edgar wrote:
> A few days ago there were some problems on the server. we couldn't ssh
> to it, the network card was in promiscous mode (it seems it was
> attacked). Could it be that somone cracked it?
Sounds like it. And considering they managed to set promisc, sounds like
they got root.
> The l
Riku Valli wrote:
Yes, security-fixed libraries is problem, most people don't restart
daemons which depend changed libraries.
So i recommed when that happens in DSA or package is lsof |grep DEL|more
reminder at least.
There is a script in debian-goodies (at least on sarge) called
checkrestart as
On Thu, 2003-11-27 at 07:59, Haim Ashkenazi wrote:
> ...
> ov 26 22:26:16 ns-ilweb1 init: Switching to runlevel: 6
> Nov 26 22:26:19 ns-ilweb1 qmail: 1069878379.427182 status: exiting
> Nov 26 22:26:20 ns-ilweb1 ntpd[32551]: ntpd exiting on signal 15
> Nov 26 22:26:22 ns-ilweb1 exiting on signal 1
On Thu, 2003-11-27 at 06:42, [EMAIL PROTECTED] wrote:
> Hi. Does the attack on the servers and the work that has to be done related
> to
> the attack, slow down the development of Sarge very much?
Certainly by at least a week. After all, we are without the testing
scripts running for a week now.
On Thu, 2003-11-27 at 07:59, Haim Ashkenazi wrote:
> ...
> ov 26 22:26:16 ns-ilweb1 init: Switching to runlevel: 6
> Nov 26 22:26:19 ns-ilweb1 qmail: 1069878379.427182 status: exiting
> Nov 26 22:26:20 ns-ilweb1 ntpd[32551]: ntpd exiting on signal 15
> Nov 26 22:26:22 ns-ilweb1 exiting on signal 1
On Thu, 2003-11-27 at 06:42, [EMAIL PROTECTED] wrote:
> Hi. Does the attack on the servers and the work that has to be done related to
> the attack, slow down the development of Sarge very much?
Certainly by at least a week. After all, we are without the testing
scripts running for a week now. An
On Nov 26, 2003, at 15:34, Matt Zimmerman wrote:
None of those packages are new; they are all from
security.debian.org and correspnod to security advisories released
since
3.0r1.
Really? There were 13 or so things on 3.0r2 that my machines never
picked up from security.debian.org. Don't stable re
On Nov 26, 2003, at 15:34, Matt Zimmerman wrote:
None of those packages are new; they are all from
security.debian.org and correspnod to security advisories released
since
3.0r1.
Really? There were 13 or so things on 3.0r2 that my machines never
picked up from security.debian.org. Don't sta
On Nov 25, 2003, at 17:16, Dan Jacobson wrote:
With the mailing lists affected, what would average user me do to
learn the latest on the situation,
irc.debian.org #debian
On Nov 25, 2003, at 17:16, Dan Jacobson wrote:
With the mailing lists affected, what would average user me do to
learn the latest on the situation,
irc.debian.org #debian
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Thursday, Aug 29, 2002, at 09:34 US/Eastern, Nathan E Norman wrote:
This is why all ISPs should apply filters at their ingress/egress
points. Unfortunately, many do not.
While I don't want to start a flame war here, as all discussions of
this topic seem to become, I'd just like to point
You could set up a pseudo-package that provides it, unless its a
versioned dependency (haven't checked).
There is a package for doing that (setting up those
pseudo-packages) but I don't remember the name. Sorry :-(
On Sun, 2002-08-11 at 23:23, Andres Salomon wrote:
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=155529&repeatmerged=yes
Thank you!
signature.asc
Description: This is a digitally signed message part
http://online.securityfocus.com/archive/1/286087/2002-07-30/2002-08-05/0
I haven't seen anything about this from Debian. They site "GNU libc
2.2.5" as being vulnerbale, and that is the version of libc6 on my
system.
The last vulnerability fix I see in the changelog is the resolver one.
signatur
On Wed, 2002-06-26 at 14:59, Lupe Christoph wrote:
> I've spent several hours updating left and right, and now this?
> How shall I justify this to my client? I can't really charge for
> falling for Theo. Seems I took a firm stand and bent over for him.
See Wichert's message: <[EMAIL PROTECTED]>
On Tuesday, June 25, 2002, at 12:00 , Paul Baker wrote:
Does anyone know if the openssh exploit that 3.3 is supposed to
not fix, but do damage control for, is it still exploitable if
you have set your /etc/hosts.deny to deny all hosts, and then
/etc/hosts.allow to only allow from trusted ips.
On Tuesday, June 25, 2002, at 12:39 , Paul Baker wrote:
but potentially maybe someone could craft a malicious packet
that appears to come from one of the trusted ips??
SSH uses TCP, not UDP. In order for the kernel to pass any data
to OpenSSH, the following must happen:
REMOTE send
$VENDOR says it's broken
$VENDOR won't provide details
$VENDOR says upgrade two minor releases
$VENDOR says upgrading doesn't actually fix the problem
$VENDOR says upgrading will break things
Woody security update comes out before potato one.
