On Sat, Oct 12, 2002 at 02:03:42PM +0200, repasi.tibor wrote:
Oct 11 23:53:09 panda named[15451]: No root nameservers for class IN
This is odd. Is /etc/bind/named.root configured correctly? It may be
that named.conf isn't pointing to the right named.root file since you're
running in a chroot.
On Sat, Oct 12, 2002 at 02:03:42PM +0200, repasi.tibor wrote:
Oct 11 23:53:09 panda named[15451]: No root nameservers for class IN
This is odd. Is /etc/bind/named.root configured correctly? It may be
that named.conf isn't pointing to the right named.root file since you're
running in a chroot.
On Wed, Oct 09, 2002 at 05:37:38PM -0400, Chris Caldwell wrote:
My understanding is that the law restricts U.S. citizens from
exporting certain types of cryptographic software. As a non-US
national, I believe you have a moral responsibility to thumb your
nose at US law.
At this point, the US
On Wed, Oct 09, 2002 at 10:21:31PM +0200, Alberto Cort?s wrote:
In other words, is http://security.debian.org/ located outside the
US?.
Where have you been for the past year? Cryptographic software is legal
to export from US Debian mirrors and has been integrated into the main
archive. The
On Wed, Oct 09, 2002 at 05:37:38PM -0400, Chris Caldwell wrote:
My understanding is that the law restricts U.S. citizens from
exporting certain types of cryptographic software. As a non-US
national, I believe you have a moral responsibility to thumb your
nose at US law.
At this point, the US
On Wed, Oct 02, 2002 at 08:09:33PM +0200, WebMaster wrote:
In March 1997, I offered $500 to the first person to publish a
verifiable security hole in the latest version of qmail...
My offer still stands. Nobody has found any security holes in qmail.
snip
it s because we can read on
On Tue, Sep 24, 2002 at 06:36:10AM -0400, Rishi L Khan wrote:
Are you sure that they portscanned you and not someone faking that IP?
There'd have to be one *seriously* misconfigured router out there to
allow such a thing to work. Otherwise, they'd never get the results of
their portscan back.
On Tue, Sep 24, 2002 at 06:36:10AM -0400, Rishi L Khan wrote:
Are you sure that they portscanned you and not someone faking that IP?
There'd have to be one *seriously* misconfigured router out there to
allow such a thing to work. Otherwise, they'd never get the results of
their portscan back.
On Wed, Sep 18, 2002 at 10:55:24AM +1000, Jeroen de Leeuw den Bouter wrote:
After updating libssl09 to the latest stable (0.9.4-6.woody.2) version.
And running the openssl-sslv2-master script from
(http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php)
The test program is being
On Wed, Sep 18, 2002 at 10:55:24AM +1000, Jeroen de Leeuw den Bouter wrote:
After updating libssl09 to the latest stable (0.9.4-6.woody.2) version.
And running the openssl-sslv2-master script from
(http://cert.uni-stuttgart.de/advisories/openssl-sslv2-master.php)
The test program is being
On Sun, Sep 15, 2002 at 12:42:04PM +0100, John Winters wrote:
Can anyone clarify this please? Have the relevant fixes from openssl
0.9.6e been back-ported into openssl-0.9.6c-0.potato.2?
The problem is that potato has more than one version of openssl. The
security team had to package OpenSSL
On Sat, Sep 14, 2002 at 07:24:06PM +0200, Michael Renzmann wrote:
One thing that makes me wonder: after I wrote my first few lines about
the attack on the rlx blade server that we experienced, someone gave a
correct hint to the worm (describing it with some of its actions), and
also
On Sat, Sep 14, 2002 at 07:46:03PM +0200, Guille -bisho- wrote:
I have seen two Debian machines exploited with the -d version of
openssl, denoted by the the files:
/tmp/.bugtraq.c /tmp/.uubugtraq
That's not surprising. OpenSSL 0.9.6d is vulnerable. However, in woody
we have
On Sat, Sep 14, 2002 at 08:00:15PM +0200, Guille -bisho- wrote:
In 3 dias, about 1500 diferent IP address tried to contact my machine at
UDP port 2002. Fortunally i have iptables configured.
