Re: [OT][hlds_linux] rcon hacking w/out being logged into server?
On Fri, Feb 28, 2003 at 09:13:06AM +1300, Jeremy Brooking wrote: On Fri, 2003-02-28 at 08:27, Blaine Kahle wrote: Oh come on. Let's assume you're paranoid and are filtering outbound traffic as well, a somewhat rare practice. I manage to get my software rare? well yes I suppose it is when you install a 'Packetfilter' like zonealarm and call it a 'Firewall' Are you addressing this to me, or to the public in general? I am not Joe Home User; I thought I made that clear already. But every firewall ive ever administered has either used statefull inspection and/or filtered outgoing traffic. Stateful inspection is not outbound filtering. installed on one of your inside machines. It connects to port 80 of a computer I control on the outside. Your firewall allows inside computers to connect to port 80 on remote machines, because preventing your boss from surfing the web doesn't fly well with him. However, I'm not running a web server on port 80, I'm running one end of a simple TCP tunnel program, the inside computer acting as the other end. I now have the ability to execute arbitrary commands/software inside your network. And that's just one of the obvious attack methods. And then we are back to a dmz again. Throw in a cache, problem solved. Again? A DMZ was not mentioned at all, nor was a proxy or a cache. Please stop introducing new elements into the debate. The situation was machine-firewall-world. There are lots of ways to improve this, yes, but I'm not going to iterate through all of them in an attempt to make myself look knoweldgeable. We were discussing why having a range of open ports with no listeners is bad when you have malicious software running behind your firewall. Just because you've got one compromised system doesn't mean the cracker owns everything. Secure in layers and catch them before they get too far. Of course not. I didn't think I needed to explain all the details to the experts. Allowing incoming ports that don't always have listeners is bad practice. I didn't say it was a good thing. I said it was a moot point in the case of malicious software already installed, and I've further explained that. Then we have another issue... An admin that doesnt have his machine tripwired? Tripwire is a specific product, or rather a line of products. How does the trojaning of a file apply to what we're discussing? New code can be introduced without replacing existing files, or are you proposing that an alarm should be thrown up every time a new file is created on a system? Nancy better not save that word document, lest she get a visit from the Friendly Admin! :) A better product to detect the attack I described would be a network IDS. Hopefully, it'd recognize executable code, or match some other malicious signature on the packets passing through. If all the insider program needs is instructions on what attack to perform, then things get tougher, as it's hard for an IDS to detect something like function 01 on the wire as being malicious. This discussion is now rather off-topic for the hlds_linux list, so I encourage anyone wishing to discuss firewall best-practices to email off-list. Oh you mean like 99% of the traffic on this list? Just because others do it, doesn't make it right. With that, I end my participation in this thread, which is rapidly deteriorating into masked flames. -- Blaine Kahle [EMAIL PROTECTED] 0x178AA0E0 ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] test
testing... ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] testing
I was using telnet via a ssh console to send a message to see if the list software was responding to email requests (from on the machine itself, it wasn't for a while until I fixed it :) Sorry if I didn't take the time to include [OT] in the subject, its painful enough to construct an email that the list server will accept... Eric (Deacon) wrote: Or at least have the courtesy to mark them [OT] in the subject line. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] testing
Wow, I just realized my grammar. Typing over a lagged VNC connection sucks. - Tyler [TASF]Overkill Schwend Semper facere bonum, an a amare odium, vita mors. Waiting for our enemies to strike us first is as dangerous and irresponsible as it is an act of ignorance. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Tyler Overkill Schwend Sent: Saturday, March 01, 2003 9:32 PM To: [EMAIL PROTECTED] Subject: RE: [hlds_linux] testing Haha, I was waiting for Eric to respond with this typical postiquette. Looks like he's having a bad day. Maybe, just maybe, someone who is too inconsiderate/n00b to post a test message here has never used a mailinglist extensively and is therefore unsure of the postiquette of that particular list? I doubt it was done out of consideration. - Tyler [TASF]Overkill Schwend Semper facere bonum, an a amare odium, vita mors. Waiting for our enemies to strike us first is as dangerous and irresponsible as it is an act of ignorance. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] test
