RE: starting by iptable deny all of china is a good start. - Re:OT? Linux-based trojans now targeting WRT and other linux-based routers

2009-03-30 Thread Bryan O'Neal
Isn't that what network documentation and maintenance scripts are for ;) Actually you have a very good point but, particularly when people travel. I would block all non US addresses but would turn the rules on and off by country when executives travel (automated on and off dates were scheduled).

RE: starting by iptable deny all of china is a good start. - Re:OT? Linux-based trojans now targeting WRT and other linux-based routers

2009-03-30 Thread Lisa Kachold
Unfortunately, a scan like nmap or netcat can trivially use random or source choice IP. So a distributed denial of service (and more than a few script kiddie bots and toolz) originate from Chinese source addresses. The real scanner is actually behind the proxy watching it all ready for the all

RE: starting by iptable deny all of china is a good start. - Re:OT? Linux-based trojans now targeting WRT and other linux-based routers

2009-03-30 Thread Bryan O'Neal
If you should never get a request outside the US why should you look any further to deny it? This is not complete protection by any measure but it makes an easy first step. I used to go one step further and block my dynamic hosted websites (where you don't get to mess with iptables) from being to

decent non-embeded firewall

2009-03-30 Thread Bryan ONeal
My Netgear FVS318 router/firewall has developed a nasty habit of rebooting every time it gets both portscaned and repeated gnutella requests (who still runs gnutella anyway?) so I am looking to put in a boarder router/firewall to protect it (read replace it if not for the lack of an 8 port switch)

April 1st coming up - conficker time

2009-03-30 Thread Charles Jones
On April 1st the Conficker.C virus (probably the most virulent MSWin virus to date) is due to "activate". By activate I mean that thusfar it has been just spreading itself, but once the host time reaches April 1, it will begin attempting to contact 50,000 randomly generated domain names per day

Re: starting by iptable deny all of china is a good start. - Re: OT?Linux-based trojans now targeting WRT and other linux-based routers

2009-03-30 Thread mike havens
great learning experience! On Mon, Mar 30, 2009 at 4:44 PM, Bob Elzer wrote: > Would you believe he's only doing it for his Grandma, who lives in > Pasadena, > and she only gets on the internet on Sundays ? > > > -Original Message- > From: plug-discuss-boun...@lists.plug.phoenix.az.us >

RE: starting by iptable deny all of china is a good start. - Re: OT?Linux-based trojans now targeting WRT and other linux-based routers

2009-03-30 Thread Bob Elzer
Would you believe he's only doing it for his Grandma, who lives in Pasadena, and she only gets on the internet on Sundays ? -Original Message- From: plug-discuss-boun...@lists.plug.phoenix.az.us [mailto:plug-discuss-boun...@lists.plug.phoenix.az.us] On Behalf Of Andrew "Tuna" Harris Sent

Re: I want to start X app on display:0 remotely. How?

2009-03-30 Thread kitepi...@kitepilot.com
Yep... This is what I was looking for. I tried this before and didn't work. Or at least I think I did... :) THANKS! Enrique Matt Graham writes: > From: "kitepi...@kitepilot.com" >> I have a machine running remotely which I can ONLY SSH into. >> I know that the machine is running X and "op

Re: I want to start X app on display:0 remotely. How?

2009-03-30 Thread Matt Graham
> kitepi...@kitepilot.com wrote: >> Now kcalc pops on display:0 and operator can see and use kcalc as >> if he/her had invoked it him/herself. From: Austin Godber > ssh -X -l operator remote.host > sometimes you have to use -Y rather than -X This is not what kitepilot wrote. Using -X and -Y make

Re: I want to start X app on display:0 remotely. How?

2009-03-30 Thread kitepi...@kitepilot.com
>> ssh -X -l operator remote.host This will not work. This will start an application in a remote host in my display. I want to start an application in a remote host in the display that is attached to that host (DISPLAY:0.0) And it would rather be: ssh -fCX opera...@remote.host /path/to/executabl

Re: I want to start X app on display:0 remotely. How?

2009-03-30 Thread Matt Graham
From: "kitepi...@kitepilot.com" > I have a machine running remotely which I can ONLY SSH into. > I know that the machine is running X and "operator" is logged in and > [has access to :0] > > What I want is to: > ssh -l operator remote.host > (insert some magic here) kcalc > Now kcalc pops on d

Fwd: Update and Report on Fedora August 2008 Intrusion

2009-03-30 Thread Ryan Rix
Scary... Imagine if that package had actually been signed and deployed. -- Forwarded message -- From: Paul W. Frields Date: Mon, Mar 30, 2009 at 7:00 AM Subject: Update and Report on Fedora August 2008 Intrusion To: fedora-announce-list This communication provides additional in

Re: I want to start X app on display:0 remotely. How?