That's interesting. I haven't seen any traffic to udp port 2002 in the
past couple of days at all.
On Sat, Sep 14, 2002 at 08:14:56PM +0200, Michael Renzmann wrote:
Any idea about the outgoing connections to port 80? We noticed that the
bugtraq-process systematically tries to connect to port 80 in an ip
block, and it keeps trying and trying, incrementing the ip addresses by
one per step
On Sun, Aug 11, 2002 at 05:40:15PM +0200, Jens Hafner wrote:
directly connected to the Internet (e.g. by a dialup connection). Things
start to break as soon as I connect the laptop to my private network
(192.168.0.0/24) whose default gateway is a debian (woody, kernel
2.2.19) box. I configured
On Mon, Aug 05, 2002 at 07:40:36PM +0300, Halil Demirezen wrote:
Where can i find a code that tests a vulnerable OpenSSH trojaned server.
Or if i should write the code, What is this trojan server's
specifications?
Remember that the trojan only exists during the build process. The ssh
server
On Mon, Aug 05, 2002 at 01:06:03PM -0500, Daniel Rychlik wrote:
In pgp, how do I upload my public key to a key server? Ive read the
documentation on it and I cannot seem to find a way to do it.
--send-keys [names]
Same as --export but sends the keys to a key?
On Mon, Aug 05, 2002 at 01:19:45PM -0500, Daniel Rychlik wrote:
must have missed that one.
I am sorry for giving an RTFM-style answer. I didn't think anybody was
still using PGP. Is there a specific reason you need it instead of gpg?
pgp can't upload to keyservers on its own. Take a look
an apt-get update apt-get upgrade -dy today brought me new
libpng[23]-Packages from security.debian.org for woody/stable,
but I can't find an advisory for them. What changes were made?
The advisory was DSA 140-1. If it's not on the web site, it will be.
You should subscribe to
On Wed, Jul 24, 2002 at 01:24:51PM -0400, Desai, Jason wrote:
Does anybody know how long Debian will officially be supporting Potato and
providing security updates for it?
We haven't yet announced anything officially. We do want to continue to
support it for a longer time than we supported
On Thu, Jul 25, 2002 at 08:54:17AM +0900, Howland, Curtis wrote:
I can't upgrade, it would require restarting and that would blow my
record on necraft.com
Why would you need to restart? Today I wanted to upgrade a busy server
(busy with apache proftp). I put apache proftp on hold in
On Fri, Jul 19, 2002 at 03:58:18PM +0200, Mathias Palm wrote:
- Can I safely give an SSH key to my backup user without any
passphrase so that it could be automated via cron ?
I'd say, the security is that of your original account then. Say there
are the computers A and B, where
On Mon, Jul 01, 2002 at 09:55:57PM -0700, Rafael wrote:
Assuming the spam came from 213.181.64.226 it would be very easy to reject
it based on the fact that there is no RR in DNS for that IP.
I don't agree with the policy of rejecting mail due to a lack of a
reverse DNS entry. However,
On Tue, Jul 02, 2002 at 03:30:52PM +0100, Tim Haynes wrote:
Given that rfc-ignorant lists *.uk for not having contact info, would you
like to refine that to `shite idea'?
That's in the whois.rfc-ignorant.org blacklist. That's not the list I
was talking about. And it is not rfc-ignorant's
On Mon, Jul 01, 2002 at 03:07:37PM +0200, Olle Hedman wrote:
At 08:25 2002-01-07, Mr.Muyiwa Ige wrote:
[a load of bullshit]
If anyone wonders what that mail was, read here:
http://www.snopes.com/inboxer/scams/nigeria.htm
And forward it to [EMAIL PROTECTED], with full headers intact, of
On Mon, Jul 01, 2002 at 01:24:34PM -0700, Anne Carasik wrote:
However, when I try to launch an xterm, I get either:
can't open DISPLAY
Are you explicitly asking for X11 forwarding on the client's command
line (-X)?
Or the display is set to server:10.0.
That is normal. That's what it should
On Mon, Jul 01, 2002 at 01:48:31PM -0700, Anne Carasik wrote:
So, if I force X11 with the -X (even though my ssh_config on
the client is set to X11Forwarding yes), I get this:
Get what?
