Are you using dns?
- Original Message -
From: "phadell" <[EMAIL PROTECTED]>
To:
Sent: Thursday, November 15, 2001 2:44 PM
Subject: Re: is iptables slow?
> I think I was not so clear. Sorry, but my english is poor.
> I'll try to explain better.
>
> my policy is drop all INPUT, OUTPUT and
I think I was not so clear. Sorry, but my english is poor.
I'll try to explain better.
my policy is drop all INPUT, OUTPUT and FORWARD.
So, I must to open all the services that I'm using, that are:
ssh, ftp, ftp-data, smtp, pop3, http, https
In all services, I'm having a long delay if the iptable
Packages: linux-ftpd_0.11-8potato.2, linux-ftpd_0.17-8
since the inclusion of PAM support in this package, when used with "-l*"
command line option, syslog(3) uses the facility LOG_AUTH (setup by PAM)
instead of LOG_FTP (setup by ftpd and as stated in the man page).
i've looked at the code and d
Oops...
I am stupid little monkey :) !
> -Original Message-
> From: Dmitriy Kropivnitskiy [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, November 14, 2001 11:59 PM
> To: Antropov Anton; debian-security@lists.debian.org
> Subject: Re: Mentioning Layne one more time
>
>
> The name was Gerast
Are you using dns?
- Original Message -
From: "phadell" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, November 15, 2001 2:44 PM
Subject: Re: is iptables slow?
> I think I was not so clear. Sorry, but my english is poor.
> I'll try to explain better.
>
> my policy is drop a
I think I was not so clear. Sorry, but my english is poor.
I'll try to explain better.
my policy is drop all INPUT, OUTPUT and FORWARD.
So, I must to open all the services that I'm using, that are:
ssh, ftp, ftp-data, smtp, pop3, http, https
In all services, I'm having a long delay if the iptabl
Oops...
I am stupid little monkey :) !
> -Original Message-
> From: Dmitriy Kropivnitskiy [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, November 14, 2001 11:59 PM
> To: Antropov Anton; [EMAIL PROTECTED]
> Subject: Re: Mentioning Layne one more time
>
>
> The name was Gerastrat :)
>
> O
I'm glad to hear it. I will forward your message to Debian-Security,
where I saw it discussed.
Curt-
-Original Message-
From: Jaakko Niemi [mailto:[EMAIL PROTECTED]
Sent: Thursday, November 15, 2001 04:28
To: Howland, Curtis
Cc: [EMAIL PROTECTED]
Subject: Re: Suggestion for debian-securit
I'm glad to hear it. I will forward your message to Debian-Security,
where I saw it discussed.
Curt-
-Original Message-
From: Jaakko Niemi [mailto:[EMAIL PROTECTED]]
Sent: Thursday, November 15, 2001 04:28
To: Howland, Curtis
Cc: [EMAIL PROTECTED]
Subject: Re: Suggestion for debian-securi
FTP is a funny protocol. Do you use masquarading? Did you use state modules
or just opened port 21? You need to have -s RELATED in order to have nice FTP.
On Wednesday 14 November 2001 02:33 pm, phadell wrote:
> I am having some problems in relation to speed of traffic of packages when
> using ip
Dmitriy Kropivnitskiy <[EMAIL PROTECTED]> writes:
[snip]
> > how does this stop the scanner from identifying open ports?
>
> If you actually drop packets instead of rejecting them your port scanner
> will slow down to a crawl, since it has to wait for timeout on every try.
Bzzt.
Push out lo
On Wednesday 14 November 2001 08:08 am, thomas lakofski wrote:
> On 14 Nov 2001, Tim Haynes wrote:
> > If you want to stop port-scans, use a proper firewall with DENY
> > (ipchains) or DROP (iptables) by default.
>
> how does this stop the scanner from identifying open ports?
>
If you actually dro
On Wed, Nov 14, 2001 at 05:33:28PM -0200, phadell wrote:
> I am having some problems in relation to speed of traffic of packages when
> using iptables.
