On Thu, 2011-02-24 at 15:31 +, Julien Reveret wrote:
> [snip]
>
> It seems that mandriva already released an update for avahi :
>
> http://lists.grok.org.uk/pipermail/full-disclosure/2011-February/079525.html
>
> I guess you're facing the same issue.
0.6.28-4 has been accepted to unstable
> Package: avahi-daemon
> Version: 0.6.27-2
> Tags: security
> Severity: critical
> Justification: Introduces possible denial-of-service scenario.
>
> Hi,
>
> when I scan my server from another machine on the network using nmap, I
> get this:
[snip]
It seems tha
achine on the network using nmap, I
> get this:
>
> # nmap -sU -p5353 192.168.2.2
>
> Starting Nmap 5.00 ( http://nmap.org ) at 2011-02-23 13:15 CET
> Interesting ports on 192.168.2.2:
> PORT STATE SERVICE
> 5353/udp open|filtered zeroc
Package: avahi-daemon
Version: 0.6.27-2
Tags: security
Severity: critical
Justification: Introduces possible denial-of-service scenario.
Hi,
when I scan my server from another machine on the network using nmap, I
get this:
# nmap -sU -p5353 192.168.2.2
Starting Nmap 5.00 ( http
Am Friday, den 7 December hub Martín Peluso folgendes in die Tasten:
Hi!
> Two days ago one of my machines started to receive several nmap Xmas
> scans from 73.23.32.79. Later, in another machine which is running under
> Debian etch, Firestarter showed me four outcoming connectio
Hello everybody
Two days ago one of my machines started to receive several nmap Xmas
scans from 73.23.32.79. Later, in another machine which is running under
Debian etch, Firestarter showed me four outcoming connections to the
same ip address with destination ports 80, 44285, 41182 and 43275
You got it Tibor !!!
I applied the command Andreas gave to me and tomcat55 listens on 8180.
However, it does not resolve my firewall problem. I will explore
differents ways that have been proposed to me.
Thank to all of you,
I will inform you on the state of things,
Joan
L
Joan Hérisson wrote:
Hello,
Config:
- Debian 2.4.18
- iptables with many rules
Problems:
- I have installed a tomcat 5.5 server. The server is unreachable
(connection failed from locahost or another host on my local network).
Hey Joan,
how do You installed tomcat? Because, if installed fro
Hi !
* Manuel García <[EMAIL PROTECTED]> [2007-06-07 10:01]:
> On 6/7/07, Joan Hérisson <[EMAIL PROTECTED]> wrote:
[...snip...]
> > Results:
> > - The server is still unreachable.
> > - When I do nmap localhost, I have port 80 open but not 8080.
> > - Whe
Joan Hérisson wrote:
Chain INPUT (policy DROP 17 packets, 1088 bytes)
pkts bytes target prot opt in out source
destination
164 ACCEPT tcp -- eth0 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:8080
225 18816 bad_tcp_packets tcp --
t
> 8080 -j allowed"
As someone else mentioned, this should probably be -j ACCEPT
> Results:
> - The server is still unreachable.
Are you actually seeing an error that says "unreachable"? That suggests a
routing problem, or a prohibitive firewall rule be
Ok,
thank you for your answers. I will try to sum up mine.
It is true that it is not me who wrote the firewall script and that
I do not understand what all rules do.
I tried different solutions that you proposed but none works, from
localhost, local network or from the internet. The
th1 is the way toward my local network
>
> Results:
> - The server is still unreachable.
> - When I do nmap localhost, I have port 80 open but
> not 8080.
> - When I comment out the line for port 80 in
> firewall-start and I res
0
> --dport
> 8080 -j allowed"
> where eth1 is the way toward my local network
>
> Results:
> - The server is still unreachable.
> - When I do nmap localhost, I have port 80 open but not 8080.
> - W
ard my local network
Results:
- The server is still unreachable.
