Tim Peeler <[EMAIL PROTECTED]> writes:
> I've come to the conclusion that the SSH1 protocol is the most
> likely cause of this problem.
Attacks on the SSH v1 protocol are relatively sophisticated. It's
more likely that some token used for authentication (password, RSA or
DSA key) has leaked, tha
> Good luck... The only good thing about being compromised is that it
> makes you more paranoid about being on the net.
paranoid I now am!!
I always found the concept of script kiddies amusing ... but if I ever found
this guy I'd ring his neck. Is there any way I can track him down ? (I have
On Sun, 15 Jun 2003, eyem wrote:
>
> > Good luck... The only good thing about being compromised is that it
> > makes you more paranoid about being on the net.
>
> paranoid I now am!!
>
> I always found the concept of script kiddies amusing ... but if I ever found
> this guy I'd ring his neck.
On Sun, 15 Jun 2003 at 04:13:19AM -0500, eyem wrote:
> paranoid I now am!!
>
> I always found the concept of script kiddies amusing ... but if I ever found
> this guy I'd ring his neck. Is there any way I can track him down ? (I have
> already backed up some stuff and wiped my hard drive)
You c
On Sun, Jun 15, 2003 at 04:29:36PM +0300, Mika Bostr?m wrote:
> You must understand that Snort, ACID or any other IDS setup does not
> provide any protection against threats. They just monitor what takes
> place in the network.
>
> To really protect against break-ins, install a system monitor.
Am Son, 2003-06-15 um 16.03 schrieb Phillip Hofmeister:
> @daily apt-get -q -q -q -q update && apt-get -s -q -q -q -q upgrade
Better use secpack, it will verify the signatures before upgrade:
http://therapy.endorphin.org/secpack/
But still, automatic installation is not sufficient. For example,
-BEGIN PGP SIGNED MESSAGE-
On Saturday 14 June 2003 08:16, eyem wrote:
> Hello,
>
Hello.
>
> rm uses obsolete (PF_INET,SOCK_PACKET)
> ...
> eth0: Setting promiscuous mode
> ppp0: Setting promiscuous mode
> ...
>
> I found some stuff in /dev, hdx1 and hdx2 is that normal?
>
No, t
Quoting Fuska ([EMAIL PROTECTED]):
> No, that isn't normal. It seems that you have been infected whith the rstb
> virus. It infects all executable files under /bin/ directory and under the
> directory from which the infected file has been launched. Seach for
> rstb_cleaner, whith this tool you can
Fuska schrieb:
>>rm uses obsolete (PF_INET,SOCK_PACKET)
>>...
>>eth0: Setting promiscuous mode
>>ppp0: Setting promiscuous mode
>>...
>>
>>I found some stuff in /dev, hdx1 and hdx2 is that normal?
>>
>
>
> No, that isn't normal. It seems that you have been infected whith
the rstb
> virus.
Which is the best proxy server to use on debian? I
have heard that squid is not secure...
On Sun, Jun 15, 2003 at 11:42:33PM +0100, Ian Goodall wrote:
> Which is the best proxy server to use on debian? I have heard that
> squid is not secure...
Can you provide a reference for that statement? It certain seems secure
to me At least, I've never had any boxes cracked as a result of it, an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It looks as though someone is trying to crack my box through ssh. This
is what logcheck emailed me:
- -- snip --
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204
> Can you provide a reference for that statement? It certain
seems secure> to me At least, I've never had any boxes cracked as a
result of it, and> there are no outstanding (known) security issues for
it.
Thanks. Its just what I have heard when asking around. I don't mind about
securing t
Quoting Mark Devin <[EMAIL PROTECTED]>:
> Hash: SHA1
>
> It looks as though someone is trying to crack my box through ssh. This
> is what logcheck emailed me:
> - -- snip --
> Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
> Jun 16 04:36:03 jack sshd[20027]: Connectio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Devin wrote:
| It looks as though someone is trying to crack my box through ssh.
OK, now I realise that it is an ssh scanner.
