Good luck... The only good thing about being compromised is that it
makes you more paranoid about being on the net.
paranoid I now am!!
I always found the concept of script kiddies amusing ... but if I ever found
this guy I'd ring his neck. Is there any way I can track him down ? (I have
On Sun, 15 Jun 2003, eyem wrote:
Good luck... The only good thing about being compromised is that it
makes you more paranoid about being on the net.
paranoid I now am!!
I always found the concept of script kiddies amusing ... but if I ever found
this guy I'd ring his neck. Is there
On Sun, 15 Jun 2003 at 04:13:19AM -0500, eyem wrote:
paranoid I now am!!
I always found the concept of script kiddies amusing ... but if I ever found
this guy I'd ring his neck. Is there any way I can track him down ? (I have
already backed up some stuff and wiped my hard drive)
You can
On Sun, Jun 15, 2003 at 04:29:36PM +0300, Mika Bostr?m wrote:
You must understand that Snort, ACID or any other IDS setup does not
provide any protection against threats. They just monitor what takes
place in the network.
To really protect against break-ins, install a system monitor.
Am Son, 2003-06-15 um 16.03 schrieb Phillip Hofmeister:
@daily apt-get -q -q -q -q update apt-get -s -q -q -q -q upgrade
Better use secpack, it will verify the signatures before upgrade:
http://therapy.endorphin.org/secpack/
But still, automatic installation is not sufficient. For example,
-BEGIN PGP SIGNED MESSAGE-
On Saturday 14 June 2003 08:16, eyem wrote:
Hello,
Hello.
rm uses obsolete (PF_INET,SOCK_PACKET)
...
eth0: Setting promiscuous mode
ppp0: Setting promiscuous mode
...
I found some stuff in /dev, hdx1 and hdx2 is that normal?
No, that isn't
Quoting Fuska ([EMAIL PROTECTED]):
No, that isn't normal. It seems that you have been infected whith the rstb
virus. It infects all executable files under /bin/ directory and under the
directory from which the infected file has been launched. Seach for
rstb_cleaner, whith this tool you can
Fuska schrieb:
rm uses obsolete (PF_INET,SOCK_PACKET)
...
eth0: Setting promiscuous mode
ppp0: Setting promiscuous mode
...
I found some stuff in /dev, hdx1 and hdx2 is that normal?
No, that isn't normal. It seems that you have been infected whith
the rstb
virus. It infects all
Which is the best proxy server to use on debian? I
have heard that squid is not secure...
On Sun, Jun 15, 2003 at 11:42:33PM +0100, Ian Goodall wrote:
Which is the best proxy server to use on debian? I have heard that
squid is not secure...
Can you provide a reference for that statement? It certain seems secure
to me At least, I've never had any boxes cracked as a result of it, and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It looks as though someone is trying to crack my box through ssh. This
is what logcheck emailed me:
- -- snip --
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from
Can you provide a reference for that statement? It certain
seems secure to me At least, I've never had any boxes cracked as a
result of it, and there are no outstanding (known) security issues for
it.
Thanks. Its just what I have heard when asking around. I don't mind about
securing the
Quoting Mark Devin [EMAIL PROTECTED]:
Hash: SHA1
It looks as though someone is trying to crack my box through ssh. This
is what logcheck emailed me:
- -- snip --
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Devin wrote:
| It looks as though someone is trying to crack my box through ssh.
OK, now I realise that it is an ssh scanner.
See: http://www.monkey.org/~provos/scanssh/
Why is it that the Debian version of sshd gives out any information
about its
On Mon, 16 Jun 2003 09:05:20 +1000
Mark Devin [EMAIL PROTECTED] wrote:
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.149 port 2810
Jun 16 04:36:04 jack sshd[20027]: scanned from 212.202.204.149 with
I really wouldn't worry about your verison number being leaked. If an
attacker wants to crack your machine, they are just going to try running
an exploit against it. Why bother testing the version number when it
(often) takes less time to just try the attack?
I suppose one reason to hide the
On Mon, Jun 16, 2003 at 10:08:41AM +1000, Mark Devin wrote:
So they know that I am running debian and what version of ssh I use! I
know that security through obscurity is no security, but I still don't
want to help any attackers. Anyone else have thoughts on this?
It is necessary so that the
is what logcheck emailed me:
- -- snip --
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.149 port 2810
Jun 16 04:36:04 jack sshd[20027]: scanned from 212.202.204.149 with
SSH-1.0-SSH_Version_Mapper.
I don't like the fact it has to give away I'm running Debian.
For example:
My Slackware box:
[EMAIL PROTECTED]:~ telnet x.tsnz.net 22
Trying 203.97.131.xxx...
Connected to x.tsnz.net.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.6.1p1
My Debian box:
Connection closed by foreign host.
On Mon, 16 Jun 2003 15:20:56 +1200 (NZST)
TiM [EMAIL PROTECTED] wrote:
But if the kiddies only have an exploit that works only on Debian woody,
they're going to know to target my box.
Make them work for their information :)
The likelyhood of them even attempting to get that information is tiny
My Debian box:
Connection closed by foreign host.
[EMAIL PROTECTED]:~ telnet xx.com 22
Trying 203.167.224....