- When I do nmap localhost, I have port 80 open but not 8080.
- When I comment out the line for port 80 in firewall-start and I
restart firewall, I do nmap localhost, port 80 is still open.
I do not find the link between iptables rules
made by someone else, and
that script is too complicated to understand for anyone else than author.
IMHO it's always better to make your own script that has only the rules you
really need and understand.
> Results:
> - The server is still unreachable.
>
8080 -j
allowed"
where eth1 is the way toward my local network
Results:
- The server is still unreachable.
- When I do nmap localhost, I have port 80 open but not 8080.
- When I comment out the line for port 80 in firewall-start and I restart
firewall, I do nmap localhost, port 80 i
-i eth1 -s 0/0 --dport
8080 -j allowed"
where eth1 is the way toward my local network
Results:
- The server is still unreachable.
- When I do nmap localhost, I have port 80 open but not 8080.
- When I comment out the line for
On Fri, Feb 03, 2006 at 06:33:30PM -0500, Daniel Sterling wrote:
> Adding a firewall will only help things, and it certainly can't hurt.
This is generally true, but an improperly configured firewall can be
worse than no firewall. If it creates new vulnerabilities, or if it is
obtrusive and causes
> The 'filtered' ones are probably filtered by your ISP. I can understand (but
> don't share) why they block port 25 or port 445) but I wonder why a ISP
> would filter out port 80, aren't people allowed to have a web server at home?
I don't know if you remember the CodeRed and Nimba worms that wer
X in Debian by default uses -nolisten tcp, why is it open?
Also, read the XSecurity man page-- just because the port is open does
not mean it is accessible.
However, you should as a rule disable anything that listens to the
internet if you don't need it. You should also, if possible, use
hos
On Fri, Feb 03, 2006 at 11:02:33PM +0100, [EMAIL PROTECTED] wrote:
> Hi,
>
> this is the nmap -sT scan from a friend:
I guess you both are not in the same ISP
>
> > nmap -sT internet_address
>
> Port State Service
> 25/tcp filteredsmtp
> 46
h of you should setup iptables with a minimal set that either
denys certain ports, or better yet, blocks-all and only allows-specified.
[EMAIL PROTECTED] wrote:
Hi,
this is the nmap -sT scan from a friend:
nmap -sT internet_address
Port State Service
25/tcp filte
Hi,
this is the nmap -sT scan from a friend:
> nmap -sT internet_address
Port State Service
25/tcp filteredsmtp
46/tcp openmpm-snd
80/tcp filtered http
119/tcp open nntp
445/tcp filtered microsoft-ds
1080/tcp filtered so
On Mon, Nov 05, 2001 at 10:24:34PM +0100, Philipp Schulte wrote:
>Thats not true. nmap shows "open" ports which means that something is
>listening on them. If I connect from localhost:1024 to
>www.debian.org:80 that does not mean that my port 1024 is open. It
>doesn
On Mon, Nov 05, 2001 at 10:24:34PM +0100, Philipp Schulte wrote:
>Thats not true. nmap shows "open" ports which means that something is
>listening on them. If I connect from localhost:1024 to
>www.debian.org:80 that does not mean that my port 1024 is open. It
>doesn
ort 55234 to 80, or 1025 to 80. Open
> ports above 1024 will appear and disappear regularly as the system is used.
Thats not true. nmap shows "open" ports which means that something is
listening on them. If I connect from localhost:1024 to
www.debian.org:80 that does not mean that my p
ort 55234 to 80, or 1025 to 80. Open
> ports above 1024 will appear and disappear regularly as the system is used.
Thats not true. nmap shows "open" ports which means that something is
listening on them. If I connect from localhost:1024 to
www.debian.org:80 that does not mean that my p
[EMAIL PROTECTED] wrote:
2020opentcpxinupageserver
2020 ???
the port is not the same every time
Ports that are >1024 are assigned dynamically. For instance, suppose
you connect to a remote website. You are connecting to port 80 on the
remot
[EMAIL PROTECTED] wrote:
>2020opentcpxinupageserver
>
>2020 ???
