Open Ports

2002-10-17 Thread Zeno Davatz
Hi I got two open Ports on my Debian-Server and I do not know what they are standing for: Open Port: 56851 Open Port: 57216 Any help or hint is greatly appreciated. Zeno -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]

Re: Open Ports

2002-10-17 Thread Cristi Banciu
On Thu, 2002-10-17 at 11:30, Zeno Davatz wrote: Hi I got two open Ports on my Debian-Server and I do not know what they are standing for: Open Port: 56851 Open Port: 57216 try lsof -i | grep 56851 it could help u see what application is listening on that port -- To

Re: Open Ports

2002-10-17 Thread Zeno Davatz
On 17.10.2002 10:56 Uhr, Cristi Banciu [EMAIL PROTECTED] wrote: try lsof -i | grep 56851 it could help u see what application is listening on that port Thanks for your help. I get: ywesee@debian:/etc/tinydns/root sudo lsof -i | grep 56851 Password: httpd 2495 root3u IPv4 630910

Re: Open Ports

2002-10-17 Thread Cristi Banciu
On Thu, 2002-10-17 at 11:53, Zeno Davatz wrote: On 17.10.2002 10:56 Uhr, Cristi Banciu [EMAIL PROTECTED] wrote: try lsof -i | grep 56851 it could help u see what application is listening on that port Thanks for your help. I get: ywesee@debian:/etc/tinydns/root sudo lsof -i | grep

Re: Open Ports

2002-10-17 Thread vdongen
I got two open Ports on my Debian-Server and I do not know what they are standing for: Open Port: 56851 Open Port: 57216 try lsof -i | grep 56851 it could help u see what application is listening on that port also netstat -anp as root will tell you what process is

Re: Open Ports

2002-10-17 Thread Cristi Banciu
On Thu, 2002-10-17 at 13:13, Zeno Davatz wrote: Yes - I think you are right. So that is nothing bad? Obviously Ruby needs to open that port if it wants to communicate with Apache. I don't know i something is bad or good on your machine. Only u should know what apps are running on your machine

Re: Security problem with slapd/slurpd?

2002-10-17 Thread Javier Fernández-Sanguino Peña
On Wed, Oct 16, 2002 at 11:08:11AM +0200, Massimiliano Mirra wrote: Am I missing something or should a bug be filed? I would say a bug needs to be fixed (based on your account of the issue :) Let the maintainer/security team, take a further look into this.. Javi -- To

Re: Verifying email signature

2002-10-17 Thread David
On Wed, Oct 16, 2002 at 09:02:58PM +0100, Karl E. Jorgensen wrote: On Wed, Oct 16, 2002 at 11:59:44AM -0500, David wrote: In an attempt to learn more about the workings of gpg, I've been trying to verify emails from the command line. When I try to verify a saved message - one which has

Re: Open Ports

2002-10-17 Thread Zeno Davatz
On 17.10.2002 11:59 Uhr, Cristi Banciu [EMAIL PROTECTED] wrote: On Thu, 2002-10-17 at 11:53, Zeno Davatz wrote: On 17.10.2002 10:56 Uhr, Cristi Banciu [EMAIL PROTECTED] wrote: try lsof -i | grep 56851 it could help u see what application is listening on that port Thanks for your help. I

Re: apache and postgresql in woody still have a security problem?

2002-10-17 Thread Matt Zimmerman
On Tue, Oct 15, 2002 at 08:13:15PM +0200, Noel Koethe wrote: is it correct that apache and postgresql are still waiting for a DSA fix? see: postgresql #155419 This was fixed a month ago: http://www.debian.org/security/2002/dsa-165 and #163311 Hmm...I was not aware that the VACUUM bug

Re: grsecurity patch (woody kernel 2.4.18)

2002-10-17 Thread WebMaster
hi John, thanks for your answers :-) can i safely apply the grsecurity patch? Yes. It does nothing by default. is it true too with an apt-get install? Ivan Rambeau FranceOnLine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe.

Re: port 16001 and 111

2002-10-17 Thread Jussi Ekholm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Grape [EMAIL PROTECTED] wrote: 15 Oct 2002, Jussi Ekholm wrote: Still, the connection attempt from localhost to port 111 puzzles me... Of the top of my head: Do you have any nfs services running on the machine? I seem to remember sunrpc

Re: port 16001 and 111

2002-10-17 Thread Jussi Ekholm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Olaf Dietsche olaf.dietsche#[EMAIL PROTECTED] wrote: Jussi Ekholm [EMAIL PROTECTED] writes: So, what would try to connect to my system's port 16001 and 111 from within my own system? Should I be concerned? Should I expect the worst? Any insight

Re: Security problem with slapd/slurpd?