Connected to xx.com.
Escape character is '^]'.
SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
To be brief, I don't usually come accross that there is an exploit
for only
Tim Peeler [EMAIL PROTECTED] writes:
I've come to the conclusion that the SSH1 protocol is the most
likely cause of this problem.
Attacks on the SSH v1 protocol are relatively sophisticated. It's
more likely that some token used for authentication (password, RSA or
DSA key) has leaked, that a
Good luck... The only good thing about being compromised is that it
makes you more paranoid about being on the net.
paranoid I now am!!
I always found the concept of script kiddies amusing ... but if I ever found
this guy I'd ring his neck. Is there any way I can track him down ? (I have
On Sun, 15 Jun 2003, eyem wrote:
Good luck... The only good thing about being compromised is that it
makes you more paranoid about being on the net.
paranoid I now am!!
I always found the concept of script kiddies amusing ... but if I ever found
this guy I'd ring his neck. Is there
On Sun, 15 Jun 2003 at 04:13:19AM -0500, eyem wrote:
paranoid I now am!!
I always found the concept of script kiddies amusing ... but if I ever found
this guy I'd ring his neck. Is there any way I can track him down ? (I have
already backed up some stuff and wiped my hard drive)
You can
On Sun, Jun 15, 2003 at 04:29:36PM +0300, Mika Bostr?m wrote:
You must understand that Snort, ACID or any other IDS setup does not
provide any protection against threats. They just monitor what takes
place in the network.
To really protect against break-ins, install a system monitor.
Am Son, 2003-06-15 um 16.03 schrieb Phillip Hofmeister:
@daily apt-get -q -q -q -q update apt-get -s -q -q -q -q upgrade
Better use secpack, it will verify the signatures before upgrade:
http://therapy.endorphin.org/secpack/
But still, automatic installation is not sufficient. For example,
-BEGIN PGP SIGNED MESSAGE-
On Saturday 14 June 2003 08:16, eyem wrote:
Hello,
Hello.
rm uses obsolete (PF_INET,SOCK_PACKET)
...
eth0: Setting promiscuous mode
ppp0: Setting promiscuous mode
...
I found some stuff in /dev, hdx1 and hdx2 is that normal?
No, that isn't
Quoting Fuska ([EMAIL PROTECTED]):
No, that isn't normal. It seems that you have been infected whith the rstb
virus. It infects all executable files under /bin/ directory and under the
directory from which the infected file has been launched. Seach for
rstb_cleaner, whith this tool you can
Fuska schrieb:
rm uses obsolete (PF_INET,SOCK_PACKET)
...
eth0: Setting promiscuous mode
ppp0: Setting promiscuous mode
...
I found some stuff in /dev, hdx1 and hdx2 is that normal?
No, that isn't normal. It seems that you have been infected whith
the rstb
virus. It infects all
Which is the best proxy server to use on debian? I
have heard that squid is not secure...
On Sun, Jun 15, 2003 at 11:42:33PM +0100, Ian Goodall wrote:
Which is the best proxy server to use on debian? I have heard that
squid is not secure...
Can you provide a reference for that statement? It certain seems secure
to me At least, I've never had any boxes cracked as a result of it, and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It looks as though someone is trying to crack my box through ssh. This
is what logcheck emailed me:
- -- snip --
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from
Can you provide a reference for that statement? It certain
seems secure to me At least, I've never had any boxes cracked as a
result of it, and there are no outstanding (known) security issues for
it.
Thanks. Its just what I have heard when asking around. I don't mind about
securing the
Quoting Mark Devin [EMAIL PROTECTED]:
Hash: SHA1
It looks as though someone is trying to crack my box through ssh. This
is what logcheck emailed me:
- -- snip --
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Devin wrote:
| It looks as though someone is trying to crack my box through ssh.
OK, now I realise that it is an ssh scanner.
See: http://www.monkey.org/~provos/scanssh/
Why is it that the Debian version of sshd gives out any information
about
On Mon, 16 Jun 2003 09:05:20 +1000
Mark Devin [EMAIL PROTECTED] wrote:
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.149 port 2810
Jun 16 04:36:04 jack sshd[20027]: scanned from 212.202.204.149 with
I really wouldn't worry about your verison number being leaked. If an
attacker wants to crack your machine, they are just going to try running
an exploit against it. Why bother testing the version number when it
(often) takes less time to just try the attack?
I suppose one reason to hide the
On Mon, Jun 16, 2003 at 10:08:41AM +1000, Mark Devin wrote:
So they know that I am running debian and what version of ssh I use! I
know that security through obscurity is no security, but I still don't
want to help any attackers. Anyone else have thoughts on this?
It is necessary so that the
is what logcheck emailed me:
- -- snip --
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.149 port 2810
Jun 16 04:36:04 jack sshd[20027]: scanned from 212.202.204.149 with
SSH-1.0-SSH_Version_Mapper.
I don't like the fact it has to give away I'm running Debian.
For example:
My Slackware box:
[EMAIL PROTECTED]:~ telnet x.tsnz.net 22
Trying 203.97.131.xxx...
Connected to x.tsnz.net.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.6.1p1
My Debian box:
Connection closed by foreign host.
41 matches
Mail list logo
