phadell wrote on Nov 15 at 02:44 :
I think I was not so clear. Sorry, but my english is poor.
I'll try to explain better.
my policy is drop all INPUT, OUTPUT and FORWARD.
So, I must to open all the services that I'm using, that are:
ssh, ftp, ftp-data, smtp, pop3, http, https
In all
On Thu, Nov 15, 2001 at 11:31:15AM +0100, Boris Bierwald wrote:
I would assume that your DROP default policy causes the delay. At least
most smtp- and ftp-servers will send an ident query back to your host
if you try to connect to them. If you simply ignore the queries, those
servers will
This is fairly strange, since scanning ports 20-25 + OS fingerprint should
have generated something like... 20-25 messages. My IDS tends to accumulate
that amount of scans/exploits/other crap in about 2-3 hours. Your firewall
must be invisible or something because when I say IDS I mean it is
martin f krafft wrote:
* Craig Dickson [EMAIL PROTECTED] [2001.11.15 10:28:33-0800]:
Also note that root owns sendmail, or whatever MTA you're using. If he
really wants to read your mail, it would be much easier for him to do it
by configuring the MTA to silently copy him on all your
When writing a new mail which I intend to encrypt via gpg, mutt
creates a tmp file (normaly unter /tmp/.mutt*) which it uses to
'comunicate' with Vim.
Or emacs, or whatever editor you prefer, yes.
This file lasts as long the vim-session is
running. Vim then saves the changes to the
* Bryan Andersen [EMAIL PROTECTED] [2001.11.15 12:51:01-0600]:
B... Wrong.
If you don't trust root, your hosed. Root can change the app so he
has your keys... Root can also change the tty drivers so they are
all silently logged. There is no way to secure it fully unless you
On Don, 15 Nov 2001, Moritz Schulte wrote:
Florian Bantner [EMAIL PROTECTED] writes:
Second and more important: When a file is created on disk it
occupies physikal space on the disk. When its deleted again, the
space is in no way 'cleaned', but stays on the disk until it is
Florian Bantner wrote:
Hmm, have you considered ramdisks?
That's the idea I was looking for. Heard also today of the
possibility to encrypt whole filessystems. In the moment I'm
thinking about that. A combination was nice. When I'm right this
would make it even for root hard to do
As has been said many times, many ways, once "root" is compromised, all
bets are off. Also, the only computer that isn't vulnerable is the one
that isn't connected to a network, and can't be physically touched.
Did anyone else see that awful Wesley Snipes movie, where he plays a
black-bag (pun in
Hi Craig,
Sorry to pick on your response, it was only one of many that said
basically the same thing.
On Thu, 15 Nov 2001 10:52:35 PST, Craig Dickson writes:
[...] Even if those keys
are encrypted and require the user to enter a passphrase every time
they're used, root can get the passphrase
Wade Richards wrote:
I still say the bottom line is, if you don't trust root, don't use his
machine.
This is the sort of absolutist nonsense that gives security experts a
bad name. After all, anyone armed with a chainsaw can cut through a
solid oak door in a matter of hours, so why
On Fre, 16 Nov 2001, Howland, Curtis wrote:
As has been said many times, many ways, once root is compromised, all
bets are off. Also, the only computer that isn't vulnerable is the one
that isn't connected to a network, and can't be physically touched.
Did anyone else see that awful Wesley
On Thu, Nov 15, 2001 at 10:17:39PM -0800, Wade Richards wrote:
[snip]
Some security is better than no security. More security is
better than less security. If you find a security flaw in a
system, you should try to fix that flaw, even if the system is
not otherwise perfect.
[snip]
Also,
On Thu, Nov 15, 2001 at 11:09:41PM -0800, Craig Dickson wrote:
Wade Richards wrote:
I still say the bottom line is, if you don't trust root, don't use his
machine.
This is the sort of absolutist nonsense that gives security experts a
bad name. After all, anyone armed with a chainsaw can
Ethan Benson [EMAIL PROTECTED] writes:
On Wed, Nov 14, 2001 at 12:42:10PM +0100, Goswin Brederlow wrote:
People with such old hardware are probably better of with bo or hamm
or potato. They probably need the low-mem target too.
which are not (or will not in potato's case) be supported
Packages: linux-ftpd_0.11-8potato.2, linux-ftpd_0.17-8
since the inclusion of PAM support in this package, when used with -l*
command line option, syslog(3) uses the facility LOG_AUTH (setup by PAM)
instead of LOG_FTP (setup by ftpd and as stated in the man page).
i've looked at the code and
Ethan Benson [EMAIL PROTECTED] writes:
On Wed, Nov 14, 2001 at 12:42:10PM +0100, Goswin Brederlow wrote:
People with such old hardware are probably better of with bo or hamm
or potato. They probably need the low-mem target too.
which are not (or will not in potato's case) be supported
phadell wrote on Nov 15 at 02:44 :
I think I was not so clear. Sorry, but my english is poor.
