Re: idea for improving security

t that end users can connect to the services, but only administrators. If you have 100 machines on the net placed at customers it might be pretty handy, if you dont have to worry about ssh auto rooters after the new 0day exploit, because they don't try the magic-ip-packet-sequence. This adds anot

Re: idea for improving security

c on a rare or unallocated protocol before opening a > backdoor. http://www.phenoelit.de/stuff/cd00r.c has been used sometimes on compromised machines... MfG/Regards, Alexander -- Alexander Reelsen http://tretmine.org [EMAIL PROTECTED]

Re: idea for improving security

t or what? In a random non guessable order? Hard work... useless IMO MfG/Regards, Alexander -- Alexander Reelsen http://tretmine.org [EMAIL PROTECTED]

Re: idea for improving security

ertain ports (i.e. SSH) for a specified amount of time or for the next > connection attempt only. The parameters which could be set in the config > file would be: Sadoor http://cmn.listprojects.darklab.org/ MfG/Regards, Alexander -- Alexander Reelsen http://tretmine.org [EMAIL PROTECTED]

Re: speaking of squid ports...

p_port to '0'... If it is written via -u in the init scripts the config file settings are overwritten, so beware. Regards, Alexander -- Alexander Reelsen http://tretmine.org

Re: speaking of squid ports...

p_port to '0'... If it is written via -u in the init scripts the config file settings are overwritten, so beware. Regards, Alexander -- Alexander Reelsen http://tretmine.org -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Review: sect. 4.16.2 of the Securing Debian manual

Hi On Thu, Mar 13, 2003 at 10:22:19PM +1100, Frederic Schutz wrote: > On Thu, 13 Mar 2003, Alexander Reelsen wrote: > > Are you sure on this one? > > > > # sysctl -A | grep cap-bound > > kernel.cap-bound = -257 > > > > Being it a sysctl parameter mak

Re: Review: sect. 4.16.2 of the Securing Debian manual

nux2:~ # sysctl -A | grep cap-bound kernel.cap-bound = -257 Being it a sysctl parameter makes me wonder whether you can set things runtime (if you have the appropriate capability of course). lcap does exactly that, writing in this procfile. MfG/Regards, Alexander -- Alexander Reelsen http://tretmine.org [EMAIL PROTECTED]

Re: Review: sect. 4.16.2 of the Securing Debian manual

Hi On Thu, Mar 13, 2003 at 10:22:19PM +1100, Frederic Schutz wrote: > On Thu, 13 Mar 2003, Alexander Reelsen wrote: > > Are you sure on this one? > > > > # sysctl -A | grep cap-bound > > kernel.cap-bound = -257 > > > > Being it a sysctl parameter mak

Re: Review: sect. 4.16.2 of the Securing Debian manual

nux2:~ # sysctl -A | grep cap-bound kernel.cap-bound = -257 Being it a sysctl parameter makes me wonder whether you can set things runtime (if you have the appropriate capability of course). lcap does exactly that, writing in this procfile. MfG/Regards, Alexander -- Alexander Reelsen http://tretmine.org [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Strange warning

On Sat, Aug 17, 2002 at 09:25:07PM +0100, Dale Amon wrote: > Anyone know what this means? Even google draws a blank. > > tcpspy[29190]: /proc/net/tcp: warning: incomplete line Taking a very quick look at the source along with reading the description of tcpspy makes you feel, it's nothing to totall

Re: best way to create pop only accounts

AM to authenticate via /etc/passwd, you're just not realize this :-) Check out the (not always easy to read) documentation about PAM, however it's worth a read. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED]GnuPG: pub 1024D/F0D7313C sub 2048g/6

Re: best way to create pop only accounts

AM to authenticate via /etc/passwd, you're just not realize this :-) Check out the (not always easy to read) documentation about PAM, however it's worth a read. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED]GnuPG: pub 1024D/F0D7313C sub 2048g/6

Re: IP accounting per user

he lids patch), it took less than > two minutes to correct this by hand. > i don't think, that there are too much more changes for the 2.4.17. Has it become SMP safe for 2.4 kernels? It never was for 2.2... MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTE

Re: IP accounting per user

he lids patch), it took less than > two minutes to correct this by hand. > i don't think, that there are too much more changes for the 2.4.17. Has it become SMP safe for 2.4 kernels? It never was for 2.2... MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTE

Re: Security on debian

, second you should change .htm to .html and third this document is completely obsoleted as Javier Fernandez has incorporated it into an official Debian Document Project Paper on www.debian.org/doc, which should be used as reference. :) MfG/Regards, Alexander -- Alexander Reelsen http://joker.rh

Re: Security on debian

, second you should change .htm to .html and third this document is completely obsoleted as Javier Fernandez has incorporated it into an official Debian Document Project Paper on www.debian.org/doc, which should be used as reference. :) MfG/Regards, Alexander -- Alexander Reelsen http://joker.rh

Re: Listening Ports

On Mon, Sep 10, 2001 at 02:14:56PM +0200, Bernhard R. Link wrote: > On Mon, 10 Sep 2001, Alexander Reelsen wrote: > > First binding then firewalling is a bad idea, someone might be able to > > access that service via spoofing or other dirty tricks... > I do not know very much i

Re: Listening Ports

On Mon, Sep 10, 2001 at 02:14:56PM +0200, Bernhard R. Link wrote: > On Mon, 10 Sep 2001, Alexander Reelsen wrote: > > First binding then firewalling is a bad idea, someone might be able to > > access that service via spoofing or other dirty tricks... > I do not know very much i

Re: Listening Ports

g is a bad idea, someone might be able to access that service via spoofing or other dirty tricks... MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB [EMAIL PROTECTED]7D44 F4E3 1993 FDDF 552E 7C88 EE9C

Re: Listening Ports

ad idea, someone might be able to access that service via spoofing or other dirty tricks... MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB [EMAIL PROTECTED]7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7

Re: Daemon init scripts and apt-get [was: Re: red worm amusement]

st in IRIX-style chkconfig, I can probably throw > > something together from the scripts and docs I have lying around > I would be interested. :) You might want to check file-rc or rcconf as well... MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED]

Re: Daemon init scripts and apt-get [was: Re: red worm amusement]

t; > If there is an interest in IRIX-style chkconfig, I can probably throw > > something together from the scripts and docs I have lying around > I would be interested. :) You might want to check file-rc or rcconf as well... MfG/Regards, Alexander -- Alexander Reelsen http://joker.

