Thanx for the input everybody, I think that from now on I will at least
recommend to my clients about using ldap instead.
Bye
--
Haim
On Wed, 19 Mar 2003 21:21:42 +, [EMAIL PROTECTED] wrote:
> On Wed, Mar 19, 2003 at 09:45:48PM +0100, Janus N. T?ndering wrote:
> > This should be more than enough. I have been running a mailserver on a
> > Pentium 133MHz 96 RAM + SCSI for a few years. It can handle quite a lot
> > mail --- ne
Hi
After reading the responses for my email about NIS security, I was convinced
that it's time to learn about ldap w/kerberos. In the ldap-howto's I've read
there were references to kerberos by MIT and hemidal. looking in my aptitude
list I saw a lot of packages with different versions of kerbe
On Thu, Mar 20, 2003 at 10:31:12AM +0100, I.R. van Dongen wrote:
> I hope that machine has scsi disks like my gateway (120MB & 1GB) since with
> that low on ram your machine is always swapping. That's usually no problem,
> but IDE disks tend to wear out fast when used 24/7. With more RAM (32-40M)
Quoting Haim Ashkenazi ([EMAIL PROTECTED]):
> After reading the responses for my email about NIS security, I was
> convinced that it's time to learn about ldap w/kerberos. In the
> ldap-howto's I've read there were references to kerberos by MIT and
> hemidal. looking in my aptitude list I saw a lo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 20 March 2003 06:26, Hanasaki JiJi wrote:
> been trying to get the following to work for sometime input is most
> appreciated
>
>
> internet <=25= firewall iptablerule =port#x=> internalSMTPhost
>
> how can the firewall be told to:
>
On Wed, Mar 19, 2003 at 11:26:10PM -0600, Hanasaki JiJi wrote:
> been trying to get the following to work for sometime input is most
> appreciated
>
>
> internet <=25= firewall iptablerule =port#x=> internalSMTPhost
>
> how can the firewall be told to:
> take all incoming tcp port 25
On Wed, 19 Mar 2003, Victor Calzado Mayo wrote:
> > internet <=25= firewall iptablerule =port#x=> internalSMTPhost
> >
> > how can the firewall be told to:
> > take all incoming tcp port 25 traffic and send it to
> > smtp host on port X
> iptables -t nat -A PREROUTING -p tcp --dport 25 -
* Quoting I.R. van Dongen ([EMAIL PROTECTED]):
>
> On Wed, 19 Mar 2003 21:21:42 +, [EMAIL PROTECTED] wrote:
>
> > On Wed, Mar 19, 2003 at 09:45:48PM +0100, Janus N. T?ndering wrote:
> > > This should be more than enough. I have been running a mailserver on a
> > > Pentium 133MHz 96 RAM + SCS
On Thu, Mar 20, 2003 at 01:53:07PM +0100, Rolf Kutz wrote:
> How is that, since IDE and SCSI-Disks are having
> the same mechanics?
For one, the old IDE's tended to be more cheaply made.
He is right in that: for customer machines in that
era I always insisted on SCSI hard drives for speed
and rel
> "Jones" == Jones <[EMAIL PROTECTED]> writes:
Jones> I am planning to replace a (dead) Windows 2000 computer
Jones> that was used as a web server and email server with a
Jones> Debian Linux solution. This machine is connected to the
Jones> net via DSL and would run apache an
On Wed, 2003-03-19 at 23:01, Stefan Neufeind wrote:
> What I find astonishing: Let's say you are running a webserver, maybe
> mailserver and a DNS on a server. What rules do you want to apply to
> the packets etc.?
I guess plain iptables should be enough for single PC or SOHO network -
you can d
On Thu, Mar 20, 2003 at 12:18:23PM +0200, Haim Ashkenazi wrote:
> After reading the responses for my email about NIS security, I was
> convinced that it's time to learn about ldap w/kerberos. In the
> ldap-howto's I've read there were references to kerberos by MIT and
> hemidal. looking in my aptit
FYI, temprorary fix is to set /proc/sys/kernel/modprobe to something
bogus.