I'll try to explain better.
my policy is drop all INPUT, OUTPUT and FORWARD.
So, I must to open all the services that I'm using, that are:
ssh, ftp, ftp-data, smtp, pop3, http, https
In all
On Thu, Nov 15, 2001 at 11:31:15AM +0100, Boris Bierwald wrote:
I would assume that your DROP default policy causes the delay. At least
most smtp- and ftp-servers will send an ident query back to your host
if you try to connect to them. If you simply ignore the queries, those
servers will wait
This is fairly strange, since scanning ports 20-25 + OS fingerprint should
have generated something like... 20-25 messages. My IDS tends to accumulate
that amount of scans/exploits/other crap in about 2-3 hours. Your firewall
must be invisible or something because when I say IDS I mean it is
The proper english spelling is Herostratus
On Wednesday 14 November 2001 01:59 pm, Dmitriy Kropivnitskiy wrote:
The name was Gerastrat :)
debian-user@lists.debian.org is the right list for such questions.
Please use it in the future.
[EMAIL PROTECTED] writes:
After installing Apache-SSL, Do I have to make additional java
source code to operate server or Do I have to do Something else?
Otherwise, Does just installing Apach-SSL
Hi,
I am recently busy with email-security. I'm using Mutt and GnuPG
which works greate for me. But one point did attract my attention:
When writing a new mail which I intend to encrypt via gpg, mutt
creates a tmp file (normaly unter /tmp/.mutt*) which it uses to
'comunicate' with Vim. This file
Florian Bantner wrote:
I am recently busy with email-security. I'm using Mutt and GnuPG
which works greate for me. But one point did attract my attention:
When writing a new mail which I intend to encrypt via gpg, mutt
creates a tmp file (normaly unter /tmp/.mutt*) which it uses to
* Craig Dickson [EMAIL PROTECTED] [2001.11.15 10:28:33-0800]:
Also note that root owns sendmail, or whatever MTA you're using. If he
really wants to read your mail, it would be much easier for him to do it
by configuring the MTA to silently copy him on all your messages, so all
this concern
if it's to unsecure u have 2 ways:
- choose another emailprogramm where u don't know the risk that root can read
the mails
- write them direct on ur smtp server ...
btw: root of ur mailserver can read ur incoming mails too !
// jens
martin f krafft wrote:
* Craig Dickson [EMAIL PROTECTED] [2001.11.15 10:28:33-0800]:
Also note that root owns sendmail, or whatever MTA you're using. If he
really wants to read your mail, it would be much easier for him to do it
by configuring the MTA to silently copy him on all your
martin f krafft wrote:
* Craig Dickson [EMAIL PROTECTED] [2001.11.15 10:28:33-0800]:
Also note that root owns sendmail, or whatever MTA you're using. If he
really wants to read your mail, it would be much easier for him to do it
by configuring the MTA to silently copy him on all your
When writing a new mail which I intend to encrypt via gpg, mutt
creates a tmp file (normaly unter /tmp/.mutt*) which it uses to
'comunicate' with Vim.
Or emacs, or whatever editor you prefer, yes.
This file lasts as long the vim-session is
running. Vim then saves the changes to the
* Bryan Andersen [EMAIL PROTECTED] [2001.11.15 12:51:01-0600]:
B... Wrong.
If you don't trust root, your hosed. Root can change the app so he
has your keys... Root can also change the tty drivers so they are
all silently logged. There is no way to secure it fully unless you
type
* vdongen [EMAIL PROTECTED] [2001.11.15 19:30:35+0100]:
accualy, root can also read you gpg key.
so a simple copy of you mail and a gpg decoding using your key would be
much easyer
except there is a passphrase! which can be obtained with a hacked
version of mutt or gpg, obviously...
root is
Florian Bantner [EMAIL PROTECTED] writes:
Second and more important: When a file is created on disk it
occupies physikal space on the disk. When its deleted again, the
space is in no way 'cleaned', but stays on the disk until it is
accidentaly overwritten.
With 'cleaned' you mean that the
On Don, 15 Nov 2001, Moritz Schulte wrote:
Florian Bantner [EMAIL PROTECTED] writes:
Second and more important: When a file is created on disk it
occupies physikal space on the disk. When its deleted again, the
space is in no way 'cleaned', but stays on the disk until it is
accidentaly
Florian Bantner wrote:
Hmm, have you considered ramdisks?
That's the idea I was looking for. Heard also today of the
possibility to encrypt whole filessystems. In the moment I'm
thinking about that. A combination was nice. When I'm right this
would make it even for root hard to do
As has been said many times, many ways, once root is compromised, all
bets are off. Also, the only computer that isn't vulnerable is the one
that isn't connected to a network, and can't be physically touched.
Did anyone else see that awful Wesley Snipes movie, where he plays a
black-bag (pun in
35 matches
Mail list logo