That makes for the weirdest DSA I can remember.
PS: W
On Sunday, June 23, 2002, at 05:21 , Matthew Sackman wrote:
If I've missed something obvious, please shout at me ;-)
Only problem is that a Snort that has reached its second
birthday may not be happy with the new definitions.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of
On Sunday, June 23, 2002, at 01:29 , Peter Cordes wrote:
Still, is anybody working on adding rsync support to apt?
That would, CPU-wise, kill the server. Last I checked (and
please correct me if the Samba folks have managed the
impossible), having hundreds of concurrent rsyncs running is no
On Sat, 2002-06-22 at 21:08, Brendan Hack wrote:
> I've had this problem before with apache spontaneously seg faulting when
> trying to execute it. I know we all hate killing the uptime but if I
> rebooted it would solve the problem.
Maybe it ran out of sysv shared memory? You can use ipcs to ch
> And if so, what could make chkproc think, seeing something what is
> probably not there? Perhaps some kind of runtime failure in the C code?
Well, remember that you're running on a pre-emptivly scheduled system.
Processes can be created and destroyed during that code's running.
Although you did
On Fri, 2002-04-26 at 20:27, martin f krafft wrote:
> never say impossible.
Quite. Way too many people will click continue to all the "this
certificate is not certified by anyone trusted" and "this certificate
certifies a different site" warnings.
Most people would click continue if their browse
On Fri, 2002-04-26 at 20:27, martin f krafft wrote:
> never say impossible.
Quite. Way too many people will click continue to all the "this
certificate is not certified by anyone trusted" and "this certificate
certifies a different site" warnings.
Most people would click continue if their brows
On Tuesday, February 19, 2002, at 09:05 AM, Davy Gigan wrote:
I would also notify another
evident thing : due to the fact i'm running two syslog-ng servers
on my machine, the configure script killed all of them => normal.
No that is normal. The scripts should be using pid files. To
quote po
On Tuesday, February 19, 2002, at 09:05 AM, Davy Gigan wrote:
> I would also notify another
> evident thing : due to the fact i'm running two syslog-ng servers
> on my machine, the configure script killed all of them => normal.
No that is normal. The scripts should be using pid files. To
quot
On Wed, 2002-02-13 at 20:37, Jeff Bonner wrote:
> I have not, knock on wood, had a box compromised in
> any way, so I have no practical experience in that regard. Whether
> that's the result of my security efforts, or just pure luck, who knows.
I've had to deal with boxes built and maintained by
On Wed, 2002-02-13 at 20:37, Jeff Bonner wrote:
> I have not, knock on wood, had a box compromised in
> any way, so I have no practical experience in that regard. Whether
> that's the result of my security efforts, or just pure luck, who knows.
I've had to deal with boxes built and maintained b
On Monday, February 11, 2002, at 02:54 PM, Jeff Bonner wrote:
But if the machine is restarted, those changes either do not persist
(same kernel) or are quite obvious (modified kernel overwrites the old
one, etc). On the other hand, having a hostile module inserted
into the
kernel not only al
On Monday, February 11, 2002, at 02:54 PM, Jeff Bonner wrote:
>
> But if the machine is restarted, those changes either do not persist
> (same kernel) or are quite obvious (modified kernel overwrites the old
> one, etc). On the other hand, having a hostile module inserted
> into the
> kernel n
On Saturday, February 9, 2002, at 01:47 PM, Jeff Bonner wrote:
One of the things I did with my firewall was compile all the needed
modules into the kernel, so that no additional modules can be loaded --
which is one way a hacker can install things.
If you have root, you can just write to kern
On Saturday, January 12, 2002, at 02:46 PM, Hubert Chan wrote:
I think that if you boot into single mode (e.g. type "linux single" at
the LILO prompt), you'll drop into whatever shell is defined for root.
More importantly, will it break if, e.g., fsck fails and drops
you into single-user mod
On Saturday, January 12, 2002, at 02:46 PM, Hubert Chan wrote:
>
> I think that if you boot into single mode (e.g. type "linux single" at
> the LILO prompt), you'll drop into whatever shell is defined for root.
More importantly, will it break if, e.g., fsck fails and drops
you into single-user
On Sunday, January 6, 2002, at 04:00 , Pavel Minev Penev wrote:
There are about 3304 proceses with sequential PIDs and names of
"[loop7 ]", and are all zombies.
Are you calling fork in your code? Are you calling waitpid or friends?
Who's children are those? (try ps fxa)
On Sunday, January 6, 2002, at 04:00 , Pavel Minev Penev wrote:
> There are about 3304 proceses with sequential PIDs and names of
> "[loop7 ]", and are all zombies.
Are you calling fork in your code? Are you calling waitpid or friends?