You don't have UseLogin set in sshd_config, do you?
noah
--
On Thu, Jun 27, 2002 at 07:35:21PM -0400, Moti Levy wrote:
this line in /etc/apt/sources.list did it for me ...
deb http://security.debian.org testing/updates main contrib non-free
You should probably use 'woody', not 'testing'. After all, testing
doesn't normally get security updates. Once
On Thu, Jun 27, 2002 at 04:55:31PM -0700, Tom Dominico wrote:
When woody goes stable, though, I want to move on to whatever testing
is at that point. That's why I had been using testing in my
sources.list rather than explicitly saying woody; I thought it would
make it easier to stay current.
On Tue, Jun 25, 2002 at 11:58:13PM +0200, James Nord wrote:
In which case you just need a local exploit to go with your remote exploit.
A local exploit that can be run by a non-root user in an empty chroot.
Those are considerably harder to come by than the standard local
exploit. Are any
On Tue, Jun 25, 2002 at 06:01:36PM -0400, Noah L. Meyerhans wrote:
A local exploit that can be run by a non-root user in an empty chroot.
Oh, and I forgot to mention that non-root user does not have write
permissions on the chroot.
There's really not much you can do with such an environment
On Tue, Jun 11, 2002 at 07:20:50PM -0400, Jeff Bonner wrote:
I am certainly not in a position to say which is more secure, but this
reminded me of a flap that arose over a list of vulnerabilities posted
by platform, etc on SecurityFocus:
http://securityfocus.com/vulns/stats.shtml
I'm not
On Mon, Jun 10, 2002 at 12:14:34AM +0100, Karl E. Jorgensen wrote:
Can anybody suggest a suitable forum/mailing list to ask for help on
this?
At one point (a year ago? more?) somebody suggested creating
debian-codereview to provide exactly such a forum. I don't remember who
it was, but they
On Thu, May 23, 2002 at 01:39:25PM -0400, Hubert Chan wrote:
Security patches go into stable first. Sid/unstable is generally
upgraded pretty promptly too. They're working on a system (AFAIK) to
allow security patches to be fast tracked into testing.
Not to be fast tracked in to testing.
On Thu, May 23, 2002 at 01:39:25PM -0400, Hubert Chan wrote:
Security patches go into stable first. Sid/unstable is generally
upgraded pretty promptly too. They're working on a system (AFAIK) to
allow security patches to be fast tracked into testing.
Not to be fast tracked in to testing. To
On Fri, May 17, 2002 at 04:38:24PM -0500, JonesMB wrote:
IIRC, you can also (at least in Debian) add the line 'syncookies=yes' to
/etc/network/options.
after making this change, what service must I restart to make the change
take effect?
None, the changes are in kernel space. Just make
On Fri, May 17, 2002 at 04:38:24PM -0500, JonesMB wrote:
IIRC, you can also (at least in Debian) add the line 'syncookies=yes' to
/etc/network/options.
after making this change, what service must I restart to make the change
take effect?
None, the changes are in kernel space. Just make
On Mon, May 13, 2002 at 06:05:19PM -0300, Eduardo Gargiulo wrote:
Which is the best way to ensure that clients will connect using ssh2
and not ssh1? How can I avoid the use of ssh1?
RTFM. See in particular sshd(8). See in particular the following:
Protocol
Specifies the
On Mon, May 13, 2002 at 06:05:19PM -0300, Eduardo Gargiulo wrote:
Which is the best way to ensure that clients will connect using ssh2
and not ssh1? How can I avoid the use of ssh1?
RTFM. See in particular sshd(8). See in particular the following:
Protocol
Specifies the
On Wed, May 08, 2002 at 03:26:46PM +0200, Robert Millan wrote:
http://sec.greymagic.com/adv/gm001-ns/
It claims to affect 0.9.7+ but on 1.0 all it does
is crashing my browser.
That bug was fixed in the version of mozilla from sid, but *not* woody.
Woody appears vulnerable and had probably
On Tue, Apr 30, 2002 at 03:23:06PM -0600, Erik Andersen wrote:
It is there as part of the installer to make like easier
for those wishing to do things that the installer does not
support by default. It has nothing whatsoever to do with
cramfs or the kernel.