>
> The problem is the following:
>
> When there is not any iptables? rules, a inner connection through FTP is less
> than 1 second long to be
* Walter D. Sessions ([EMAIL PROTECTED]) [03 09:38]:
> Can anyone enlighten me as to why openssh-2.9..(deb package) would have a
> conflict
> with (rsh-client << 0.16.0)? I can see that other packages might need
> rsh-client, but why
> would ssh not install unless rsh-client > 0.16? Isn't ssh
I am having some problems in relation to speed of traffic of packages when
using iptables.
The problem is the following:
When there is not any iptables´ rules, a inner connection through FTP is less
than 1 second long to be made.
With the rules that I did, a inner connection delay more than 7
The name was Gerastrat :)
On Wednesday 14 November 2001 02:44 am, Antropov Anton wrote:
> Hi, guys!
> I would remember one ancient story...
>
> It's name was Herodot...
>
> So let Layne to rest on his laurels...
> Don't call him in vain... :)
>
> > -Original Message-
> > From: [EMAIL PROTE
FTP is a funny protocol. Do you use masquarading? Did you use state modules
or just opened port 21? You need to have -s RELATED in order to have nice FTP.
On Wednesday 14 November 2001 02:33 pm, phadell wrote:
> I am having some problems in relation to speed of traffic of packages when
> using i
Dmitriy Kropivnitskiy <[EMAIL PROTECTED]> writes:
[snip]
> > how does this stop the scanner from identifying open ports?
>
> If you actually drop packets instead of rejecting them your port scanner
> will slow down to a crawl, since it has to wait for timeout on every try.
Bzzt.
Push out l
On Wednesday 14 November 2001 08:08 am, thomas lakofski wrote:
> On 14 Nov 2001, Tim Haynes wrote:
> > If you want to stop port-scans, use a proper firewall with DENY
> > (ipchains) or DROP (iptables) by default.
>
> how does this stop the scanner from identifying open ports?
>
If you actually dr
On Wed, Nov 14, 2001 at 05:33:28PM -0200, phadell wrote:
> I am having some problems in relation to speed of traffic of packages when
> using iptables.
>
> The problem is the following:
>
> When there is not any iptables? rules, a inner connection through FTP is less
> than 1 second long to be
* Walter D. Sessions ([EMAIL PROTECTED]) [03 09:38]:
> Can anyone enlighten me as to why openssh-2.9..(deb package) would have a conflict
> with (rsh-client << 0.16.0)? I can see that other packages might need rsh-client,
>but why
> would ssh not install unless rsh-client > 0.16? Isn't ssh a
I am having some problems in relation to speed of traffic of packages when
using iptables.
The problem is the following:
When there is not any iptables´ rules, a inner connection through FTP is less
than 1 second long to be made.
With the rules that I did, a inner connection delay more than 7
The name was Gerastrat :)
On Wednesday 14 November 2001 02:44 am, Antropov Anton wrote:
> Hi, guys!
> I would remember one ancient story...
>
> It's name was Herodot...
>
> So let Layne to rest on his laurels...
> Don't call him in vain... :)
>
> > -Original Message-
> > From: [EMAIL PROT
This might be a bit off topic...if it is, please take replies to me
directly.
Can anyone tell me if there is any reason, from a security standpoint,
that one would not want to write a publicly-available network service
in an interpreted language such as Python or Perl?
Thanks...
KEN
--
Kenn
This might be a bit off topic...if it is, please take replies to me
directly.
Can anyone tell me if there is any reason, from a security standpoint,
that one would not want to write a publicly-available network service
in an interpreted language such as Python or Perl?
Thanks...
KEN
--
Ken
thomas lakofski <[EMAIL PROTECTED]> writes:
> > I've considered it, to some extent, but in my case I figured it's best
> > just to look at snort's logs in a bit more detail before blocking
> > things left right & center.
>
> yes, familiarity with the traffic patterns you get over a few weeks is
>
On 14 Nov 2001, Tim Haynes wrote:
> > that looks pretty practical. have you considered looking at something
> > like 'guardian' http://www.chaotic.org/guardian/ to do automated response
> > to selected snort rules?
