Re: Portmap non-local set / unset attempt

2005-09-23 Thread Wolfgang S. Rupprecht
Martin SchrC6der <[EMAIL PROTECTED]> writes: > On 2005-09-23 00:05:14 -0700, Wolfgang S. Rupprecht wrote: >> appreciable added risk. The only loose end is that sshd doesn't >> currently log the RSA/DSA key that is used to gain access. Ideally it > > Hu? Try > LogLevel VERBOSE Your eloquent repl

Re: Portmap non-local set / unset attempt

2005-09-23 Thread frantisek holop
hmm, on Thu, Sep 22, 2005 at 07:09:12PM -0600, Theo de Raadt said that > It IS POSSIBLE to set something up and have it be secure and NOT TOUCH > IT, because many people have OpenBSD machines running older releases > running without any modification for YEARS now, RISK FREE, without > having to upd

RE: Re: Portmap non-local set / unset attempt

2005-09-23 Thread tony
Making is a process. Toast is not a process. >- --- Original Message --- - >From: [EMAIL PROTECTED] >To: misc@openbsd.org >Sent: Fri, 23 Sep 2005 02:30:10 > >[EMAIL PROTECTED] wrote: > >>> Security is everything you've ever said, plus a >process. >> >> If it is secure, it doesn't

Re: Portmap non-local set / unset attempt

2005-09-23 Thread Szechuan Death
[EMAIL PROTECTED] wrote: Security is everything you've ever said, plus a process. If it is secure, it doesn't need a process. So why would security be a process again? Because of the vendors making "mistakes" and fix it later? Jimmy Scott It is a "process" in the same way that "making toast

Re: Portmap non-local set / unset attempt

2005-09-23 Thread Martin Schröder
On 2005-09-23 00:05:14 -0700, Wolfgang S. Rupprecht wrote: > appreciable added risk. The only loose end is that sshd doesn't > currently log the RSA/DSA key that is used to gain access. Ideally it Hu? Try LogLevel VERBOSE Best Martin -- http://www.tm.oneiros.de

Re: Portmap non-local set / unset attempt

2005-09-23 Thread Wolfgang S. Rupprecht
Tim Hammerquist <[EMAIL PROTECTED]> writes: > [*] I would consider leaving PermitRootLogin enabled a firing > offense in itself. PermitRootLogin is needed for rdisting. Without that you end up having to maintain N systems. /etc/ssh/sshd_config: Protocol 2 PermitRootLogin without-password Pa

Re: Portmap non-local set / unset attempt

2005-09-22 Thread jimmy
Quoting "Clint M. Sand" <[EMAIL PROTECTED]>: > On Thu, Sep 22, 2005 at 07:09:12PM -0600, Theo de Raadt wrote: > > > > People keep yammering this bullshit about "Security is a process". > > > > Bullshit! Lies! It's about paying attention to the frigging details > > > > when they are right in fron

Re: Portmap non-local set / unset attempt

2005-09-22 Thread Tim Hammerquist
Clint M. Sand wrote: > > > Theo de Raadt wrote: > > > > It's about paying attention to the frigging details when > > > > they are right in front of your face. [ snippage ] > > No, you can put an openbsd box up and leave it for years with > root login enabled and password for a password. It takes m

RE: Re: Portmap non-local set / unset attempt

2005-09-22 Thread tony
>Security is everything you've ever said, plus a >process. No. security does not require the process. Attempted security (that doesn't quite work) requires a process. Like the difference between does work and should work.

Re: Portmap non-local set / unset attempt

2005-09-22 Thread Clint M. Sand
On Thu, Sep 22, 2005 at 07:09:12PM -0600, Theo de Raadt wrote: > > > People keep yammering this bullshit about "Security is a process". > > > Bullshit! Lies! It's about paying attention to the frigging details > > > when they are right in front of your face. And it is very clear other > > > vend

Re: Portmap non-local set / unset attempt

2005-09-22 Thread Theo de Raadt
> Which is why I now know MORE about air-conditioners than most of the > technicians who come here. > > The phrase, and everything you said, is all excuses for the vendors. I bet that the air-conditoner technicians believe that "Air-conditioner maintainance is a process". Which is why they can n

Re: Portmap non-local set / unset attempt

2005-09-22 Thread Theo de Raadt
> > People keep yammering this bullshit about "Security is a process". > > Bullshit! Lies! It's about paying attention to the frigging details > > when they are right in front of your face. And it is very clear other > > vendors do not pay attention to the details, considering the work I > > did

Re: Portmap non-local set / unset attempt

2005-09-22 Thread Clint M. Sand
On Thu, Sep 22, 2005 at 02:02:13PM -0600, Theo de Raadt wrote: > People keep yammering this bullshit about "Security is a process". > Bullshit! Lies! It's about paying attention to the frigging details > when they are right in front of your face. And it is very clear other > vendors do not pa

Re: Portmap non-local set / unset attempt

2005-09-22 Thread Michael Favinsky
adt [mailto:[EMAIL PROTECTED] Sent: Thursday, September 22, 2005 1:02 PM To: Michael Favinsky Cc: 'misc@openbsd.org' Subject: Re: Portmap non-local set / unset attempt > I'm receiving the following messages from portmap when starting Legato > Networker's nsrex

Re: Portmap non-local set / unset attempt

2005-09-22 Thread Theo de Raadt
> I'm receiving the following messages from portmap when starting Legato > Networker's nsrexecd. The nsrexecd I'm running is the Linux version under > emulation: > > portmap[16083]: non-local unset attempt (might be from 127.0.0.1) > portmap[16083]: non-local set attempt (might be from 127.0.0.1)

Portmap non-local set / unset attempt

2005-09-22 Thread Michael Favinsky
I'm receiving the following messages from portmap when starting Legato Networker's nsrexecd. The nsrexecd I'm running is the Linux version under emulation: portmap[16083]: non-local unset attempt (might be from 127.0.0.1) portmap[16083]: non-local set attempt (might be from 127.0.0.1) The program