This is what I was thinking at
On Sun, Apr 14, 2002 at 09:51:18AM -0500, David wrote:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
raw0 0 0.0.0.0:1 0.0.0.0:* 7
-
raw0 0
On Sun, Apr 14, 2002 at 09:51:18AM -0500, David wrote:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State
PID/Program name
raw0 0 0.0.0.0:1 0.0.0.0:* 7
-
raw0 0
On Fri, Apr 05, 2002 at 12:13:41PM +0200, Victor Vuillard wrote:
the fswcert tool, which is used to extract private key from
certificate was before in freeswan package. I was not able to find it in
1.95 version of freeswan. Anyone knows why it has been removed ???
Because it's no longer
On Fri, Apr 05, 2002 at 12:13:41PM +0200, Victor Vuillard wrote:
the fswcert tool, which is used to extract private key from
certificate was before in freeswan package. I was not able to find it in
1.95 version of freeswan. Anyone knows why it has been removed ???
Because it's no longer
On Sun, Apr 07, 2002 at 02:53:16PM +0200, Mark Janssen wrote:
Debian usually patches the (security) bug, without going straight to the
new upstream release, but only upgrading the package number
That's only the case with stable. In unstable, there is no reason not
to go straight to the new
On Sun, Apr 07, 2002 at 02:53:16PM +0200, Mark Janssen wrote:
Debian usually patches the (security) bug, without going straight to the
new upstream release, but only upgrading the package number
That's only the case with stable. In unstable, there is no reason not
to go straight to the new
On Fri, Apr 05, 2002 at 04:49:46PM +0200, Juhan Kundla wrote:
Yikes! I guess, you didn't remove inetd that way, right? But how then?
As root:
/etc/init.d/inetd stop
rm /etc/rc?.d/S??inetd
It will not be started again, but the K??inetd links will still be in
place so the next upgrade won't
On Fri, Apr 05, 2002 at 04:49:46PM +0200, Juhan Kundla wrote:
Yikes! I guess, you didn't remove inetd that way, right? But how then?
As root:
/etc/init.d/inetd stop
rm /etc/rc?.d/S??inetd
It will not be started again, but the K??inetd links will still be in
place so the next upgrade won't
On Tue, Apr 02, 2002 at 10:23:21AM -0800, Anne Carasik wrote:
Well, daytime spits out the time of day, time is for NTP,
and I'm not sure what discard is used for.
No, NTP does not use the time port. It uses port 123 (ntp in
/etc/services).
Discard is the network equivalent of /dev/null
On Tue, Apr 02, 2002 at 10:23:21AM -0800, Anne Carasik wrote:
Well, daytime spits out the time of day, time is for NTP,
and I'm not sure what discard is used for.
No, NTP does not use the time port. It uses port 123 (ntp in
/etc/services).
Discard is the network equivalent of /dev/null
The
On Mon, Apr 01, 2002 at 09:35:46AM -0500, Jon McCain wrote:
concern. Users can ssh into my machine but their profiles are fixed to
run a menu of things I allow them to do. Thus they can't get to the $
prompt and thus can't cd to other directories to see what's there. And
even they did,
On Mon, Apr 01, 2002 at 09:35:46AM -0500, Jon McCain wrote:
concern. Users can ssh into my machine but their profiles are fixed to
run a menu of things I allow them to do. Thus they can't get to the $
prompt and thus can't cd to other directories to see what's there. And
even they did,
On Sun, Mar 24, 2002 at 11:44:26AM -0500, Gary MacDougall wrote:
We seriouslly need a US branch of the law-enforcement to deal
with this sort of stuff. I think if more people got prosecuted for
trying to crack into a site, the level of BS would drop to zero.