>
> I've considered it, to some extent, but in my case I figured it's best just
> t
thomas lakofski <[EMAIL PROTECTED]> writes:
[snip how I set up a box]
> > It's pretty rarely that I see any abuse that gets as far down the chain
> > as to deserve human intervention.
>
> that looks pretty practical. have you considered looking at something
> like 'guardian' http://www.chaotic.or
On 14 Nov 2001, Tim Haynes wrote:
> Personally, I go for
> a) DROP-by-default firewall with stateful filtering in iptables;
> b) such ports that are wide open (22, 80, 53/udp... whatever) are still
>behind the protection of `INVALID';
> c) such services that listen on the open ports are as sec
thomas lakofski <[EMAIL PROTECTED]> writes:
[snip, `get a good firewall']
> > > how does this stop the scanner from identifying open ports?
> >
> > Why is a port open to a scanner's IP#, if not in order to be used?
>
> good point. what we're trying to do here though is heuristically (or more
> si
On 14 Nov 2001, Tim Haynes wrote:
> thomas lakofski <[EMAIL PROTECTED]> writes:
>
> [snip]
> > snort (as you mention) good for detecting attacks on ports you must
> > provide service on -- portsentry is just the one facet but the question
> > was in re portscans.
> >
> > > If you want to stop port
thomas lakofski <[EMAIL PROTECTED]> writes:
[snip]
> snort (as you mention) good for detecting attacks on ports you must
> provide service on -- portsentry is just the one facet but the question
> was in re portscans.
>
> > If you want to stop port-scans, use a proper firewall with DENY
> > (ipch
On 14 Nov 2001, Tim Haynes wrote:
> Frying pan:
>
> If done properly... it's a risk, but one that's assessable.
i assess it to be high :)
> > if you want to stop portscans maybe portsentry would help you?
>
> Fire:
>
> If you use portsentry in dynamic mode, you're open to spoofed IP#s just as
>
On Wed, Nov 14, 2001 at 12:42:10PM +0100, Goswin Brederlow wrote:
>
> People with such old hardware are probably better of with bo or hamm
> or potato. They probably need the low-mem target too.
which are not (or will not in potato's case) be supported with
security updates.
--
Ethan Benson
htt
thomas lakofski <[EMAIL PROTECTED]> writes:
> On Tue, 13 Nov 2001, phadell wrote:
>
> > I would like to do a rule that mirror the packets that incoming from a
> > portscanner. The rule must return the packets to the source. If anyone
> > scan my machine ports, the result will be the list of sourc
On Tue, 13 Nov 2001, phadell wrote:
> I would like to do a rule that mirror the packets that incoming from a
> portscanner.
> The rule must return the packets to the source. If anyone scan my machine
> ports, the result will be the list of source address open ports.
this will enable an attacker
thomas lakofski <[EMAIL PROTECTED]> writes:
> > I've considered it, to some extent, but in my case I figured it's best
> > just to look at snort's logs in a bit more detail before blocking
> > things left right & center.
>
> yes, familiarity with the traffic patterns you get over a few weeks is
On 14 Nov 2001, Tim Haynes wrote:
> > that looks pretty practical. have you considered looking at something
> > like 'guardian' http://www.chaotic.org/guardian/ to do automated response
> > to selected snort rules?
>
> I've considered it, to some extent, but in my case I figured it's best just
>
thomas lakofski <[EMAIL PROTECTED]> writes:
[snip how I set up a box]
> > It's pretty rarely that I see any abuse that gets as far down the chain
> > as to deserve human intervention.
>
> that looks pretty practical. have you considered looking at something
> like 'guardian' http://www.chaotic.o
Jørgen Hermanrud Fjeld <[EMAIL PROTECTED]> writes:
> Hi.
> Although it might sound stupid, my question is:
> Will there ever come a time when making 1220 boot floppies with 2.4.x kernel
> will be doable?
> If I assume that it's the kernel size that makes it difficult, then it
> doesn't matter we
On 14 Nov 2001, Tim Haynes wrote:
> Personally, I go for
> a) DROP-by-default firewall with stateful filtering in iptables;
> b) such ports that are wide open (22, 80, 53/udp... whatever) are still
>behind the protection of `INVALID';
> c) such services that listen on the open ports are as se
thomas lakofski <[EMAIL PROTECTED]> writes:
[snip, `get a good firewall']
> > > how does this stop the scanner from identifying open ports?