See: http://www.monkey.org/~provos/scanssh/
Why is it that the Debian version of sshd gives out any information
about
On Mon, 16 Jun 2003 09:05:20 +1000
Mark Devin <[EMAIL PROTECTED]> wrote:
>
> Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
> Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.149 port 2810
> Jun 16 04:36:04 jack sshd[20027]: scanned from 212.202.204.149 w
I really wouldn't worry about your verison number being leaked. If an
attacker wants to crack your machine, they are just going to try running
an exploit against it. Why bother testing the version number when it
(often) takes less time to just try the attack?
I suppose one reason to hide the versi
On Mon, Jun 16, 2003 at 10:08:41AM +1000, Mark Devin wrote:
> So they know that I am running debian and what version of ssh I use! I
> know that security through obscurity is no security, but I still don't
> want to help any attackers. Anyone else have thoughts on this?
It is necessary so that t
> is what logcheck emailed me:
> - -- snip --
> Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
> Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.149 port 2810
> Jun 16 04:36:04 jack sshd[20027]: scanned from 212.202.204.149 with
> SSH-1.0-SSH_Version_Mappe
I don't like the fact it has to give away I'm running Debian.
For example:
My Slackware box:
[EMAIL PROTECTED]:~> telnet x.tsnz.net 22
Trying 203.97.131.xxx...
Connected to x.tsnz.net.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.6.1p1
My Debian box:
Connection closed by foreign host.
[
On Mon, 16 Jun 2003 15:20:56 +1200 (NZST)
"TiM" <[EMAIL PROTECTED]> wrote:
> But if the kiddies only have an exploit that works only on Debian woody,
> they're going to know to target my box.
> Make them work for their information :)
The likelyhood of them even attempting to get that information i
> My Debian box:
> Connection closed by foreign host.
> [EMAIL PROTECTED]:~> telnet xx.com 22
> Trying 203.167.224....
> Connected to xx.com.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
To be brief, I don't usually come accross that there is an exploit
for only
Tim Peeler <[EMAIL PROTECTED]> writes:
> I've come to the conclusion that the SSH1 protocol is the most
> likely cause of this problem.
Attacks on the SSH v1 protocol are relatively sophisticated. It's
more likely that some token used for authentication (password, RSA or
DSA key) has leaked, tha
> Good luck... The only good thing about being compromised is that it
> makes you more paranoid about being on the net.
paranoid I now am!!
I always found the concept of script kiddies amusing ... but if I ever found
this guy I'd ring his neck. Is there any way I can track him down ? (I have
On Sun, 15 Jun 2003, eyem wrote:
>
> > Good luck... The only good thing about being compromised is that it
> > makes you more paranoid about being on the net.
>
> paranoid I now am!!
>
> I always found the concept of script kiddies amusing ... but if I ever found
> this guy I'd ring his neck.
On Sun, 15 Jun 2003 at 04:13:19AM -0500, eyem wrote:
> paranoid I now am!!
>
> I always found the concept of script kiddies amusing ... but if I ever found
> this guy I'd ring his neck. Is there any way I can track him down ? (I have
> already backed up some stuff and wiped my hard drive)
You c
On Sun, Jun 15, 2003 at 04:29:36PM +0300, Mika Bostr?m wrote:
> You must understand that Snort, ACID or any other IDS setup does not
> provide any protection against threats. They just monitor what takes
> place in the network.
>
> To really protect against break-ins, install a system monitor.
Am Son, 2003-06-15 um 16.03 schrieb Phillip Hofmeister:
> @daily apt-get -q -q -q -q update && apt-get -s -q -q -q -q upgrade
Better use secpack, it will verify the signatures before upgrade:
http://therapy.endorphin.org/secpack/
But still, automatic installation is not sufficient. For example,
-BEGIN PGP SIGNED MESSAGE-
On Saturday 14 June 2003 08:16, eyem wrote:
> Hello,
>
Hello.
>
> rm uses obsolete (PF_INET,SOCK_PACKET)
> ...
> eth0: Setting promiscuous mode
> ppp0: Setting promiscuous mode
> ...
>
> I found some stuff in /dev, hdx1 and hdx2 is that normal?