And before anyone else complains, there will be a couple more of these percolating through due to smtp queueing :) It was due to me testing the list server, not testing an email client... Alfred wrote: testing... ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] latest hlds beta version
HI, Well i havn't upgraded and mine does the same as your - Seems like a Won problem... /Regards Frank - Original Message - From: Jay Anstiss [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 27, 2003 9:34 PM Subject: Re: [hlds_linux] latest hlds beta version Folks - I uploaded the latest beta version for hlds to my game dir (being: /home/server2 - hlds is one up from there), then unpacked it (and it seemed to update the main hlds dir with no hassle), but then when I restart the server it seems to hang and not go beyond the below pasted text: Host_Init Added packfile /home/server2/hlds_l/valve/pak0.pak (985 files) Protocol version 46 Exe version 3.1.1.0 Exe build: 14:17:24 Sep 26 2002 (2163) Can anyone suggest what's going on here? Jay. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] My Linux Server Won't startup
Hi All, Aii What is Now wrong I shutdown my server, and now i can't start it. It just Hangs. Has Valve problems??? I know how to start my HLDM server since i have run it for more than 1.5 years now... Does anyone have the same problem as I have now??? Regards Frank ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] My Linux Server Won't startup
Hi All, Aii What is Now wrong I shutdown my server, and now i can't start it. It just Hangs. Has Valve problems??? I know how to start my HLDM server since i have run it for more than 1.5 years now... Does anyone have the same problem as I have now??? Regards Frank ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] My Linux Server Won't startup
This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] Hi All, Aii What is Now wrong I shutdown my server, and now i can't start it. It just Hangs. Has Valve problems??? I know how to start my HLDM server since i have run it for more than 1.5 years now... Does anyone have the same problem as I have now??? Regards Frank -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] My Linux Server Won't startup
This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] Hi All, Aii What is Now wrong I shutdown my server, and now i can't start it. It just Hangs. Has Valve problems??? I know how to start my HLDM server since i have run it for more than 1.5 years now... Does anyone have the same problem as I have now??? Regards Frank -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] WON issues atm?
Yeah, it's kinda annoying =) A player tries to connect and it just 'freezes' HL =/ *sigh* ~Poof - Original Message - From: Jeremy Brooking [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 27, 2003 15:11 Subject: [hlds_linux] WON issues atm? Just wondering if there are won issues atm. I just had a few emails start coming in asking whats up. VALVe are there any known issues atm? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] WON issues atm?
On Thursday 27 February 2003 05:11 pm, Jeremy Brooking wrote: Just wondering if there are won issues atm. I just had a few emails start coming in asking whats up. VALVe are there any known issues atm? It appears as if the WON servers are down right now ... please be patient :) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Mike DaiTengu Miller Webmaster: http://war-ensemble.com Sysop: telnet://bbs.war-ensemble.com StatsMe Team: http://www.unitedadmins.com/StatsMe.php -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] WON issues atm?
Damn servers -_- I sent this on the 27th! Anyhow... Whee~ ~PoofServ - Original Message - Sent: Thursday, February 27, 2003 16:52 Subject: Re: [hlds_linux] WON issues atm? Yeah, it's kinda annoying =) A player tries to connect and it just 'freezes' HL =/ *sigh* ~Poof - Original Message - From: Jeremy Brooking [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, February 27, 2003 15:11 Subject: [hlds_linux] WON issues atm? Just wondering if there are won issues atm. I just had a few emails start coming in asking whats up. VALVe are there any known issues atm? ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] test
testing :) ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] exec banned.cfg?
This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] I run 3 servers and am trying to figure out how to share the banlist. gr. This has become quite a chore. Should +exec banned.cfg be in the startup line of the server, or should I place it in server.cfg? hondaman - admin www.hardcs.com -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] rcon hacking w/out being logged into server?