Sure, but this particular attempt
On Thu, Mar 21, 2002 at 06:12:02PM -0600, Jay Kline wrote:
What seems odd to me is the the yyy IP is originating from such a low port
(3) which means the system is most likely not unix or windows (or at least
not standard apps), unless using some specific application. Anyone know of
one
On Thu, Mar 21, 2002 at 06:12:02PM -0600, Jay Kline wrote:
What seems odd to me is the the yyy IP is originating from such a low port
(3) which means the system is most likely not unix or windows (or at least
not standard apps), unless using some specific application. Anyone know of
one
On Sat, Mar 16, 2002 at 11:43:41PM +0530, Sandip Bhattacharya wrote:
Pardon my ignorance, but I was under the impression that this list is only
about official Security Announcements for Debian(DSA), and not a general
discussion on security. Am I on the wrong list or did I read the list
On Sat, Mar 16, 2002 at 04:57:42PM -0800, Xeno Campanoli wrote:
Has anyone else heard of this SNMP problem? Are we up to date with the
security fixes on stable, etc?
That's ancient history. The fix was released on Feb. 14.
noah
--
___
|
On Sat, Mar 16, 2002 at 11:43:41PM +0530, Sandip Bhattacharya wrote:
Pardon my ignorance, but I was under the impression that this list is only
about official Security Announcements for Debian(DSA), and not a general
discussion on security. Am I on the wrong list or did I read the list
On Sat, Mar 16, 2002 at 04:57:42PM -0800, Xeno Campanoli wrote:
Has anyone else heard of this SNMP problem? Are we up to date with the
security fixes on stable, etc?
That's ancient history. The fix was released on Feb. 14.
noah
--
___
|
On Fri, Mar 15, 2002 at 06:40:45AM -0500, Josh Frick wrote:
I thought class C networks were non-routable.
I think you're confused. First of all I think you're confused as to
what a class C network is, and second of all I think you're confused as
to what networks are non-routable and what it
On Fri, Mar 15, 2002 at 09:09:15PM +0100, Roland Stoll wrote:
i'm wondering what this could be. Is it a known exploit, or just a new
P2P software like gnutella/kaza/etc ?
It is traceroute.
--
___
| Web: http://web.morgul.net/~frodo/
| PGP
On Fri, Mar 15, 2002 at 06:40:45AM -0500, Josh Frick wrote:
I thought class C networks were non-routable.
I think you're confused. First of all I think you're confused as to
what a class C network is, and second of all I think you're confused as
to what networks are non-routable and what it
On Fri, Mar 15, 2002 at 09:09:15PM +0100, Roland Stoll wrote:
i'm wondering what this could be. Is it a known exploit, or just a new
P2P software like gnutella/kaza/etc ?
It is traceroute.
--
___
| Web: http://web.morgul.net/~frodo/
| PGP
On Sat, Mar 09, 2002 at 09:06:09AM +0800, Patrick Hsieh wrote:
I just apt-get update but seems ssh version 3.0.2p1-8 is not in the
non-US archive.
That is to be expected and it is exactly why we tell people not to use
testing if you care about security. It takes some time for a package to
On Wed, Mar 06, 2002 at 10:36:03AM +0100, Francesco P. Lovergine wrote:
potato version is not exploitable (patched with a backported hack many
months ago). See old DSA on www.debian.org.
No, it is still vulnerable. I have confirmed for myself that the fix
applied in the DSA did not
On Wed, Mar 06, 2002 at 06:26:16PM +0100, Francesco P. Lovergine wrote:
glibc has been patched for glob problems too.
There is a not too old thread about the same subject...
I am very well aware of that, however the fixes are clearly not
effective as proftpd is still vulnerable. I have
On Wed, Mar 06, 2002 at 07:43:23PM -0800, Xeno Campanoli wrote:
Say, stable doesn't seem to have 2.2.20 available to it yet, and yet
that's supposed to be the most stable 2.2.* kernel out according to (I
think it was the HOWTO on E-Infomax I read it, but they're down right
now) a howto I was
On Wed, Mar 06, 2002 at 10:36:03AM +0100, Francesco P. Lovergine wrote:
potato version is not exploitable (patched with a backported hack many
months ago). See old DSA on www.debian.org.
No, it is still vulnerable. I have confirmed for myself that the fix
applied in the DSA did not
On Wed, Mar 06, 2002 at 06:26:16PM +0100, Francesco P. Lovergine wrote:
glibc has been patched for glob problems too.
There is a not too old thread about the same subject...
