So I've opened perms up to 644 again, but this seems the wrong thing
to do. I realise I was only gaining a minor layer of
security-thru-obscurity, but every little helps - surely we don't
want this file to be world-readable ?
I note from inetd.conf that in.telnetd runs as uid.gid
Ivo Timmermans, 2002-Aug-28 07:57 +0200:
Jeff wrote:
I've decided to learn how to setup an encrypted filesystem using the
cryptoloop method and I'm having troubles getting my kernal source
patched correctly. I've read the Loopback Encrypted Filesystem
HOWTO, but it's outdated. Here are
Hi Peter.
Peter Cordes wrote:
[tarpit for attacking worms]
I remember hearing about people doing exactly that. Maybe it was mentioned
on /. or the local LUG mailing list (http://nslug.ns.ca/).
Sounds interesting. The LUG website is unreachable at the moment, but I
will dig the slashdot
FTP server on security.debian.org down?
[EMAIL PROTECTED] ~] date -u
Thu Aug 29 18:32:02 UTC 2002
[EMAIL PROTECTED] ~] ftp security.debian.org
ftp: connect: Connection refused
ftp quit
[EMAIL PROTECTED] ~] ping security.debian.org
PING security.debian.org (130.89.175.34): 56 data bytes
64 bytes
Paul Haesler écrivait :
FTP server on security.debian.org down?
proxy:~# lftp 130.89.175.34
lftp 130.89.175.34:~ ls
drwxrwxr-x6 1176 802 4096 Apr 23 18:59 debian-non-US
[...]
It's working from Vietnam...
May be some filter in your network?
J.C.
Yep - back up now. Must have hit it at a bad time. :)
It's working from Vietnam...
May be some filter in your network?
--
Paul Haesler[EMAIL PROTECTED]
Neutrons are wormholes. And if Blanca's dead
clone was right, the Transmuters had all the
degrees of
* Quoting Jones, Steven ([EMAIL PROTECTED]):
Ive found port sentry really good for detecting port scans and then routeing
the return packets to no where.
That makes you open to DoS-Attacks. Someone could
scan you with spoofed source-IP and disconnect
your box. A tarpit is a much better aproach
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
If you use Iptables and you block spoofed addresses with Iptables,
will that stop the spoofing in their tracks, therefore decreasing the
chance of a DOS?
Sincerely,
Daniel J. Rychlik
Money does not make the world go round , Gravity does .
-
On Thu, Aug 29, 2002 at 05:47:10AM -0500, Daniel J. Rychlik wrote:
If you use Iptables and you block spoofed addresses with Iptables,
will that stop the spoofing in their tracks, therefore decreasing the
chance of a DOS?
Not necessarily. You can stop blind spoofing attacks where
ip's
On Thu, Aug 29, 2002 at 05:47:10AM -0500, Daniel J. Rychlik wrote:
If you use Iptables and you block spoofed addresses with Iptables,
will that stop the spoofing in their tracks, therefore decreasing the
chance of a DOS?
No. For example, let's say someone manages to spoof mailout.aol.com
Jamie Heilman wrote:
Can I change this around a bit to achieve my goal - maybe make a new
group called foo (say) and give that gid to in.telnetd and
hosts.allow ... ?
Obscuring your libwrap/tcpd configuration from your local users, at the
expense of allowing services to run as seperate,
On Wed, Aug 28, 2002 at 11:49:36AM +0200, Michael Renzmann wrote:
I'll add another one to that: I started using syslogd-sql, which is a
modified version of the syslog 1.4.1 that also allows logging to a
MySQL database. I hope it is a step in the right direction to use
advances SQL queries
On Thursday, 29 August 2002, at 16:57:09 +0100,
Dale Amon wrote:
I'll add another one to that: I started using syslogd-sql, which is a
modified version of the syslog 1.4.1 that also allows logging to a
MySQL database. I hope it is a step in the right direction to use
advances SQL
Try running
apt-get -u dselect-upgrade
and see if apt wants to install or remove anything else.
-Original Message-
From: Siegbert Baude [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 28, 2002 9:34 AM
To: 'Debian Security'
Subject: Re: [SECURITY] [DSA 159-1] New Python packages
Pedro Diaz Jimenez, 2002-Aug-28 01:25 +0200:
-BEGIN PGP SIGNED MESSAGE-
If all you want is file system encryption you can try the loop-AES patch
http://loop-aes.sourceforge.net/
I used it for a long time on my laptop and it's been perfectly usable
(stable, fast to some excent,
On Wed, 28 Aug 2002 21:03:53 -0700, Jamie Heilman wrote:
Can I change this around a bit to achieve my goal - maybe make a new
group called foo (say) and give that gid to in.telnetd and
hosts.allow ... ?
Obscuring your libwrap/tcpd configuration from your local users, at
the expense of
On Thu, 29 Aug 2002 08:37:15 -0600 (MDT), Joe Moore wrote:
Another option would be to create a group, for example called tcpwrap.
Add
tcpwrap:x:150:telnetd, sshd, irc, identd
(This list is based on the users in /etc/passwd which appear to be for
services that would benefit from tcpwrap. Adjust
18 matches
Mail list logo