>
No, t
Quoting Fuska ([EMAIL PROTECTED]):
> No, that isn't normal. It seems that you have been infected whith the rstb
> virus. It infects all executable files under /bin/ directory and under the
> directory from which the infected file has been launched. Seach for
> rstb_cleaner, whith this tool you can
Fuska schrieb:
>>rm uses obsolete (PF_INET,SOCK_PACKET)
>>...
>>eth0: Setting promiscuous mode
>>ppp0: Setting promiscuous mode
>>...
>>
>>I found some stuff in /dev, hdx1 and hdx2 is that normal?
>>
>
>
> No, that isn't normal. It seems that you have been infected whith
the rstb
> virus.
Which is the best proxy server to use on debian? I
have heard that squid is not secure...
On Sun, Jun 15, 2003 at 11:42:33PM +0100, Ian Goodall wrote:
> Which is the best proxy server to use on debian? I have heard that
> squid is not secure...
Can you provide a reference for that statement? It certain seems secure
to me At least, I've never had any boxes cracked as a result of it, an
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
It looks as though someone is trying to crack my box through ssh. This
is what logcheck emailed me:
- -- snip --
Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.1
> Can you provide a reference for that statement? It certain
seems secure> to me At least, I've never had any boxes cracked as a
result of it, and> there are no outstanding (known) security issues for
it.
Thanks. Its just what I have heard when asking around. I don't mind about
securing t
Quoting Mark Devin <[EMAIL PROTECTED]>:
> Hash: SHA1
>
> It looks as though someone is trying to crack my box through ssh. This
> is what logcheck emailed me:
> - -- snip --
> Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
> Jun 16 04:36:03 jack sshd[20027]: Connectio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Mark Devin wrote:
| It looks as though someone is trying to crack my box through ssh.
OK, now I realise that it is an ssh scanner.
See: http://www.monkey.org/~provos/scanssh/
Why is it that the Debian version of sshd gives out any information
about its
On Mon, 16 Jun 2003 09:05:20 +1000
Mark Devin <[EMAIL PROTECTED]> wrote:
>
> Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
> Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.149 port 2810
> Jun 16 04:36:04 jack sshd[20027]: scanned from 212.202.204.149 w
I really wouldn't worry about your verison number being leaked. If an
attacker wants to crack your machine, they are just going to try running
an exploit against it. Why bother testing the version number when it
(often) takes less time to just try the attack?
I suppose one reason to hide the versi
On Mon, Jun 16, 2003 at 10:08:41AM +1000, Mark Devin wrote:
> So they know that I am running debian and what version of ssh I use! I
> know that security through obscurity is no security, but I still don't
> want to help any attackers. Anyone else have thoughts on this?
It is necessary so that t
> is what logcheck emailed me:
> - -- snip --
> Jun 16 04:36:02 jack sshd[20026]: Connection from 212.202.204.149 port 2323
> Jun 16 04:36:03 jack sshd[20027]: Connection from 212.202.204.149 port 2810
> Jun 16 04:36:04 jack sshd[20027]: scanned from 212.202.204.149 with
> SSH-1.0-SSH_Version_Mappe
I don't like the fact it has to give away I'm running Debian.
For example:
My Slackware box:
[EMAIL PROTECTED]:~> telnet x.tsnz.net 22
Trying 203.97.131.xxx...
Connected to x.tsnz.net.
Escape character is '^]'.
SSH-1.99-OpenSSH_3.6.1p1
My Debian box:
Connection closed by foreign host.
[
On Mon, 16 Jun 2003 15:20:56 +1200 (NZST)
"TiM" <[EMAIL PROTECTED]> wrote:
> But if the kiddies only have an exploit that works only on Debian woody,
> they're going to know to target my box.
> Make them work for their information :)
The likelyhood of them even attempting to get that information i
> My Debian box:
> Connection closed by foreign host.
> [EMAIL PROTECTED]:~> telnet xx.com 22
> Trying 203.167.224....
> Connected to xx.com.
> Escape character is '^]'.
> SSH-2.0-OpenSSH_3.4p1 Debian 1:3.4p1-1
To be brief, I don't usually come accross that there is an exploit
for only
44 matches
Mail list logo