8lLW35gTXuSuGPkuAUqZCqYIwDJkVkPR3j4
bCSwXXX4FS8=
=6XxD
-END PGP SIGNATURE-


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: nmap ...

2001-10-21 Thread Petre Daniel


-BEGIN PGP SIGNED MESSAGE-
Hash: MD5

well,first you gotta chill..:>>
do you have a lan there? is your debian a gateway/router for the lan?
maybe you use a masquerade for some of those computers..
there can be an aplication in windows that connects through that port
to the internet.
so like if that port is always changing perhaps there is traffic on
your network,and the windows applications connect to the internet on
those ports.note them and mail them here :>
Dani,
hackers unsupport.

sli> hi, when I make nmap I read my open ports more one suspect (every time is
sli> one new port). So I make nmap another time and I read my realy open ports
sli> without the last.

sli> ?

sli> what is it ?

sli> example:
sli> seba@debian:~$ nmap debian

sli> Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
sli> Interesting ports on debian (127.0.0.1):
sli> PortState   Protocol  Service
sli> 23  opentcptelnet
sli> 25  opentcpsmtp
sli> 111 opentcpsunrpc
sli> 2020opentcpxinupageserver
sli> 6000opentcpX11

sli> Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

sli> 2020 ???

sli> now I make nmap another time:
sli> seba@debian:~$ nmap debian

sli> Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
sli> Interesting ports on debian (127.0.0.1):
sli> PortState   Protocol  Service
sli> 23  opentcptelnet
sli> 25  opentcpsmtp
sli> 111 opentcpsunrpc
sli> 6000opentcpX11

sli> Nmap run completed -- 1 IP address (1 host up) scanned in 1 second





sli> the port is not the same every time 


sli> _

sli> Sebastian Ezequiel Ovide

-BEGIN PGP SIGNATURE-
Version: 2.6

iQCVAwUAO9LtUMw1CXXrWGBbAQFL9QQAo/vQgPh6B36bMNTWcDIoCY/R8lj3l40N
YY6HfO7HJS31pg621ZMvin9sfyTmSXREp2p43vOoRsCvK1BuZWgZaMlwReUdDjdA
AEf2sfnZ8EkFkp/Y2EZ4sorYekCw5tXogow77XfOWcPUN6NtFtfDwArqe/0wSxzT
fFgo9jcPIuE=
=e5jM
-END PGP SIGNATURE-


_
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

A Happy New Year From Romania to all of you!

A Happy New Year From Romania to all of you!

Re: Securing bind..

Re: Securing bind..

Securing bind..

Securing bind..

Re: /etc/passwd ?

Re: /etc/passwd ?

Răspuns: How do I disable (close) ports?

Rãspuns: per IP billing

Răspuns: How do I disable (close) ports?

Rãspuns: per IP billing

Rãspuns: Rãspuns: finding hidden processes

Rãspuns: finding hidden processes

Rãspuns: Rãspuns: finding hidden processes

Rãspuns: finding hidden processes

What this means in my logs?

What this means in my logs?

Debian GNU/Linux 2.2r3 vulnerabilities ?

Debian GNU/Linux 2.2r3 vulnerabilities ?

Re[2]: Port Scan for UDP

Re: nmap ...

Re[2]: Port Scan for UDP

Re: nmap ...

24 matches

Site Navigation

Mail list logo

Footer information