Who's children are those? (try ps fxa)
--
To UNSUBSCRIB
On Tuesday, December 25, 2001, at 08:34 , Alvin Oga wrote:
On Mon, 24 Dec 2001, Anthony DeRobertis wrote:
making the disks readonly is not trivial ...
lots of work to make it readonly.. a fun project ...
Not really. Nothing should write anywhere except /var and /tmp
(did I miss any
On Tuesday, December 25, 2001, at 08:34 , Alvin Oga wrote:
>
>
> On Mon, 24 Dec 2001, Anthony DeRobertis wrote:
>
>>> making the disks readonly is not trivial ...
>>> lots of work to make it readonly.. a fun project ...
>>
>> Not really. Nothing
It doesn't need to spawn a new shell to allow root access. It
can just load the a properly-linked shell into memory (not
calling execve), then jump to main.
Or it can not use a shell at all. Shells aren't special in any way.
True, shells aren't special. But if someone tries to smash the stack,
>> It doesn't need to spawn a new shell to allow root access. It
>> can just load the a properly-linked shell into memory (not
>> calling execve), then jump to main.
>>
>> Or it can not use a shell at all. Shells aren't special in any way.
>
> True, shells aren't special. But if someone tries to
On Monday, December 24, 2001, at 10:52 , Gary MacDougall wrote:
Someone said that St. Jude was what I was looking for, and I think
its pretty much *exactly* what I was pointing out.
Can't, in general, stop an attack. All the attacker has to do is
not do unusual calls which jude monitors, whi
making the disks readonly is not trivial ...
lots of work to make it readonly.. a fun project ...
Not really. Nothing should write anywhere except /var and /tmp
(did I miss any). Also, if you have users, then /home.
In particular, if it is in $PATH, make it read-only. Many root
kits trojan
On Monday, December 24, 2001, at 10:52 , Gary MacDougall wrote:
> Someone said that St. Jude was what I was looking for, and I think
> its pretty much *exactly* what I was pointing out.
Can't, in general, stop an attack. All the attacker has to do is
not do unusual calls which jude monitors, w
> making the disks readonly is not trivial ...
> lots of work to make it readonly.. a fun project ...
Not really. Nothing should write anywhere except /var and /tmp
(did I miss any). Also, if you have users, then /home.
In particular, if it is in $PATH, make it read-only. Many root
kits troja
On Saturday, December 22, 2001, at 07:22 , System Administrator wrote:
The assembly statement "jsr" (jump to subroutine) puts the
return address
on the same stack, where space for local variables is reserved.
Local variables, parameters, temporaries, etc. Yes, it's all the
same stack on ev
On Friday, December 21, 2001, at 03:25 , Gary MacDougall wrote:
Wouldn't it be nice to be able to run the kernel in "secure mode"?
I'm curious to know if we could limit the amount of "root exploits"
by this method, it would REALLY harden up security on a
Linux box... anyone have any opinions on
On Saturday, December 22, 2001, at 07:22 , System Administrator wrote:
> The assembly statement "jsr" (jump to subroutine) puts the
> return address
> on the same stack, where space for local variables is reserved.
>
Local variables, parameters, temporaries, etc. Yes, it's all the
same stack
On Friday, December 21, 2001, at 03:25 , Gary MacDougall wrote:
> Wouldn't it be nice to be able to run the kernel in "secure mode"?
> I'm curious to know if we could limit the amount of "root exploits"
> by this method, it would REALLY harden up security on a
> Linux box... anyone have any opin
On Thursday, November 8, 2001, at 06:07 , martin f krafft wrote:
* Bryan Andersen <[EMAIL PROTECTED]> [2001.11.06 05:23:05-0600]:
Another possibility would be to have them replace the hubs with
switches, this assumes you are using twisted pair, not thin net
or thick net.
which is not secure
On Thursday, November 8, 2001, at 08:08 , Wichert Akkerman wrote:
Previously Ethan Benson wrote:
sorry i don't leave known security holes wide open on my boxes. only
an idiot does that.
If you think your box does not have currently unknown holes you are
naive :)
Unless its unplugged. But
On Thursday, November 8, 2001, at 06:07 , martin f krafft wrote:
> * Bryan Andersen <[EMAIL PROTECTED]> [2001.11.06 05:23:05-0600]:
>> Another possibility would be to have them replace the hubs with
>> switches, this assumes you are using twisted pair, not thin net
>> or thick net.
>
> which is
On Thursday, November 8, 2001, at 08:08 , Wichert Akkerman wrote:
> Previously Ethan Benson wrote:
>> sorry i don't leave known security holes wide open on my boxes. only
>> an idiot does that.
>
> If you think your box does not have currently unknown holes you are
> naive :)
>
Unless its unpl
Can we subscribe him, WITHOUT posting priveleges, to every list debian
hosts? And then linux-kernel as well? After that, spam-l and a news-to-mail
of nanae?
Please?
Can we subscribe him, WITHOUT posting priveleges, to every list debian
hosts? And then linux-kernel as well? After that, spam-l and a news-to-mail
of nanae?
Please?
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
53 matches
Mail list logo
