Re: Unidentified subject!

On Sun, Mar 30, 2003 at 02:48:43PM -0600, David Ehle wrote: > > 2. > > Use spamassasin (i use procmail) as spamfilter. You won't see Spam > > again. (And if you do, you have done something wrong. Really.) > > On spamassasin, I havn't used it, so this may be a stupid question, but > would it be imp

Re: iptables forwarding to inside firewall

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi On Monday 31 March 2003 02:24, Paul Hampson wrote: > On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote: > > On Fri, 28 Mar 2003, Hanasaki JiJi wrote: > > > Working on running a SMTP server inside the firewall that takes > > > incoming

*****SPAM***** Problems obtaining a mortgage? We Can Help! SPI

Mortgage giant Freddie mac reports that mortgage rates are taking a dip for the last time for the next 2-3 years. Chief Economist Frank Nothaft believes that the market is improving and as the war draws closer to it's certain end the rates are destined to go up. Last chance here! This is when

Re: Logcheck, Logsentry, LogRider etc.

On Mon, 2003-03-31 at 01:24, Thomas Ritter wrote: > Am Montag, 31. März 2003 00:27 schrieb Jan-Hendrik Palic: > > I am using logcheck, personally installed on my Debian-Server/WS, > > because, there are no debian-packages .. :( > > I don't know about sarge and woody, but logcheck in sid, roughly

*****SPAM***** Re: receive prescription drugs to your door, widest range of drugs..

This is a multi-part message in MIME format. --9F.3_AB7D6 Content-Type: text/html Content-Transfer-Encoding: quoted-printable =

Unidentified subject!

Re: Bug in Tiger check_listening_procs?

On Mon, Mar 31, 2003 at 10:29:48AM +1000, Paul Hampson wrote: > > If lose is found on the system > > /usr/lib/tiger/systems/Linux/2/check_listeningprocs uses the > > command: > > > > $LSOF -nPi | $GREP "IPv" | $GREP -v "\->" | $AWK '{printf("%s %s %s > > %s\n", $1, $3, $7

Port 635

Hi there! The last weeks, we frequently get portscanned at port 635. 635 is used for mountd. Is there some new form of exploit available, or am I getting plain paranoid? :) Thanks in advance, Diederik de Vries Rotterdam, The Netherlands

[Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

Hi everybody, Does someone know where is debian about this issue ? I see that there is already an update but only for mips (http://www.debian.org/security/2003/dsa-270), do you know why ? Thanks in advance, -- DouRiX ["Don't fear, Just play

Re: Port 635

- Original Message - From: "Netnation - Diederik de Vries" <[EMAIL PROTECTED]> To: Sent: Monday, March 31, 2003 1:55 PM Subject: Port 635 > Hi there! > > The last weeks, we frequently get portscanned at port 635. 635 is used for > mountd. Is there some new form of exploit available, or a

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On lunedì 31 marzo 2003, alle 16:02, DouRiX wrote: > Does someone know where is debian about this issue ? > > i've noticed that there kernel 2.4.20 with ptrace patch included, in proposed-update. For my puorpose, i've backported that patch, for work with kernel 2

Re: Port 635

> Maybe it's related to that, maybe it's not. > According to sans.org [1] RPC services are the number 1 exploitable part to > UNIX systems so it may just be one of those standard 'scans' you get now and > then. For your information: on the hosts there ISN'T a RPC service. They get trapped by Port

[OT] Msec (was Re: Maybe an intruder?)

On Sun, 2003-03-30 at 12:40, Cau de Alencar wrote: > Medusa is running. That's it generating security warnings. > Something not well configured. > > Thank you all. Just correcting myself... the program generating the security alerts (thread - Maybe an intruder?) seems to be Msec (distro Mandrake)

Re: iptables forwarding to inside firewall

On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote: > [1] If you use the "3 legged firewall" setup, it is possible to > distinguish DMZ traffic from other traffic based on which interface it is > entering the firewall. Just have two different NIC's to two different non-routable LAN's;

Re: noboby with a shell !!

On Sat, Mar 29, 2003 at 12:55:21AM +0100, Sven Hoexter wrote: > Ok then I'm out of arguments ;) but I think there is a reason for the > packagers > to setup a lot of dummy users for daemons etc. with /bin/sh instead of > /bin/false or /dev/null. I have heard it so argued and remain to be convince

Re: iptables forwarding to inside firewall

On Mon, 31 Mar 2003 10:24:15 +1000 Paul Hampson <[EMAIL PROTECTED]> wrote: > On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote: > > On Fri, 28 Mar 2003, Hanasaki JiJi wrote: [snip] > > If you have more than 1 static address, an MTA running in a DMZ is > > definately better. This way

Re: is this an attack ?

danilo lujambio <[EMAIL PROTECTED]> writes: > > 18:59:06 web wu-ftpd[10527]: connect from 200.158.144.201 > Mar 28 18:59:07 web wu-ftpd[10527]: USER anonymous > Mar 28 18:59:07 web wu-ftpd[10527]: PASS [EMAIL PROTECTED] [ etc. ] This log indicates that someone connected as an anonymous user and a

Re: Is this an obsolete tiger file?