Blaine Kahle said: Oh come on [snip] ...I now have the ability to execute arbitrary commands/software inside your network. Yes, there are many things you can do because you've found a vulnerability on a box on my network. The point I am making is that there is one fewer thing you can do if I haven't allowed unnecessary incoming ports - you cannot put up a listener. Listeners allow you to easily control the box without making use of the exploit each time you want to do something. Most times when you can execute abitrary code with an exploit, it requires an overflow (i.e. crash). While you're trying to figure out how to make your trojan work, somebody is going to notice the server keeps crashing and eventually patch it... hopefully with code that is no longer vulnerable. If you do business on the Internet, you will be hacked. The point is to slow down the attacker as much as possible so as to minimize the damage. Allowing incoming connections to ports that do not have a specific process listening is something that should be avoided. -Mad ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
RE: [hlds_linux] exec banned.cfg?
If you have a BIG banned.cfg you want to have it in the command line. The reason behind this is because the server exec banned.cfg so it may slow down your map change since your server is Writing IDS to ban..just do from command its much more effective, and use exec listip.cfg in your server.cfg White Tiger* -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of hondaman Sent: Saturday, March 01, 2003 10:10 PM To: [EMAIL PROTECTED] Subject: [hlds_linux] exec banned.cfg? This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] I run 3 servers and am trying to figure out how to share the banlist. gr. This has become quite a chore. Should +exec banned.cfg be in the startup line of the server, or should I place it in server.cfg? hondaman - admin www.hardcs.com -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] WON issues atm?
hehehehe funny:-) - Original Message - From: HLDS List [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, March 02, 2003 5:11 AM Subject: RE: [hlds_linux] WON issues atm? Really? They called me. Are you sure they have your current phone number? :) -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of SQLBoy Sent: Saturday, March 01, 2003 8:04 PM To: [EMAIL PROTECTED] Subject: Re: [hlds_linux] WON issues atm? I'm shocked and disgusted noone from Valve has called me personally to inform me of this outage. On Thu, 2003-02-27 at 18:18, Brian A. Stumm wrote: On 28 Feb 2003, Jeremy Brooking wrote: Just wondering if there are won issues atm. I just had a few emails start coming in asking whats up. Your not the only one... WON must be down. ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux -- SQLBoy [EMAIL PROTECTED] http://www.playway.net ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
Re: [hlds_linux] testing
these test post can get interesting at times, love the humor. killa guy for posting a test message O_o regards, Sebastian - [BBR] Gaming Clan http://www.broadbandreports.com - Original Message - From: Eric (Deacon) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Saturday, March 01, 2003 9:27 PM Subject: RE: [hlds_linux] testing | Or at least have the courtesy to mark them [OT] in the subject line. | | -- | Eric (the Deacon remix) | | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED] On Behalf Of hondaman | Sent: Saturday, March 01, 2003 7:50 PM | To: [EMAIL PROTECTED] | Subject: RE: [hlds_linux] testing | | | Please post testing messages in the testing mailing list. | | -Original Message- | From: [EMAIL PROTECTED] | [mailto:[EMAIL PROTECTED] On Behalf Of | [EMAIL PROTECTED] | Sent: Saturday, March 01, 2003 7:58 PM | To: [EMAIL PROTECTED] | Subject: [hlds_linux] testing | | | Testing. | | ___ | To unsubscribe, edit your list preferences, or view the list | archives, please visit: | http://list.valvesoftware.com/mailman/listinfo/hlds_linux | | ___ | To unsubscribe, edit your list preferences, or view the list | archives, please visit: | http://list.valvesoftware.com/mailman/listinfo/hlds_linux | | ___ | To unsubscribe, edit your list preferences, or view the list archives, please visit: | http://list.valvesoftware.com/mailman/listinfo/hlds_linux ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
[hlds_linux] using mysql to handle bans
This is a multi-part message in MIME format. -- [ Picked text/plain from multipart/alternative ] There is a plugin for amx that is nice for sharing bans across multiple servers. After I installed it I realized there was a big problem: I *need* banned.cfg for psychostats still. Since the bans are written to mysql, and not banned.cfg, im kinda sol unless someone can help me make sql dump its ban list to a file right before stats are run so it can include any bans. Anyone have any thoughts or ideas? Thanks again hondaman - admin www.hardcs.com -- ___ To unsubscribe, edit your list preferences, or view the list archives, please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
