Sorry, Gene. That link is now a petition to abolish the
DMCA! Do you have an alternate link?
On Wed, 11 Dec 2002, Gene wrote:
check out monkey.org/~dugsong for dsniff //gene
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Dennis G. Wicks [EMAIL PROTECTED] writes:
Sorry, Gene. That link is now a petition to abolish the
DMCA! Do you have an alternate link?
Google it. Here is the first result of such a google:
http://naughty.monkey.org/~dugsong/dsniff/faq.html
Gary
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
check out monkey.org/~dugsong for dsniff //gene
Geordie Birch wrote:
said Jason Pepas (on 2002-12-09),
some folks like to sniff passwds... those are some of the ones you
should worry about... ( there are ssh based pwd sniffers too )
ssh based password sniffers? can you provide us with any
said Jason Pepas (on 2002-12-09),
some folks like to sniff passwds... those are some of the ones you
should worry about... ( there are ssh based pwd sniffers too )
ssh based password sniffers? can you provide us with any evidence of this?
don't know about ssh2 but ettercap works great for
said Jeffrey Taylor (on 2002-12-09),
Quoting Alvin Oga [EMAIL PROTECTED]:
cable ... its you and all your neighbors watching/sharing that copper
Can you provide evidence for this? That cable modems run in
promiscuous mode?
Jeffrey
ettercap will sniff switched LANS.
Geordie.
--
* Paul Johnson ([EMAIL PROTECTED]) [021207 21:12]:
On Sat, Dec 07, 2002 at 09:20:08PM +0100, Frank Gevaerts wrote:
What I would do (I don't since I have a dedicated firewall machine) is :
- close all unneeded services
Better yet, not just close, purge them.
- install a firewall that
On Mon, 09 Dec 2002 02:22:34 PST, Vineet Kumar writes:
- install a firewall that just drops any incoming connection from your
cable-connected ethernet interface. (I would recommend using fwbuilder
The security gained with this step is epsilon under Linux if you don't
have services that
some folks like to sniff passwds... those are some of the ones you
should worry about... ( there are ssh based pwd sniffers too )
ssh based password sniffers? can you provide us with any evidence of this?
-jason
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe.
On Sun, Dec 08, 2002 at 08:15:18PM -0800, Paul Johnson wrote:
Actually, according to to the RFCs, ports must respond saying they're
closed or open, not just ignore it. Hosts must be pingable. That's
TCP/IP.
Stealth firewalls are in some cases better. If you DENY a packet, then
the remote
On Mon, Dec 09, 2002 at 08:10:42AM -0600, Jamin W. Collins wrote:
Stealth firewalls are in some cases better. If you DENY a packet, then
the remote end knows that something answered the request, as it got a
denied response back. If you DROP the packet the remote end gets
nothing back.
And
Quoting Alvin Oga [EMAIL PROTECTED]:
cable ... its you and all your neighbors watching/sharing that copper
Can you provide evidence for this? That cable modems run in
promiscuous mode?
Jeffrey
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
On Mon, Dec 09, 2002 at 09:25:51AM -0600, Jeffrey Taylor wrote:
Quoting Alvin Oga [EMAIL PROTECTED]:
cable ... its you and all your neighbors watching/sharing that copper
Can you provide evidence for this? That cable modems run in
promiscuous mode?
When I was using COX cable (Las
hi ya jeffrey
On Mon, 9 Dec 2002, Jeffrey Taylor wrote:
Quoting Alvin Oga [EMAIL PROTECTED]:
cable ... its you and all your neighbors watching/sharing that copper
Can you provide evidence for this? That cable modems run in
promiscuous mode?
run tcpdump see if there are any
At 2002-12-09T15:09:13Z, Paul Johnson [EMAIL PROTECTED] writes:
All you really accomplish is pissing off legitimately misguided users, and
detouring the incompetant cracker that wouldn't get in anyway.
That's not quite true. Older (and newer, misused) port-scanners can get
pretty bogged down
Am Mon, 2002-12-09 um 16.09 schrieb Paul Johnson:
On Mon, Dec 09, 2002 at 08:10:42AM -0600, Jamin W. Collins wrote:
Stealth firewalls are in some cases better. If you DENY a packet, then
the remote end knows that something answered the request, as it got a
denied response back. If you
On Mon, Dec 09, 2002 at 06:00:08PM +0100, Matthias Hentges wrote:
Correct. nmap displays a scanned port as filtered even if you DROP the
packet. If you respong to a ping but DROP all port scans it's clear to
all hackers that you have a packetfilter.
And I can still ping you if you drop ping,
On Mon, Dec 09, 2002 at 10:04:30AM -0600, Jamin W. Collins wrote:
On Mon, Dec 09, 2002 at 09:25:51AM -0600, Jeffrey Taylor wrote:
Quoting Alvin Oga [EMAIL PROTECTED]:
cable ... its you and all your neighbors watching/sharing that copper
Can you provide evidence for this? That
On Sat, Dec 07, 2002 at 09:10:55PM -0800, Paul Johnson wrote:
On Sat, Dec 07, 2002 at 09:20:08PM +0100, Frank Gevaerts wrote:
What I would do (I don't since I have a dedicated firewall machine) is :
- close all unneeded services
Better yet, not just close, purge them.
- install a
On Sat, Dec 07, 2002 at 11:26:48PM -0600, Nicolaus Kedegren wrote:
Exactly what security issues have you read about? I am pretty curious as
most of these little boxes seem to be NAT, and not much more. And since
a great deal of people are using these boxes, it would be interesting to
hear what
On Sat, Dec 07, 2002 at 04:43:44PM -0700, Bob Proulx wrote:
Although the linux kernel iptables firewalls are excellent I still
recommend a separate firewall box between your computer and the Evil
Internet.