On Sun, Mar 23, 2003 at 09:44:18PM +0100, Javier Fern?ndez-Sanguino Pe?a wrote: > This file is created by tiger's buildbins (look in the util/ dir) which is > called by /usr/lib/tiger/bin/config which is called by tiger itself. It > just gets created once when you build the binaries. However, you s

Re: iptables forwarding to inside firewall

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi On Monday 31 March 2003 02:24, Paul Hampson wrote: > On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote: > > On Fri, 28 Mar 2003, Hanasaki JiJi wrote: > > > Working on running a SMTP server inside the firewall that takes > > > incoming

*****SPAM***** Problems obtaining a mortgage? We Can Help! SPI

Mortgage giant Freddie mac reports that mortgage rates are taking a dip for the last time for the next 2-3 years. Chief Economist Frank Nothaft believes that the market is improving and as the war draws closer to it's certain end the rates are destined to go up. Last chance here! This is when

Re: Logcheck, Logsentry, LogRider etc.

On Mon, 2003-03-31 at 01:24, Thomas Ritter wrote: > Am Montag, 31. März 2003 00:27 schrieb Jan-Hendrik Palic: > > I am using logcheck, personally installed on my Debian-Server/WS, > > because, there are no debian-packages .. :( > > I don't know about sarge and woody, but logcheck in sid, roughly p

Unidentified subject!

-- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Port 635

Hi there! The last weeks, we frequently get portscanned at port 635. 635 is used for mountd. Is there some new form of exploit available, or am I getting plain paranoid? :) Thanks in advance, Diederik de Vries Rotterdam, The Netherlands -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a su

[Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

Hi everybody, Does someone know where is debian about this issue ? I see that there is already an update but only for mips (http://www.debian.org/security/2003/dsa-270), do you know why ? Thanks in advance, -- DouRiX ["Don't fear, Just play th

Re: Port 635

- Original Message - From: "Netnation - Diederik de Vries" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, March 31, 2003 1:55 PM Subject: Port 635 > Hi there! > > The last weeks, we frequently get portscanned at port 635. 635 is used for > mountd. Is there some new form of expl

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On lunedì 31 marzo 2003, alle 16:02, DouRiX wrote: > Does someone know where is debian about this issue ? > > i've noticed that there kernel 2.4.20 with ptrace patch included, in proposed-update. For my puorpose, i've backported that patch, for work with kernel 2

Re: Port 635

> Maybe it's related to that, maybe it's not. > According to sans.org [1] RPC services are the number 1 exploitable part to > UNIX systems so it may just be one of those standard 'scans' you get now and > then. For your information: on the hosts there ISN'T a RPC service. They get trapped by Port

[OT] Msec (was Re: Maybe an intruder?)

On Sun, 2003-03-30 at 12:40, Cau de Alencar wrote: > Medusa is running. That's it generating security warnings. > Something not well configured. > > Thank you all. Just correcting myself... the program generating the security alerts (thread - Maybe an intruder?) seems to be Msec (distro Mandrake)

Re: iptables forwarding to inside firewall

On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote: > [1] If you use the "3 legged firewall" setup, it is possible to > distinguish DMZ traffic from other traffic based on which interface it is > entering the firewall. Just have two different NIC's to two different non-routable LAN's;

Re: noboby with a shell !!

On Sat, Mar 29, 2003 at 12:55:21AM +0100, Sven Hoexter wrote: > Ok then I'm out of arguments ;) but I think there is a reason for the packagers > to setup a lot of dummy users for daemons etc. with /bin/sh instead of > /bin/false or /dev/null. I have heard it so argued and remain to be convinced.

Re: iptables forwarding to inside firewall

On Mon, 31 Mar 2003 10:24:15 +1000 Paul Hampson <[EMAIL PROTECTED]> wrote: > On Sun, Mar 30, 2003 at 05:23:10PM -0500, Robert Brockway wrote: > > On Fri, 28 Mar 2003, Hanasaki JiJi wrote: [snip] > > If you have more than 1 static address, an MTA running in a DMZ is > > definately better. This way

Re: is this an attack ?

danilo lujambio <[EMAIL PROTECTED]> writes: > > 18:59:06 web wu-ftpd[10527]: connect from 200.158.144.201 > Mar 28 18:59:07 web wu-ftpd[10527]: USER anonymous > Mar 28 18:59:07 web wu-ftpd[10527]: PASS [EMAIL PROTECTED] [ etc. ] This log indicates that someone connected as an anonymous user and a

Re: Is this an obsolete tiger file?

On Sun, Mar 23, 2003 at 09:44:18PM +0100, Javier Fern?ndez-Sanguino Pe?a wrote: > This file is created by tiger's buildbins (look in the util/ dir) which is > called by /usr/lib/tiger/bin/config which is called by tiger itself. It > just gets created once when you build the binaries. However, you s

*****SPAM***** Re: receive prescription drugs to your door, widest range of drugs..

This is a multi-part message in MIME format. --9F.3_AB7D6 Content-Type: text/html Content-Transfer-Encoding: quoted-printable =