Re: [Full-disclosure] SSHD - PasswordAuthentication no/yes
afaik only brute forcing can be a problem. except of course if there is physically problems with the Password auth code, that too can cause a problem... but other than that i dont think there should be. winsoc wrote: > Hello List, > > not sure if this is a bit too off-topic. But I wanted to ask if there > are any Security problems when PasswordAuthentication gets changed > from no to yes on OpenSSH4.1 > > Regards. > > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Secure HTTP
nah. i just dont want our clear text http traffic to be sniffed which has been a know problem on our network a few times. Fredrik Leijon wrote: > Depending on what you want to do one solution is to use putty to > tunnel your traffic to a 'secure' node you have an account on. > > -Fredrik > > On 3/23/06, * Q Beukes* <[EMAIL PROTECTED] > <mailto:[EMAIL PROTECTED]>> wrote: > > Hey, > > Are their any open source proxy/tunneling software that makes it > possible to surf > both HTTP/HTTPS over an SSL/HTTPS connection. > > In other words I want all my http traffic to be encrypted... > > Thx > Q Beukes > > ___ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > <http://lists.grok.org.uk/full-disclosure-charter.html> > Hosted and sponsored by Secunia - http://secunia.com/ > > > > > -- > Status quo ante ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Secure HTTP
Hey, Are their any open source proxy/tunneling software that makes it possible to surf both HTTP/HTTPS over an SSL/HTTPS connection. In other words I want all my http traffic to be encrypted... Thx Q Beukes ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] strange domain name in phishing email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I think this would be a client side only thing. Netcat connected fine when I have such a name (167772398 - 10.0.0.238) as a target. The reason I say this is because how would apache know what to do with: Host: 167772398 It might have been a vhost, so I dont think they have support for this. NOTE: just my thoughts Julien GROSJEAN - Proxiad wrote: > I think you try to remove the slash at the end... What about the > logs ? > > > > Alice Bryson a écrit : >> BTW, this kind of ip address would not always work. i try to use >> http://2887060730/ to access an internal web server >> http://172.21.12.250, but failed. It said 400 bad request. I use >> Windows XP IE 6, web server is Apache on Windows 2003, does >> anyone know why? > > ___ Full-Disclosure - > We believe in it. Charter: > http://lists.grok.org.uk/full-disclosure-charter.html Hosted and > sponsored by Secunia - http://secunia.com/ > -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iQEVAwUBRBfdcLEDZDQ16UzTAQK2hQf/bLNUt/NOBlBFjg6x2jaKE2uQGee7uPm0 3TNdye/xgkqCBZ7b2F213fPjm4ERtijyUmKSMxWyMrMM4CSWI354mjVQqqY94FAk UbUDoZFKqUYAD5EJLuaTBLDPfrJCHJx0YwrZiHNVzGZEe2frEBn9I3AnAKvhjuGw kc6VIozuo0V8dSbumOTIkX3/ShhvyEnuZKyHD5dP7HW0PXgmV5Uz2oCnKPlSK7Q7 M4tN3jkCQJj7XyeOJuFK16kofnzPWa9B6iswnrQtEGrBLwslcuBDmLJz9HLVsKfy C3ll6DnG3H53flfFNp9adCl2iP7sPOTTgzSy275pHEg8kWM1j8ZVzQ== =86fl -END PGP SIGNATURE- ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Promiscious Device Detection
i know how it would be done. just thought if i could find the code/tool it could save me alot of time. Simon Richter wrote: > Hi, > > Q Beukes wrote: > >> I am looking for linux utility that checks if a specified machine's >> network device is in promiscious mode or not. > > Technically, promiscuous mode only affects packet reception, so it is > pretty difficult to detect; however most packet sniffers will not hide > the packets that would have been filtered normally from the kernel, so > the kernel should react to e.g. a ping or SYN packet that has the > correct destination IP address for that host, but would normally be > filtered by the MAC (e.g. with a different destination MAC address). > > I don't have a readymade utility for that (I'd code it if need arises, > but the days of Cheapernet are gone), but you can test from the shell > by creating a static ARP entry using the arp(8) tool and then pinging > the IP. > >Simon > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Promiscious Device Detection
Hey, I am looking for linux utility that checks if a specified machine's network device is in promiscious mode or not. c source is prefered so I could maybe modify (if needed) it so it actively search for such devices and syslog such finds. Thx Q Beukes ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Fuzzying
Hey, Anyone know of any tools similiar to FuzzyFiles, FuzzySniffAndSend and PeachFuzz but for the linux/bsd platform? Above mentioned can be found at: http://reedarvin.thearvins.com/tools.html Thx Q Beukes ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Automated Vulnerability Scanners
no, what I was talking about was programs/algorithms that actually scan software to find new unknown problems. i have never heard of anything like this myself nor can't think of an efficient way of implementing it, yet someone claimed they exist. I can't find any on google either? Gadi Evron wrote: > Q Beukes wrote: > >> Hey, >> >> Recently an interesting topic on a forum cought my attention. The topic >> was about automated vulnerability scanning. >> >> Does anyone know of a good not-too-technical FAQ/Paper on this >> topic? >> Does anyone know any good such scanners? > > > Beyond security (who I work for). > Qualys. > ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
[Full-disclosure] Automated Vulnerability Scanners
Hey, Recently an interesting topic on a forum cought my attention. The topic was about automated vulnerability scanning. Does anyone know of a good not-too-technical FAQ/Paper on this topic? Does anyone know any good such scanners? thx Q Beukes ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/