2002-10-17 Thread Matt Zimmerman
On Wed, Oct 16, 2002 at 11:08:11AM +0200, Massimiliano Mirra wrote: When slapd (LDAP server daemon) is configured to replicate itself to another server, on each addition/modification to the directory it will store the changes to be replicated in /var/lib/ldap/replog. This directory is world

Re: Security problem with slapd/slurpd?

2002-10-17 Thread Torsten Landschoff
Hi Massimiliano, Matt, On Thu, Oct 17, 2002 at 11:15:31AM -0400, Matt Zimmerman wrote: When slapd (LDAP server daemon) is configured to replicate itself to another server, on each addition/modification to the directory it will store the changes to be replicated in /var/lib/ldap/replog.

Re: ABfrag/ac1db1tch3z Kernel Exploit ?

2002-10-17 Thread Orlando
Not sure if this is real. He's using a hushmail account to post to the lists which is somewhat suspicious. He claims to have attached the binary but no one seems to have a copy of it. Some co-workers and other people have asked for a copy of it without success. I woudln't be too surprised if

Re: port 16001 and 111

2002-10-17 Thread Noah L. Meyerhans
On Thu, Oct 17, 2002 at 07:15:08PM +0300, Jussi Ekholm wrote: The same answer as a luser and as a root. What should I deduct from this? It's just so weird as I'm not running NFS, NIS or any other thingie that should use this port... What do you get from: netstat -ntlp | grep 16001 --

grsecurity patch (woody kernel 2.4.18)

2002-10-17 Thread WebMaster
hello, can i safely apply the grsecurity patch? if this patch make servers more secure just by apply it (without acl), why isn it applied by default? thanks in advance for your answers ;-) Ivan Rambeau FranceOnLine

Re: grsecurity patch (woody kernel 2.4.18)

2002-10-17 Thread John Morton
On Thu, 17 Oct 2002 17:53, WebMaster wrote: hello, can i safely apply the grsecurity patch? Yes. It does nothing by default. The patch version in woody has a build bug, so you'll have to hit it with a stick first: -8 The problem is in

Open Ports

2002-10-17 Thread Zeno Davatz
Hi I got two open Ports on my Debian-Server and I do not know what they are standing for: Open Port: 56851 Open Port: 57216 Any help or hint is greatly appreciated. Zeno

Re: Open Ports

2002-10-17 Thread Cristi Banciu
On Thu, 2002-10-17 at 11:30, Zeno Davatz wrote: Hi I got two open Ports on my Debian-Server and I do not know what they are standing for: Open Port: 56851 Open Port: 57216 try lsof -i | grep 56851 it could help u see what application is listening on that port

Re: Open Ports

2002-10-17 Thread Zeno Davatz
On 17.10.2002 10:56 Uhr, Cristi Banciu [EMAIL PROTECTED] wrote: try lsof -i | grep 56851 it could help u see what application is listening on that port Thanks for your help. I get: [EMAIL PROTECTED]:/etc/tinydns/root sudo lsof -i | grep 56851 Password: httpd 2495 root3u IPv4

Re: Open Ports

2002-10-17 Thread Cristi Banciu
On Thu, 2002-10-17 at 11:53, Zeno Davatz wrote: On 17.10.2002 10:56 Uhr, Cristi Banciu [EMAIL PROTECTED] wrote: try lsof -i | grep 56851 it could help u see what application is listening on that port Thanks for your help. I get: [EMAIL PROTECTED]:/etc/tinydns/root sudo lsof -i | grep

Re: Open Ports

2002-10-17 Thread vdongen
I got two open Ports on my Debian-Server and I do not know what they are standing for: Open Port: 56851 Open Port: 57216 try lsof -i | grep 56851 it could help u see what application is listening on that port also netstat -anp as root will tell you what process is

Re: Open Ports

2002-10-17 Thread Zeno Davatz
On 17.10.2002 11:59 Uhr, Cristi Banciu [EMAIL PROTECTED] wrote: On Thu, 2002-10-17 at 11:53, Zeno Davatz wrote: On 17.10.2002 10:56 Uhr, Cristi Banciu [EMAIL PROTECTED] wrote: try lsof -i | grep 56851 it could help u see what application is listening on that port Thanks for your help. I

Re: Open Ports

2002-10-17 Thread Cristi Banciu
On Thu, 2002-10-17 at 13:13, Zeno Davatz wrote: Yes - I think you are right. So that is nothing bad? Obviously Ruby needs to open that port if it wants to communicate with Apache. I don't know i something is bad or good on your machine. Only u should know what apps are running on your machine

Re: Security problem with slapd/slurpd?