2009-03-30 Thread Austin Godber
ssh -X -l operator remote.host sometimes you have to use -Y rather than -X You can put this in your .ssh/config so it does it all the time. Also, running KDE apps and maybe gnome apps might be a pain since they assume a host of other KDE related services are running. Try with xcalc first to s

Re: starting by iptable deny all of china is a good start. - Re: OT? Linux-based trojans now targeting WRT and other linux-based routers

2009-03-30 Thread Andrew "Tuna" Harris
Excerpts from Charles Jones's message of Mon Mar 30 08:46:35 -0700 2009: > Andrew "Tuna" Harris wrote: > > Excerpts from kitepi...@kitepilot.com's message of Mon Mar 30 05:30:51 > > -0700 2009: > > > >> And how do I: > >> "starting by iptable deny all of china" ? > >> > >> I can figure out the

Re: starting by iptable deny all of china is a good start. - Re: OT? Linux-based trojans now targeting WRT and other linux-based routers

2009-03-30 Thread kitepi...@kitepilot.com
Agree too... Man, I hate intelligent people, they make me look sooo dumb!:) Very valid point. ET Craig White writes: > I'm gonna ignore most of the implications of this and just say one thing > that you're apparently not considering... > > Once you implement a methodology, you then bec

Re: starting by iptable deny all of china is a good start. - Re: OT? Linux-based trojans now targeting WRT and other linux-based routers

2009-03-30 Thread Craig White
I'm gonna ignore most of the implications of this and just say one thing that you're apparently not considering... Once you implement a methodology, you then become committed to maintaining the implementation and ip address ranges change, people go to China for visiting, other people might have to

Re: starting by iptable deny all of china is a good start. - Re: OT? Linux-based trojans now targeting WRT and other linux-based routers

2009-03-30 Thread Charles Jones
Andrew "Tuna" Harris wrote: Excerpts from kitepi...@kitepilot.com's message of Mon Mar 30 05:30:51 -0700 2009: And how do I: "starting by iptable deny all of china" ? I can figure out the "iptable" part, it is the "china" part (and other possible places where I know I will only get spam f

Re: starting by iptable deny all of china is a good start. - Re: OT? Linux-based trojans now targeting WRT and other linux-based routers

2009-03-30 Thread kitepi...@kitepilot.com
Agree... But for as long as my people doesn't have friends in Asia, I may as well block them all... :) Enrique Craig White writes: > On Mon, 2009-03-30 at 08:30 -0400, kitepi...@kitepilot.com wrote: >> And how do I: >> "starting by iptable deny all of china" ? >> >> I can figure out th

I want to start X app on display:0 remotely. How?

2009-03-30 Thread kitepi...@kitepilot.com
Hello X: This is the scenario: I have a machine running remotely which I can ONLY SSH into. I know that the machine is running X and "operator" is logged in and can run graphical applications. I'll use kcalc for the example. What I want is to: ssh -l operator remote.host (insert some magic

Re: starting by iptable deny all of china is a good start. - Re: OT? Linux-based trojans now targeting WRT and other linux-based routers

2009-03-30 Thread Craig White
On Mon, 2009-03-30 at 08:30 -0400, kitepi...@kitepilot.com wrote: > And how do I: > "starting by iptable deny all of china" ? > > I can figure out the "iptable" part, it is the "china" part (and other > possible places where I know I will only get spam from) that I am unaware > of... I do

Re: starting by iptable deny all of china is a good start. - Re: OT? Linux-based trojans now targeting WRT and other linux-based routers

2009-03-30 Thread Andrew "Tuna" Harris
Excerpts from kitepi...@kitepilot.com's message of Mon Mar 30 05:30:51 -0700 2009: > And how do I: > "starting by iptable deny all of china" ? > > I can figure out the "iptable" part, it is the "china" part (and other > possible places where I know I will only get spam from) that I am unaware

Re: HackFest Series: Firewall Building 101 April Lab 2nd Saturday Noon At UAT

2009-03-30 Thread mike havens
cool! On Sun, Mar 29, 2009 at 10:59 PM, Lisa Kachold wrote: > Maybe I can setup a nice Live session for this! > > Obnosis | (503)754-4452 > PLUG Linux Security > Labs2nd Saturday Each mo...@noon- 3PM > > --

starting by iptable deny all of china is a good start. - Re: OT? Linux-based trojans now targeting WRT and other linux-based routers

2009-03-30 Thread kitepi...@kitepilot.com
And how do I: "starting by iptable deny all of china" ? I can figure out the "iptable" part, it is the "china" part (and other possible places where I know I will only get spam from) that I am unaware of... Thanks! Enrique Lisa Kachold writes: > > Well, the sad fact is that _any_ machine