Re: Remote Root In Nvidia xserver Driver

2006-10-19 Thread Uwe Hermann
://nouveau.freedesktop.org/wiki/ and contribute if you can! Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unmaintained-free-software.org signature.asc Description: Digital signature

Updated firewall script.

2006-06-04 Thread Uwe Hermann
Hi, here's a heavily updated firewall script. I have incorporated many of the suggestions and ideas from the lists (especially debian-firewall). Any further comments and improvement-suggestions are still very welcome! Cheers, Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it

Re: Request for comments: iptables script for use on laptops.

2006-05-26 Thread Uwe Hermann
for authentication on untrusted networks. (Though they are useful as one layer of security, to mitigate the risk of vulnerabilities in the encryption routines.) Full ACK. It's one additional layer of security, but should never be relied upon alone. Uwe. -- Uwe Hermann http://www.hermann-uwe.de http

Re: Request for comments: iptables script for use on laptops.

2006-05-26 Thread Uwe Hermann
, but the one from George Hein (which I was referring to) does not have that line. Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unmaintained-free-software.org signature.asc Description: Digital

Re: Request for comments: iptables script for use on laptops.

2006-05-26 Thread Uwe Hermann
Hi, On Tue, May 23, 2006 at 07:29:44PM +0400, Konstantin Khomoutov wrote: On Tue, May 23, 2006 at 04:36:31PM +0200, Uwe Hermann wrote: useless. Did I miss anything? Kernel shoots any packet it considers as being martian -- e.g. packets from 127.0.0.0/8 cannot appear on any interface

Re: Request for comments: iptables script for use on laptops.

2006-05-26 Thread Uwe Hermann
not a complete now we're 100% safe method, but it helps prevent _some_ problems. Cheers, Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unmaintained-free-software.org signature.asc Description: Digital

Re: Request for comments: iptables script for use on laptops.

2006-05-23 Thread Uwe Hermann
be better in certain situations? For me /etc/sysctl.conf is not so nice, as I want to be able to download my own script from my website when I'm at other machines which I want to secure. Thus, I'd like to have everything in one single script (vs. multiple files). Uwe. -- Uwe Hermann http

Re: Request for comments: iptables script for use on laptops.

2006-05-23 Thread Uwe Hermann
a server which needs to be reachable from the Internet? Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unmaintained-free-software.org signature.asc Description: Digital signature

Re: How to prevent daemons from ever being started?

2006-05-23 Thread Uwe Hermann
policy-rc.d, please read /usr/share/doc/sysv-rcREADME.policy-rc.d.gz for more information. I believe all the mechanisms dissuggested in this thread are already there. Yes, policy-rc.d indeed looks like it does what I want, thanks! Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it

Re: How to prevent daemons from ever being started?

2006-05-23 Thread Uwe Hermann
. Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unmaintained-free-software.org signature.asc Description: Digital signature

Re: Request for comments: iptables script for use on laptops.

2006-05-23 Thread Uwe Hermann
outside, the firewall will block any traffic to it, and hence any exploit attempts. There are many other valid examples. It's not the concept of a firewall that is flawed, it's relying on IP addresses for authentication which is a bad idea. Uwe. -- Uwe Hermann http://www.hermann-uwe.de http

Request for comments: iptables script for use on laptops.

2006-05-21 Thread Uwe Hermann
Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unmaintained-free-software.org #!/bin/sh #-- # File: fw_laptop # Author: Uwe Hermann

How to prevent daemons from ever being started?

2006-05-15 Thread Uwe Hermann
whatever packages I newly install. That's tedious and error-prone. How would you go about ensuring that _no daemon at all_ is ever started on your system, except when you explicitly type etc/init.d/foobar start? Uwe. -- Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http

Re: Hacked too?

2002-01-11 Thread Uwe Hermann
Hi Ed, On Fri, Jan 11, 2002 at 05:46:58PM -0500, Ed Street wrote: I have run chkrootkit and get Anyone have a d/l site for the deb package of this? apt-get install chkrootkit Uwe. -- Uwe Hermann [EMAIL PROTECTED] [EMAIL PROTECTED] | Unmaintained Free Software: http://www.hermann

Re: Hacked too?

2002-01-11 Thread Uwe Hermann
Hi Ed, On Fri, Jan 11, 2002 at 05:46:58PM -0500, Ed Street wrote: I have run chkrootkit and get Anyone have a d/l site for the deb package of this? apt-get install chkrootkit Uwe. -- Uwe Hermann [EMAIL PROTECTED] [EMAIL PROTECTED] | Unmaintained Free Software: http://www.hermann