I am very well aware of that, however the fixes are clearly not
effective as proftpd is still vulnerable. I have
On Wed, Mar 06, 2002 at 07:43:23PM -0800, Xeno Campanoli wrote:
Say, stable doesn't seem to have 2.2.20 available to it yet, and yet
that's supposed to be the most stable 2.2.* kernel out according to (I
think it was the HOWTO on E-Infomax I read it, but they're down right
now) a howto I was
On Wed, Feb 27, 2002 at 04:22:31PM +0100, eim wrote:
Are there any tools which are smarter, faster and cleaner
as my combination of log analyze apps. ?
I saw a presentation at the LISA sysadmin conference a couple years ago
about something called SHARP, the syslog heuristic analysis and
On Wed, Feb 27, 2002 at 04:22:31PM +0100, eim wrote:
Are there any tools which are smarter, faster and cleaner
as my combination of log analyze apps. ?
I saw a presentation at the LISA sysadmin conference a couple years ago
about something called SHARP, the syslog heuristic analysis and
On Wed, Jan 23, 2002 at 09:02:05AM +0100, Olsen Gerhard-Just wrote:
Hi I'm investigating the possibility to use Linux box as an IPsec router. I
want to be able to connect win clients to a LAN over the internet using
IPsec. there is a win2k server set up with IPsec. Has any one any experience
On Mon, Jan 21, 2002 at 07:54:03PM +0100, eim wrote:
Why has Debian choosen to let users access root's home ?
Why not? Debian doesn't put any sensitive files there. In fact, it
doesn't put anything notable there at all.
Let me say I chmod 0700 /root, will I encounter any
problems through
On Mon, Jan 21, 2002 at 01:34:31PM -0800, Chris Francy wrote:
There is at least one package in Debian that requires you to put sensitive
information in /root. The mysql server package needs you to have a .my.cnf
in the /root if you want the logs to rotate. The my.cnf contains the clear
On Mon, Jan 21, 2002 at 09:45:50PM +, Tim Haynes wrote:
Is there any reason you can't just chmod 0600 /root/.my.cnf, in that
case? Clearly there are individual files that you don't want
world-readable, but that's true for normal users' home dirs as well.
Why do you want folks to be
On Mon, Jan 21, 2002 at 07:54:03PM +0100, eim wrote:
Why has Debian choosen to let users access root's home ?
Why not? Debian doesn't put any sensitive files there. In fact, it
doesn't put anything notable there at all.
Let me say I chmod 0700 /root, will I encounter any
problems through
On Mon, Jan 21, 2002 at 01:34:31PM -0800, Chris Francy wrote:
There is at least one package in Debian that requires you to put sensitive
information in /root. The mysql server package needs you to have a .my.cnf
in the /root if you want the logs to rotate. The my.cnf contains the clear
On Mon, Jan 21, 2002 at 09:45:50PM +, Tim Haynes wrote:
Is there any reason you can't just chmod 0600 /root/.my.cnf, in that
case? Clearly there are individual files that you don't want
world-readable, but that's true for normal users' home dirs as well.
Why do you want folks to be
On Thu, Jan 17, 2002 at 08:56:01PM +0100, Répási Tibor wrote:
What is /bin/ping6 ??? Is it normal that /bin/ping and /bin/ping6 has setuid
to root?
Ping6 is the IPv6 version of ping.
It is normal that they have setuid turned on. Othwerise, non-root users
can not open the ICMP socket
On Wed, Jan 16, 2002 at 04:58:33PM +0200, Yotam Rubin wrote:
Strangely, ippl is an extremely popular tool. Using ippl is inadvisable, it
provides a false sense of information. ippl is unversatile, the filter
language is too simple to allow complex operations.
I tend to agree with your
On Wed, Jan 16, 2002 at 12:25:34PM -0500, Chris Hilts wrote:
It seems to. The above ports were closed just by commenting them out
of /etc/services and then rebooting.
An init 1, init 3 would have worked as well.
Correct me if I'm wrong here, but why would you comment things out of
On Wed, Jan 16, 2002 at 04:58:33PM +0200, Yotam Rubin wrote:
Strangely, ippl is an extremely popular tool. Using ippl is inadvisable, it
provides a false sense of information. ippl is unversatile, the filter
language is too simple to allow complex operations.