--
"Real men don't take backups. They put their source on a public FTP-server
and let the world mirror it." -- Linus Torvalds
--- Begin Message ---
Hello
There are many discussions (on slashdot for example) on the recen
what package can i research for a store/foward server?
I thought the secure way was not to run anything like that on a
firewall? That is why I am moving this group's exim off the firewall.
Lars Ellenberg wrote:
On Wed, Mar 19, 2003 at 11:26:10PM -0600, Hanasaki JiJi wrote:
been trying to get
On Wednesday 19 March 2003 01:07 pm, Ian Garrison wrote:
>Imo iptables is a reasonably good stateful firewall and is fine in most
> cases. However, a very wise person once said that the ideal setup is to
> layer more than one implementation of packet filter and firewall between
> the wild and
Title: This is a one
This is a one-time email from Ron Korkut ([EMAIL PROTECTED]) to inform you
about the following LEGAL SCAM perpetrated under the supervision of the Attorney
General of British Columbia. For further information please visit
www.integriti.org and subscribe to the Integri
Definately true, and worth mentioning. There is also the point that
several of the punier devices that one might thrust into the horde of
angry packets might have crummy stacks or be vulnerable to the silliest of
things (especially in the case of consumer grade equipment). If the
hardware is a
* Hanasaki JiJi <[EMAIL PROTECTED]> [20030320 09:55 PST]:
> Lars Ellenberg wrote:
> >but to me it seems more appropriate to use a simple store and forward
> >smtp deamon on the firewall.
> what package can i research for a store/foward server?
>
> I thought the secu
* Adrian 'Dagurashibanipal' von Bidder <[EMAIL PROTECTED]> [20030320 06:39 PST]:
> Set it up to block everything and then selectively open ports until
> everything works as desired. Depending on the applications it may be a
> good idea to REJECT auth (identd) packets
I will like to add, as a paranoid person that I am, that I wouldn't just
only relay with a router. I will setup the router to be my first line of
defense, as well to do some NAT or masqarading, and then after the router
setup iptables as my second line of defense.
But the first posting was see
--
ciao,
Marco
--- Begin Message ---
-BEGIN PGP SIGNED MESSAGE-
Hello,
Ivan Arce <[EMAIL PROTECTED]> writes:
> The attached file is a security advisory detailing
> a vulnerability in the Mutt Mail User Agent.
...
> We would like to obtain a CVE candidate number for
> this vulnerabilit
Hiya,
Howcome I don't see a Debian security advisory about the recently-found
ptrace hole in Linux?
Is it not really a hole? Or something?
I think there should be an announcement even if the Debian kernels are
not vulnerable, to explain that they're not.
Are the Debian kernels vulnerable to th
Dear list,
chkrootkit-0.39a gave the following output:
--snip--
Checking `lkm'... nothing detected
Checking `rexedcs'... not found
Checking `sniffer'...
eth0 is not promisc
ppp0 is not promisc
Checking `wted'... 1 deletion(s) between Thu Mar 20 18:56:20 2003 and
Thu Mar 20 23:24:49 2003
nothing d
On Thu, 2003-03-20 at 14:50, Tom Goulet (UID0) wrote:
> Are the Debian kernels vulnerable to this hole?
>
This post to BugTraq by Andrzej Szombierski (who found the problem)
includes a sample exploit for x86. You can use it to see if you are
vulnerable.
http://www.securityfocus.com/archive/1/
chkrootkit finds this file:
Searching for suspicious files and dirs, it may take a while...
/usr/lib/tiger/bin/.bintype
which appears to be quite old. Is this just a leftover
from a long ago tiger? It only contains "Linux 2.2.17 2001"
and appears on several systems looking the same. It isn't
in
>Howcome I don't see a Debian security advisory about the recently-found
>ptrace hole in Linux?
>
>Is it not really a hole? Or something?
>
>I think there should be an announcement even if the Debian kernels are
>not vulnerable, to explain that they're not.
>
>Are the Debian kernels vulnerable to
that's a start. thanx
Bye
--
Haim
Thanx for the input everybody, I think that from now on I will at least recommend to
my clients about using ldap instead.