> >
> > Why is a port open to a scanner's IP#, if not in order to be used?
>
> good point. what we're trying to do here though is heuristically (or more
> s
On 14 Nov 2001, Tim Haynes wrote:
> thomas lakofski <[EMAIL PROTECTED]> writes:
>
> [snip]
> > snort (as you mention) good for detecting attacks on ports you must
> > provide service on -- portsentry is just the one facet but the question
> > was in re portscans.
> >
> > > If you want to stop por
thomas lakofski <[EMAIL PROTECTED]> writes:
[snip]
> snort (as you mention) good for detecting attacks on ports you must
> provide service on -- portsentry is just the one facet but the question
> was in re portscans.
>
> > If you want to stop port-scans, use a proper firewall with DENY
> > (ipc
On 14 Nov 2001, Tim Haynes wrote:
> Frying pan:
>
> If done properly... it's a risk, but one that's assessable.
i assess it to be high :)
> > if you want to stop portscans maybe portsentry would help you?
>
> Fire:
>
> If you use portsentry in dynamic mode, you're open to spoofed IP#s just as
>
On Wed, Nov 14, 2001 at 12:42:10PM +0100, Goswin Brederlow wrote:
>
> People with such old hardware are probably better of with bo or hamm
> or potato. They probably need the low-mem target too.
which are not (or will not in potato's case) be supported with
security updates.
--
Ethan Benson
ht
thomas lakofski <[EMAIL PROTECTED]> writes:
> On Tue, 13 Nov 2001, phadell wrote:
>
> > I would like to do a rule that mirror the packets that incoming from a
> > portscanner. The rule must return the packets to the source. If anyone
> > scan my machine ports, the result will be the list of sour
On Tue, Nov 13, 2001 at 02:06:56AM -0200, phadell wrote:
> hello there,
>
> I would like to do a rule that mirror the packets that incoming from a
> portscanner.
> The rule must return the packets to the source. If anyone scan my machine
> ports, the result will be the list of source address o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi.
Although it might sound stupid, my question is:
Will there ever come a time when making 1220 boot floppies with 2.4.x kernel
will be doable?
If I assume that it's the kernel size that makes it difficult, then it
doesn't matter wether we use boot-
On Tue, 13 Nov 2001, phadell wrote:
> I would like to do a rule that mirror the packets that incoming from a
> portscanner.
> The rule must return the packets to the source. If anyone scan my machine
> ports, the result will be the list of source address open ports.
this will enable an attacker
Jørgen Hermanrud Fjeld <[EMAIL PROTECTED]> writes:
> Hi.
> Although it might sound stupid, my question is:
> Will there ever come a time when making 1220 boot floppies with 2.4.x kernel
> will be doable?
> If I assume that it's the kernel size that makes it difficult, then it
> doesn't matter w
On Tue, Nov 13, 2001 at 02:06:56AM -0200, phadell wrote:
> hello there,
>
> I would like to do a rule that mirror the packets that incoming from a
> portscanner.
> The rule must return the packets to the source. If anyone scan my machine
> ports, the result will be the list of source address
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi.
Although it might sound stupid, my question is:
Will there ever come a time when making 1220 boot floppies with 2.4.x kernel
will be doable?
If I assume that it's the kernel size that makes it difficult, then it
doesn't matter wether we use boot
Hi, guys!
I would remember one ancient story...
It's name was Herodot...
So let Layne to rest on his laurels...
Don't call him in vain... :)
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED] Behalf Of Christian Haugan Toldnes
> Sent: Wednesday, November 14, 2001
Dmitriy Kropivnitskiy <[EMAIL PROTECTED]> writes:
> I have just found a residiual page in the google cache. It shows that Layne (
> remember the rude guy from september was subscribed to a whole bunch of mls
> most of them debian related )
> http://www.google.com/search?q=cache:SPW2_7zBmf8:justi
55 matches
Mail list logo