Hi
I am new in this group (from Norway)
Do you have any tips for which ports I should
close to held my network clean for intruders ?
I've closed port 1214 and 6881 to 6889 . Anyone
else I should close ?
Chris
On Thursday 06 November 2003 23:50, Christ-Henning Ljosheim wrote:
> Hi
> I am new in this group (from Norway)
> Do you have any tips for which ports I should close to held my network
> clean for intruders ? I've closed port 1214 and 6881 to 6889 . Anyone else
> I should close ?
>
> Chris
You're t
> I guess It's a matter of time before someone hacks in a http server
and makes it send out links like
> http://victim ip/britney.jpg
> Luckily microsoft patches stuff within 2 days, balmer said so so it
must be true ;)
Since the trojan horse really was "britney.jpg", I hope I am not
responding t
On Fri, 07 Nov 2003 08:50:54 +0100, Christ-Henning Ljosheim <[EMAIL PROTECTED]> said:
> Do you have any tips for which ports I should close to held my network =
> clean for intruders ?
> I've closed port 1214 and 6881 to 6889 . Anyone else I should close ?
Everything you're not actually using.
Hi,
On Fri, 07 Nov 2003 02:58:04 -0500
"Christ-Henning Ljosheim" <[EMAIL PROTECTED]> wrote:
> I've closed port 1214 and 6881 to 6889 . Anyone else I should close ?
I recommend you take the default approach of denying everything instead
of closing certain ports. After this has been done, allow th
Hi.
if your running linux try something like
iptables -t filter -A INPUT -p tcp -s 0.0.0.0 --syn -j REJECT
--reject-with tcp-reset
this way you get ALL the ports closed, even the local range ports and
still have a working connection, then open the ones you need to have
open. The --syn flag drops
Yes but like you said it uses an angelfire page, If you take it down the
virus is stopped
If it gets too succesfull bandwidth limits are exceeded. So it will never
widely spread that way
If someone where to include a webserver in the worm there's no single point
of failure
- Original Messag
Christ-Henning Ljosheim wrote:
Do you have any tips for which ports I should close to held my network
clean for intruders ?
I've closed port 1214 and 6881 to 6889 . Anyone else I should close ?
As several people have mentioned already, start with deny all, and got from
there.
Out of curiosity,
Also, close all outbound ports except the needed ones.
-anjan
-Original Message-
From: marko [mailto:[EMAIL PROTECTED]
Sent: Friday, November 07, 2003 9:38 AM
To: [EMAIL PROTECTED]
Subject: Re: [Full-Disclosure] closing ports
Hi,
On Fri, 07 Nov 2003 02:58:04 -0500
"Christ-Henning Ljos
> Yes but like you said it uses an angelfire page, If you take
> it down the virus is stopped If it gets too succesfull
> bandwidth limits are exceeded. So it will never widely spread
> that way If someone where to include a webserver in the worm
> there's no single point of failure
Exactly wh
On Fri, 07 Nov 2003 15:30:56 +0200, hena <[EMAIL PROTECTED]> said:
> if your running linux try something like
> iptables -t filter -A INPUT -p tcp -s 0.0.0.0 --syn -j REJECT
> --reject-with tcp-reset
that -s 0.0.0.0 won't do what you think. (It will drop all packets
that have a source address of
Full details on this issue are available on our website. There will be
no forced pdf files, and we have removed the java applet that so many of
you complained about. Registration is still necessary for indepth detail
on this issue. I have also attempted to stop the cross posting to the
mailing
Christ-Henning:
In order this is what you should do:
If you are currently connected to the Internet and don't have
any users who will lose their lives if you disconnect, calmly walk over to
your router's DSL or Cable connection and disconnect it. You don't know enough
Hi all
Well - there's some days ago, when in one of our offices a problem arrived.
In 2 days 4 computers (not same hardware-series, manufacturer or sizes)
crashed with following symptoms (could not be booted anymore):
Disc I/O error: Status = 0001; Hardwareprofile could not be started...
WIN
This is the same thing some chump tryed yelling at me for (also just
happened to SCO's posts)... its caused by ccing bugtraq / full-disc /
other mailing lists in the same message. When each list sends out the
message to its members it also gets resent to FD.
If you want to go to multiple lists
On Sat, 08 Nov 2003 17:43:59 EST, KF said:
> This is the same thing some chump tryed yelling at me for (also just
> happened to SCO's posts)... its caused by ccing bugtraq / full-disc /
> other mailing lists in the same message. When each list sends out the
> message to its members it also gets
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- --
Debian Security Advisory DSA 397-1 [EMAIL PROTECTED]
http://www.debian.org/security/ Martin Schulze
November 7th, 2003
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:OpenServer 5.0.7 : OpenSSH: multiple buf
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
__
SCO Security Advisory
Subject:OpenLinux: ucd-snmp remote heap overflow
Advisory number:CSSA-2
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:OpenServer 5.0.5 OpenServer 5.0.6 OpenSe
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:OpenServer 5.0.7 OpenServer 5.0.6 OpenSe
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:OpenServer 5.0.7 OpenServer 5.0.6 OpenSe
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:OpenLinux: Multiple v
To: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
__
SCO Security Advisory
Subject:OpenLinux: ucd-snmp rem
25 matches
Mail list logo