Bye
--
Haim
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Wed, 19 Mar 2003 21:21:42 +, [EMAIL PROTECTED] wrote:
> On Wed, Mar 19, 2003 at 09:45:48PM +0100, Janus N. T?ndering wrote:
> > This should be more than enough. I have been running a mailserver on a
> > Pentium 133MHz 96 RAM + SCSI for a few years. It can handle quite a lot
> > mail --- ne
Hi
After reading the responses for my email about NIS security, I was convinced that it's
time to learn about ldap w/kerberos. In the ldap-howto's I've read there were
references to kerberos by MIT and hemidal. looking in my aptitude list I saw a lot of
packages with different versions of kerbe
On Thu, Mar 20, 2003 at 10:31:12AM +0100, I.R. van Dongen wrote:
> I hope that machine has scsi disks like my gateway (120MB & 1GB) since with that low
> on ram your machine is always swapping. That's usually no problem, but IDE disks
> tend to wear out fast when used 24/7. With more RAM (32-40M)
Quoting Haim Ashkenazi ([EMAIL PROTECTED]):
> After reading the responses for my email about NIS security, I was
> convinced that it's time to learn about ldap w/kerberos. In the
> ldap-howto's I've read there were references to kerberos by MIT and
> hemidal. looking in my aptitude list I saw a lo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thursday 20 March 2003 06:26, Hanasaki JiJi wrote:
> been trying to get the following to work for sometime input is most
> appreciated
>
>
> internet <=25= firewall iptablerule =port#x=> internalSMTPhost
>
> how can the firewall be told to:
>
On Wed, Mar 19, 2003 at 11:26:10PM -0600, Hanasaki JiJi wrote:
> been trying to get the following to work for sometime input is most
> appreciated
>
>
> internet <=25= firewall iptablerule =port#x=> internalSMTPhost
>
> how can the firewall be told to:
> take all incoming tcp port 25
On Wed, 19 Mar 2003, Victor Calzado Mayo wrote:
> > internet <=25= firewall iptablerule =port#x=> internalSMTPhost
> >
> > how can the firewall be told to:
> > take all incoming tcp port 25 traffic and send it to
> > smtp host on port X
> iptables -t nat -A PREROUTING -p tcp --dport 25 -
* Quoting I.R. van Dongen ([EMAIL PROTECTED]):
>
> On Wed, 19 Mar 2003 21:21:42 +, [EMAIL PROTECTED] wrote:
>
> > On Wed, Mar 19, 2003 at 09:45:48PM +0100, Janus N. T?ndering wrote:
> > > This should be more than enough. I have been running a mailserver on a
> > > Pentium 133MHz 96 RAM + SCS
On Thu, Mar 20, 2003 at 01:53:07PM +0100, Rolf Kutz wrote:
> How is that, since IDE and SCSI-Disks are having
> the same mechanics?
For one, the old IDE's tended to be more cheaply made.
He is right in that: for customer machines in that
era I always insisted on SCSI hard drives for speed
and rel
> "Jones" == Jones <[EMAIL PROTECTED]> writes:
Jones> I am planning to replace a (dead) Windows 2000 computer
Jones> that was used as a web server and email server with a
Jones> Debian Linux solution. This machine is connected to the
Jones> net via DSL and would run apache an
On Wed, 2003-03-19 at 23:01, Stefan Neufeind wrote:
> What I find astonishing: Let's say you are running a webserver, maybe
> mailserver and a DNS on a server. What rules do you want to apply to
> the packets etc.?
I guess plain iptables should be enough for single PC or SOHO network -
you can d
On Thu, Mar 20, 2003 at 12:18:23PM +0200, Haim Ashkenazi wrote:
> After reading the responses for my email about NIS security, I was
> convinced that it's time to learn about ldap w/kerberos. In the
> ldap-howto's I've read there were references to kerberos by MIT and
> hemidal. looking in my aptit
FYI, temprorary fix is to set /proc/sys/kernel/modprobe to something
bogus.
--
"Real men don't take backups. They put their source on a public FTP-server
and let the world mirror it." -- Linus Torvalds
--- Begin Message ---
Hello
There are many discussions (on slashdot for example) on the recen
what package can i research for a store/foward server?