Re: CGI Buffer Overflow?

ng whitehouse.gov and infecting other hosts). Check bugtraq/securityfocus for more. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB [EMAIL PROTECTED]7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D

Re: CGI Buffer Overflow?

ng whitehouse.gov and infecting other hosts). Check bugtraq/securityfocus for more. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB [EMAIL PROTECTED]7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D

Re: Exploit - what to do

is just to upgrade your kernel. But as your box sounds compromised, reinstall it along with a kernel. If you're using linux 2.2.19 please post some more information. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 20

Re: Exploit - what to do

is just to upgrade your kernel. But as your box sounds compromised, reinstall it along with a kernel. If you're using linux 2.2.19 please post some more information. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 20

Re: was I cracked? (rpc.statd, new version)

abase itself (perhaps with an external key). > Is something like this possible or is it planned? apt-get install debsums MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB [EMAIL PROTECTED] 7D44 F4E3

Re: was I cracked? (rpc.statd, new version)

abase itself (perhaps with an external key). > Is something like this possible or is it planned? apt-get install debsums MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB [EMAIL PROTECTED] 7D44 F4E3

Applications using Linux capabilities

ad or whatever (huge "huh?" here from my side). So if anyone has a application to add to this list, please tell me so. Incredibly long list of apps: - proftpd - xntp3 w/patch (just keeps CAP_SYS_TIME, drops uid 0) MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMA

Applications using Linux capabilities

ad or whatever (huge "huh?" here from my side). So if anyone has a application to add to this list, please tell me so. Incredibly long list of apps: - proftpd - xntp3 w/patch (just keeps CAP_SYS_TIME, drops uid 0) MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMA

Re: Network security

filter, the issue is explained there in a long, good and clear fashion... MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB [EMAIL PROTECTED] 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C Securing Debi

Re: Network security

filter, the issue is explained there in a long, good and clear fashion... MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB [EMAIL PROTECTED] 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C Secu

Re: howto check the integrity of installed packets

easy to change, but perhaps it's a start if you monitor the md5sums files as well, or mark them readonly with LIDS, whatever... MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB [EMAIL PROTECTED]

Re: howto check the integrity of installed packets

easy to change, but perhaps it's a start if you monitor the md5sums files as well, or mark them readonly with LIDS, whatever... MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB [EMAIL PROTECTED]

Re: Updating the Securing HOWTO

paragraph about netfilter/iptables as well. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB [EMAIL PROTECTED] 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C Securing Debian:http://joker.rhwd.de/doc/Securing-Debian-HOWTO

Re: Updating the Securing HOWTO

ll paragraph about netfilter/iptables as well. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB [EMAIL PROTECTED] 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C Securing Debian:http://jo

Re: Encrypted file transfer

to use a small perl client/server modell with Crypt::CBC and IDEA... You could also wrap your ftpd into SSL or use a httpsd. There are dozens of possibilites... MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB

Re: Encrypted file transfer

ld be to use a small perl client/server modell with Crypt::CBC and IDEA... You could also wrap your ftpd into SSL or use a httpsd. There are dozens of possibilites... MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED] GnuPG: pub 1024D/F0D7313C sub 2048g/6A

Re: sunrpc

#x27;lsof -i' or 'fuser -n tcp 111' will tell you, it is the portmapper, which is listening on that port (/sbin/portmap) usually. If you don't use NFS you can turn it off without problems. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED]

Re: sunrpc

#x27;lsof -i' or 'fuser -n tcp 111' will tell you, it is the portmapper, which is listening on that port (/sbin/portmap) usually. If you don't use NFS you can turn it off without problems. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de [EMAIL PROTECTED]

Securing Debian HOWTO - Now in SGML

ys. Oh, and if someone volunteers to write a paragraph about dpkg-statoverrides, I would not be the only one to be grateful I guess ;) I don't have a working woody station at the moment so I am not able to write something about it. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd

Securing Debian HOWTO - Now in SGML

ys. Oh, and if someone volunteers to write a paragraph about dpkg-statoverrides, I would not be the only one to be grateful I guess ;) I don't have a working woody station at the moment so I am not able to write something about it. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd

Re: Debian Security-HOWTO

Hi On Thu, Nov 30, 2000 at 01:55:33PM -0500, Jacob Kuntz wrote: > > I do not know if other developers are aware, but there is > > a nice Security HOWTO available in > > http://joker.rhwd.de/doc/Securing-Debian-HOWTO and made by > > Alexander Reelsen (which I am sendi

Re: Debian Security-HOWTO

Hi On Thu, Nov 30, 2000 at 01:55:33PM -0500, Jacob Kuntz wrote: > > I do not know if other developers are aware, but there is > > a nice Security HOWTO available in > > http://joker.rhwd.de/doc/Securing-Debian-HOWTO and made by > > Alexander Reelsen (which I am sendi