>
>the port is not the same every time
>
Ports that are >1024 are assigned dynamically. For instance, suppose
you connect to a remote website. You are connecting to port 80 on the
et.
so like if that port is always changing perhaps there is traffic on
your network,and the windows applications connect to the internet on
those ports.note them and mail them here :>
Dani,
hackers unsupport.
sli> hi, when I make nmap I read my open ports more one suspect (every time is
sli&g
[EMAIL PROTECTED] writes:
> hi, when I make nmap I read my open ports more one suspect (every
> time is one new port). So I make nmap another time and I read my
> realy open ports without the last.
I saw this, too. That nmap version (at least the one from Potato)
seems to be buggy.
et.
so like if that port is always changing perhaps there is traffic on
your network,and the windows applications connect to the internet on
those ports.note them and mail them here :>
Dani,
hackers unsupport.
sli> hi, when I make nmap I read my open ports more one suspect (every time is
sli&g
[EMAIL PROTECTED] writes:
> hi, when I make nmap I read my open ports more one suspect (every
> time is one new port). So I make nmap another time and I read my
> realy open ports without the last.
I saw this, too. That nmap version (at least the one from Potato)
seems to be buggy.
hi, when I make nmap I read my open ports more one suspect (every time is
one new port). So I make nmap another time and I read my realy open ports
without the last.
?
what is it ?
example:
[EMAIL PROTECTED]:~$ nmap debian
Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED
hi, when I make nmap I read my open ports more one suspect (every time is
one new port). So I make nmap another time and I read my realy open ports
without the last.
?
what is it ?
example:
seba@debian:~$ nmap debian
Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org
Hubert Chan <[EMAIL PROTECTED]> writes:
> > "Olaf" == Olaf Meeuwissen <[EMAIL PROTECTED]> writes:
>
> Olaf> On a really secure box I wouldn't want to have the build
> Olaf> environment needed to do this. Perhaps on another reasonably
> Olaf> secure box where I am the one and only normal user
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Olaf" == Olaf Meeuwissen <[EMAIL PROTECTED]> writes:
Olaf> On a really secure box I wouldn't want to have the build
Olaf> environment needed to do this. Perhaps on another reasonably
Olaf> secure box where I am the one and only normal user, bu
Hubert Chan <[EMAIL PROTECTED]> writes:
> > "Olaf" == Olaf Meeuwissen <[EMAIL PROTECTED]> writes:
>
> Olaf> On a really secure box I wouldn't want to have the build
> Olaf> environment needed to do this. Perhaps on another reasonably
> Olaf> secure box where I am the one and only normal use
to it. Okay, ocassionally a new upgrade (e.g. 2.2r1 to
> > 2.2r2) may fix some serious breakage as well, but that's about it.
>
> Indeed.
>
> > If you want more recent versions of various packages, point yourself at
> > 'testing' or 'unstable'. My nmap
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> "Olaf" == Olaf Meeuwissen <[EMAIL PROTECTED]> writes:
Olaf> On a really secure box I wouldn't want to have the build
Olaf> environment needed to do this. Perhaps on another reasonably
Olaf> secure box where I am the one and only normal user, b
us breakage as well, but that's about it.
Indeed.
> If you want more recent versions of various packages, point yourself at
> 'testing' or 'unstable'. My nmap is 2.54.22.BETA-2 (from testing) which
> beats your 2.53. The preference functionality in apt should let yo
Gregoire Welraeds <[EMAIL PROTECTED]> writes:
> I have recently installed a basic potato on a PII. While playing a little bit
> around a find that the provided nmap was only a 2.12 version. It is a rather
> old version of nmap (I have a 2.53 installed on a SuSE 6.3).