(snip)
In my opinion the cable modem should always have had one of these
built into
On Sat, Dec 07, 2002 at 08:55:52PM -0800, Paul Johnson wrote:
Don't have any ports open that you don't need, avoid DROP (use DENY),
leave yourself pingable. If you don't need to be running a service,
don't do it.
There are viable reasons to use DROP vs DENY. Likewise, there are good
reasons
Jamin W. Collins [EMAIL PROTECTED] [2002-12-08 12:21:40 -0600]:
On Sat, Dec 07, 2002 at 04:43:44PM -0700, Bob Proulx wrote:
Although the linux kernel iptables firewalls are excellent I still
recommend a separate firewall box between your computer and the Evil
Internet.
(snip)
In my
Paul Johnson [EMAIL PROTECTED] [2002-12-08 07:29:19 -0800]:
Well, they fall over pretty easily when hit with a DDOS,
*ANYTHING* falls over pretty easily when hit with DDOS. There is no
real defense against it at this time.
and it's not hard to get the equivilent of root on them.
Any
On Sun, Dec 08, 2002 at 12:28:49PM -0600, Jamin W. Collins wrote:
There are viable reasons to use DROP vs DENY. Likewise, there are good
reasons not to respond to ping requests.
Actually, according to to the RFCs, ports must respond saying they're
closed or open, not just ignore it. Hosts
On Sun, Dec 08, 2002 at 12:46:56PM -0700, Bob Proulx wrote:
Now that is the best reason given so far for a separate component!
The modem is really a fuse to protect the system behind it. When the
fuse blows you replace the fuse. :-)
This is why I say internal modems/DSL bridges/cable bridges
I'm thinking of getting a Cox cable connection/modem, and was wondering
how hard it is to make the static IP address secure. I don't have a lot
of knowledge in this area. What is needed? A cable modem that I could
lease or buy on Ebay, and a network interface card, and turn off all
unneeded
Your exposure is how much time you spend connected. Cable or dial-up
makes little difference. In both cases you should have a firewall.
Disabling unneeded servers is a good idea in all cases. Debian 3.0
installs and enables all kinds of insecure services (e.g., SunRPC,
portmapper) by default.
On Sat, Dec 07, 2002 at 03:04:25PM -0500, Chip Rose wrote:
I'm thinking of getting a Cox cable connection/modem, and was wondering
how hard it is to make the static IP address secure. I don't have a lot
of knowledge in this area. What is needed? A cable modem that I could
lease or buy on
Chip Rose [EMAIL PROTECTED] [2002-12-07 15:04:25 -0500]:
I'm thinking of getting a Cox cable connection/modem, and was
wondering how hard it is to make the static IP address secure. I
don't have a lot of knowledge in this area. What is needed? A
cable modem that I could lease or buy on
hi ya chip
On Sat, 7 Dec 2002, Jeffrey Taylor wrote:
Your exposure is how much time you spend connected. Cable or dial-up
makes little difference. In both cases you should have a firewall.
...
Quoting Chip Rose [EMAIL PROTECTED]:
I'm thinking of getting a Cox cable connection/modem,
On Sat, Dec 07, 2002 at 03:04:25PM -0500, Chip Rose wrote:
I'm thinking of getting a Cox cable connection/modem, and was wondering
how hard it is to make the static IP address secure.
Don't have any ports open that you don't need, avoid DROP (use DENY),
leave yourself pingable. If you don't
On Sat, Dec 07, 2002 at 06:01:19PM -0800, Alvin Oga wrote:
cable ... its you and all your neighbors watching/sharing that copper
Not quite. It's about as insecure as any other network either way.
The shared bandwidth problem is a myth on cable, but severe on DSL
(DSL users get to fight
On Sat, Dec 07, 2002 at 09:20:08PM +0100, Frank Gevaerts wrote:
What I would do (I don't since I have a dedicated firewall machine) is :
- close all unneeded services
Better yet, not just close, purge them.
- install a firewall that just drops any incoming connection from your
On Sat, Dec 07, 2002 at 04:43:44PM -0700, Bob Proulx wrote:
A firewall box like a Linksys, D-Link or Netgear or other is just
perfect for SOHO needs.
Reading about security issues lately, you'd actually introduce more
insecurities than would be solved if you're already running Linux.
Avoid
On Sat, Dec 07, 2002 at 09:16:41PM -0800, Paul Johnson wrote:
On Sat, Dec 07, 2002 at 04:43:44PM -0700, Bob Proulx wrote:
A firewall box like a Linksys, D-Link or Netgear or other is just
perfect for SOHO needs.
Reading about security issues lately, you'd actually introduce more
Paul Johnson wrote:
On Sat, Dec 07, 2002 at 04:43:44PM -0700, Bob Proulx wrote:
A firewall box like a Linksys, D-Link or Netgear or other is just
perfect for SOHO needs.
Reading about security issues lately, you'd actually introduce more
insecurities than would be solved if you're
Paul Johnson wrote:
On Sat, Dec 07, 2002 at 09:20:08PM +0100, Frank Gevaerts wrote:
What I would do (I don't since I have a dedicated firewall machine) is :
- close all unneeded services
Better yet, not just close, purge them.
Yes, absolutely. If you have no need for any piece of
37 matches
Mail list logo