I thought the secure way was not to run anything like that on a
firewall? That is why I am moving this group's exim off the firewall.
Lars Ellenberg wrote:
On Wed, Mar 19, 2003 at 11:26:10PM -0600, Hanasaki JiJi wrote:
been trying to get the
On Wednesday 19 March 2003 01:07 pm, Ian Garrison wrote:
>Imo iptables is a reasonably good stateful firewall and is fine in most
> cases. However, a very wise person once said that the ideal setup is to
> layer more than one implementation of packet filter and firewall between
> the wild and
Title: This is a one
This is a one-time email from Ron Korkut ([EMAIL PROTECTED]) to inform you
about the following LEGAL SCAM perpetrated under the supervision of the Attorney
General of British Columbia. For further information please visit
www.integriti.org and subscribe to the Integri
Definately true, and worth mentioning. There is also the point that
several of the punier devices that one might thrust into the horde of
angry packets might have crummy stacks or be vulnerable to the silliest of
things (especially in the case of consumer grade equipment). If the
hardware is a
* Hanasaki JiJi <[EMAIL PROTECTED]> [20030320 09:55 PST]:
> Lars Ellenberg wrote:
> >but to me it seems more appropriate to use a simple store and forward
> >smtp deamon on the firewall.
> what package can i research for a store/foward server?
>
> I thought the secu
* Adrian 'Dagurashibanipal' von Bidder <[EMAIL PROTECTED]> [20030320 06:39 PST]:
> Set it up to block everything and then selectively open ports until
> everything works as desired. Depending on the applications it may be a
> good idea to REJECT auth (identd) packets
I will like to add, as a paranoid person that I am, that I wouldn't just
only relay with a router. I will setup the router to be my first line of
defense, as well to do some NAT or masqarading, and then after the router
setup iptables as my second line of defense.
But the first posting was seek
--
ciao,
Marco
--- Begin Message ---
-BEGIN PGP SIGNED MESSAGE-
Hello,
Ivan Arce <[EMAIL PROTECTED]> writes:
> The attached file is a security advisory detailing
> a vulnerability in the Mutt Mail User Agent.
...
> We would like to obtain a CVE candidate number for
> this vulnerabilit
Hiya,
Howcome I don't see a Debian security advisory about the recently-found
ptrace hole in Linux?
Is it not really a hole? Or something?
I think there should be an announcement even if the Debian kernels are
not vulnerable, to explain that they're not.
Are the Debian kernels vulnerable to th
Dear list,
chkrootkit-0.39a gave the following output:
--snip--
Checking `lkm'... nothing detected
Checking `rexedcs'... not found
Checking `sniffer'...
eth0 is not promisc
ppp0 is not promisc
Checking `wted'... 1 deletion(s) between Thu Mar 20 18:56:20 2003 and
Thu Mar 20 23:24:49 2003
nothing d
On Thu, 2003-03-20 at 14:50, Tom Goulet (UID0) wrote:
> Are the Debian kernels vulnerable to this hole?
>
This post to BugTraq by Andrzej Szombierski (who found the problem)
includes a sample exploit for x86. You can use it to see if you are
vulnerable.
http://www.securityfocus.com/archive/1/
chkrootkit finds this file:
Searching for suspicious files and dirs, it may take a while...
/usr/lib/tiger/bin/.bintype
which appears to be quite old. Is this just a leftover
from a long ago tiger? It only contains "Linux 2.2.17 2001"
and appears on several systems looking the same. It isn't
in
>Howcome I don't see a Debian security advisory about the recently-found
>ptrace hole in Linux?
>
>Is it not really a hole? Or something?
>
>I think there should be an announcement even if the Debian kernels are
>not vulnerable, to explain that they're not.
>
>Are the Debian kernels vulnerable to
that's a start. thanx
Bye
--
Haim
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
ss you by for an easier target.
In general, I don't use -REJECT unless I'm worried
about being polite. And in most circumstances,
politeness isn't my goal ;)
Josh
--- Vineet Kumar
<[EMAIL PROTECTED]> wrote:
> * Adrian 'Dagurashibanipal' von Bidder
> <[EMAIL P
57 matches
Mail list logo