>
&g
On Sun, Jun 17, 2001 at 09:52:50PM +0200, Gregoire Welraeds wrote:
> Hello,
>
> I have recently installed a basic potato on a PII. While playing a little bit
> around a find that the provided nmap was only a 2.12 version. It is a rather
> old version of nmap (I have a 2.53 installe
to it. Okay, ocassionally a new upgrade (e.g. 2.2r1 to
> > 2.2r2) may fix some serious breakage as well, but that's about it.
>
> Indeed.
>
> > If you want more recent versions of various packages, point yourself at
> > 'testing' or 'unstable'. My nmap
Hello,
I have recently installed a basic potato on a PII. While playing a little bit
around a find that the provided nmap was only a 2.12 version. It is a rather
old version of nmap (I have a 2.53 installed on a SuSE 6.3).
Is there any known reason for this choice ?
Grégoire Welraeds
us breakage as well, but that's about it.
Indeed.
> If you want more recent versions of various packages, point yourself at
> 'testing' or 'unstable'. My nmap is 2.54.22.BETA-2 (from testing) which
> beats your 2.53. The preference functionality in apt should let yo
Gregoire Welraeds <[EMAIL PROTECTED]> writes:
> I have recently installed a basic potato on a PII. While playing a little bit
> around a find that the provided nmap was only a 2.12 version. It is a rather
> old version of nmap (I have a 2.53 installed on a SuSE 6.3).
>
&g
On Sun, Jun 17, 2001 at 09:52:50PM +0200, Gregoire Welraeds wrote:
> Hello,
>
> I have recently installed a basic potato on a PII. While playing a little bit
> around a find that the provided nmap was only a 2.12 version. It is a rather
> old version of nmap (I have a 2.53 inst
Hello,
I have recently installed a basic potato on a PII. While playing a little bit
around a find that the provided nmap was only a 2.12 version. It is a rather
old version of nmap (I have a 2.53 installed on a SuSE 6.3).
Is there any known reason for this choice ?
Grégoire Welraeds
on attempts to two ports. This does not constitute
logging stealth-scan attempts from nmap - there are other toys available for
that purpose.
~Tim
- --
| Geek Code: GCS dpu s-:+ a-- C UBLUAVHSC P+++ L++ E--- W+++(--) N++
| w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y-
Wichert Akkerman wrote:
> It does not log portscans
It does log portscans. Give it a try, and you'll see it.
It is also true that fakebo does more than symply logging
the port scans, that is the reason why I like it.
Sergio
Previously Jacob Kuntz wrote:
> although this isn't really the right forum for this, sergio has a point.
> what he's saying is that either fakebo or nmap aren't working as advertised.
fakebo is advertised to `fake' bo servers, and that is exactly what it
does. It doe
Previously Sergio Brandano wrote:
> I noted that fakebo does not report scans promoted using "nmap -sS".
Why should it?
Wichert.
--
/ Generally uninteresting signature - ignore at your convenience \
| [EM
although this isn't really the right forum for this, sergio has a point.
what he's saying is that either fakebo or nmap aren't working as advertised.
sergio, get in touch with the fakebo or nmap authors. it's not really
debian's fault.
Alexander Hvostov ([EMAIL PR
:
>
> --- Forwarded Message
>
> Date: Tue, 04 Apr 2000 11:22:11 +
> From: Sergio Brandano <[EMAIL PROTECTED]>
> Organization: Queen Mary and Westfield College
> To: [EMAIL PROTECTED]
> Subject: fakebo vs nmap -sS
>
> Hi,
>
> I noted that fakebo
--- Forwarded Message
Date: Tue, 04 Apr 2000 11:22:11 +
From: Sergio Brandano <[EMAIL PROTECTED]>
Organization: Queen Mary and Westfield College
To: [EMAIL PROTECTED]
Subject: fakebo vs nmap -sS
Hi,
I noted that fakebo does not report scans promoted using "nmap -sS".
57 matches
Mail list logo