2002-10-17 Thread Javier Fernández-Sanguino Peña
On Wed, Oct 16, 2002 at 11:08:11AM +0200, Massimiliano Mirra wrote: Am I missing something or should a bug be filed? I would say a bug needs to be fixed (based on your account of the issue :) Let the maintainer/security team, take a further look into this.. Javi

Re: Verifying email signature

2002-10-17 Thread David
On Wed, Oct 16, 2002 at 09:02:58PM +0100, Karl E. Jorgensen wrote: On Wed, Oct 16, 2002 at 11:59:44AM -0500, David wrote: In an attempt to learn more about the workings of gpg, I've been trying to verify emails from the command line. When I try to verify a saved message - one which has

Re: apache and postgresql in woody still have a security problem?

2002-10-17 Thread Matt Zimmerman
On Tue, Oct 15, 2002 at 08:13:15PM +0200, Noel Koethe wrote: is it correct that apache and postgresql are still waiting for a DSA fix? see: postgresql #155419 This was fixed a month ago: http://www.debian.org/security/2002/dsa-165 and #163311 Hmm...I was not aware that the VACUUM bug

Re: Security problem with slapd/slurpd?

2002-10-17 Thread Matt Zimmerman
On Wed, Oct 16, 2002 at 11:08:11AM +0200, Massimiliano Mirra wrote: When slapd (LDAP server daemon) is configured to replicate itself to another server, on each addition/modification to the directory it will store the changes to be replicated in /var/lib/ldap/replog. This directory is world

Re: grsecurity patch (woody kernel 2.4.18)

2002-10-17 Thread WebMaster
hi John, thanks for your answers :-) can i safely apply the grsecurity patch? Yes. It does nothing by default. is it true too with an apt-get install? Ivan Rambeau FranceOnLine

Re: port 16001 and 111

2002-10-17 Thread Jussi Ekholm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Martin Grape [EMAIL PROTECTED] wrote: 15 Oct 2002, Jussi Ekholm wrote: Still, the connection attempt from localhost to port 111 puzzles me... Of the top of my head: Do you have any nfs services running on the machine? I seem to remember sunrpc

Re: port 16001 and 111

2002-10-17 Thread Jussi Ekholm
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Olaf Dietsche [EMAIL PROTECTED] wrote: Jussi Ekholm [EMAIL PROTECTED] writes: So, what would try to connect to my system's port 16001 and 111 from within my own system? Should I be concerned? Should I expect the worst? Any insight on this issue

Re: port 16001 and 111

2002-10-17 Thread Noah L. Meyerhans
On Thu, Oct 17, 2002 at 07:15:08PM +0300, Jussi Ekholm wrote: The same answer as a luser and as a root. What should I deduct from this? It's just so weird as I'm not running NFS, NIS or any other thingie that should use this port... What do you get from: netstat -ntlp | grep 16001 --

Re: ABfrag/ac1db1tch3z Kernel Exploit ?

2002-10-17 Thread Dragan Cvetkovic
Stephan Schmieder [EMAIL PROTECTED] writes: Hello, I`ve just read an article at linuxsecurity.com regrading the ABfrag exploit. http://www.linuxsecurity.com/articles/intrusion_detection_article-5933.html Does anyone know something about that one? I find this part both intersting and

Re: Security problem with slapd/slurpd?

2002-10-17 Thread Torsten Landschoff
Hi Massimiliano, Matt, On Thu, Oct 17, 2002 at 11:15:31AM -0400, Matt Zimmerman wrote: When slapd (LDAP server daemon) is configured to replicate itself to another server, on each addition/modification to the directory it will store the changes to be replicated in /var/lib/ldap/replog.

Re: ABfrag/ac1db1tch3z Kernel Exploit ?

2002-10-17 Thread Orlando
Not sure if this is real. He's using a hushmail account to post to the lists which is somewhat suspicious. He claims to have attached the binary but no one seems to have a copy of it. Some co-workers and other people have asked for a copy of it without success. I woudln't be too surprised if