I tend to agree with your
On Wed, Jan 16, 2002 at 12:25:34PM -0500, Chris Hilts wrote:
It seems to. The above ports were closed just by commenting them out
of /etc/services and then rebooting.
An init 1, init 3 would have worked as well.
Correct me if I'm wrong here, but why would you comment things out of
On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
Then there are more exotic stuff. High port UDP attampts,
connection to port 113 etc.
High port UDP stuff is often just traceroutes. 113 is normal, as many
servers will attempt an auth lookup when you access them.
Now the logs
On Tue, Jan 15, 2002 at 03:45:59PM -0600, Jeff Teitel wrote:
mail:# netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign AddressState
udp0 0 *:32768 *:*
What is this, and should I be worried?
Add
On Tue, Jan 15, 2002 at 09:04:07PM +0100, Balazs Javor wrote:
Then there are more exotic stuff. High port UDP attampts,
connection to port 113 etc.
High port UDP stuff is often just traceroutes. 113 is normal, as many
servers will attempt an auth lookup when you access them.
Now the logs
On Mon, Jan 14, 2002 at 01:37:50PM +, Simon Huggins wrote:
So perhaps Debian security is only as good as the package maintainers?
I'm sure most maintainers do care and do investigate bugs I probably
just had a bad experience.
That is the case in unstable and testing, but not stable. That
On Mon, Jan 14, 2002 at 10:31:38AM +0100, Javier Fernández-Sanguino Peña wrote:
I was wondering... could someone write a How to build VPN's in
Debian small documentation for inclusion in the Debian Security HOWTO
(http://www.debian.org/doc/ddp) it could make for a nice chapter in there.
On Mon, Jan 14, 2002 at 07:52:59AM -0700, Stefan Srdic wrote:
I would'nt mind getting involved with the Debian project, even it is just
wriiting docs for the community.
Even if it's *just* writing docs for the community? A lot of people
don't seem to realize it, but that's one of the most
On Mon, Jan 14, 2002 at 01:37:50PM +, Simon Huggins wrote:
So perhaps Debian security is only as good as the package maintainers?
I'm sure most maintainers do care and do investigate bugs I probably
just had a bad experience.
That is the case in unstable and testing, but not stable. That
On Mon, Jan 14, 2002 at 10:31:38AM +0100, Javier Fernández-Sanguino Peña wrote:
I was wondering... could someone write a How to build VPN's in
Debian small documentation for inclusion in the Debian Security HOWTO
(http://www.debian.org/doc/ddp) it could make for a nice chapter in there.
On Mon, Jan 14, 2002 at 07:52:59AM -0700, Stefan Srdic wrote:
I would'nt mind getting involved with the Debian project, even it is just
wriiting docs for the community.
Even if it's *just* writing docs for the community? A lot of people
don't seem to realize it, but that's one of the most
On Fri, Jan 11, 2002 at 05:04:53PM +, Ricardo B wrote:
He can be loaded as a kernel module and then hide all traces of its
presence in the system, by overriding the proper system calls and
/proc info. Isn't there a way to turn module loading off (a way that
can't be chagend back -
On Fri, Jan 11, 2002 at 10:25:03PM +0100, martin f krafft wrote:
i doubt that a kernel module can override the linux kernel filesystem
abstraction layer. but i guess it could be possible.
Oh, it certainly can! knark is a perfect example of a kernel module to
do just this. (knark is
On Fri, Jan 11, 2002 at 05:04:53PM +, Ricardo B wrote:
He can be loaded as a kernel module and then hide all traces of its
presence in the system, by overriding the proper system calls and
/proc info. Isn't there a way to turn module loading off (a way that
can't be chagend back - without
On Fri, Jan 11, 2002 at 10:25:03PM +0100, martin f krafft wrote:
i doubt that a kernel module can override the linux kernel filesystem
abstraction layer. but i guess it could be possible.
Oh, it certainly can! knark is a perfect example of a kernel module to
do just this. (knark is
On Mon, Jan 07, 2002 at 05:38:07PM -0500, David B Harris wrote:
I'm pretty new to the list. Is this sort of question generally the type
that's discussed on this list?
Well, we usually hope that the users do their homework (i.e. RTFM)
before asking questions with such well documented
101 - 200 of 290 matches
Mail list logo