At 3:50 AM -0500 5/7/02, Glen Lee Edwards wrote:
>Rodolfo J. Paiz writes:
>>It is true that Glen should never have been hacked three times, and that
>>this fact alone shows carelessness or ignorance bordering on
>>irresponsibility. It is also true that most of us are, at one time or
>
>Some things
> At 5/7/2002 08:19 AM -0400, you wrote:
>>He sees no problem with leaving his system without a firewall, he
>>leaves open port 53 (give me one reason why a home user would open
>>DNS...of course without a firewall he has no way to close it)
>
> FYI, in named.conf in the initial directives:
>
> l
On 5/7/02 8:17 AM, "Ray Curtis" <[EMAIL PROTECTED]> wrote:
> Nope, IMHO you are doing what you should instead of running something
> like up2date on each machine.
> Not sure how this thread really got started, but I also have a local
> mirror of updates which I use to update my complete network,
On Mon, 6 May 2002, Rodolfo J. Paiz wrote:
> At 5/6/2002 06:45 PM -0400, you wrote:
> >With all due respect you sir are an idiot and a hazard to the rest of the
> >community. After being hacked three separate times I would've thought
> >that you would agree that you need more security. However,
> "bh" == Bret Hughes <[EMAIL PROTECTED]> writes:
bh> On Mon, 2002-05-06 at 18:34, Rodolfo J. Paiz wrote:
>> At 5/7/2002 01:24 AM +0200, you wrote:
>> >Hit the nearest ftp site for the Powertools and get the rpm for mirror.
>> >Install it and edit /etc/mirror.defaults to suit
Rodolfo J. Paiz writes:
>It is true that Glen should never have been hacked three times, and that
>this fact alone shows carelessness or ignorance bordering on
>irresponsibility. It is also true that most of us are, at one time or
Some things we need to get clear here:
The first time I was ha
On Mon, May 06, 2002 at 11:38:26PM -0500, Bret Hughes wrote:
>
> This makes it sound like I am downloading each file every time I run
> mirror. I am not. I only get new files once and then only check it
> each time I run mirror.
A daily mirroring means that you connect to the ftp site, get a l
On Mon, 2002-05-06 at 17:43, Glen Lee Edwards wrote:
> As for Red Hat's role in this. They are culpable on one count - since I now
> have my own subnet, I always upgrade my systems with the new releases. However,
> they have decided that most of us are rich, and that no one uses 486s and PIs
>
On Mon, 2002-05-06 at 18:34, Rodolfo J. Paiz wrote:
> At 5/7/2002 01:24 AM +0200, you wrote:
> >Hit the nearest ftp site for the Powertools and get the rpm for mirror.
> >Install it and edit /etc/mirror.defaults to suit you.
> >Then create a config file to mirror Red Hat's updates.
> >You can then
At 5/6/2002 06:03 PM -0600, you wrote:
>At 5/6/2002 04:53 PM -0700, you wrote:
>> >Mirroring daily seriously increases the bandwidth drain on the mirror
>> >servers
>>
>>It wouldn't, if more of them supported rsync! I'm surprised that so few
>>do.
Also note that people who mirror the updates, in
At 5/6/2002 04:53 PM -0700, you wrote:
> >Mirroring daily seriously increases the bandwidth drain on the mirror
> >servers
>
>It wouldn't, if more of them supported rsync! I'm surprised that so few
>do.
rsync is a beautiful thing. However, many mirrors are small sites, doing
their best to coope
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rodolfo J. Paiz wrote:
>Mirroring daily seriously increases the bandwidth drain on the mirror
>servers
It wouldn't, if more of them supported rsync! I'm surprised that so few
do.
- -d
- --
David Talkington
PGP key: http://www.prairienet.org
At 5/7/2002 01:24 AM +0200, you wrote:
>Hit the nearest ftp site for the Powertools and get the rpm for mirror.
>Install it and edit /etc/mirror.defaults to suit you.
>Then create a config file to mirror Red Hat's updates.
>You can then run `mirror ` every once in a while
>(what I do at home) or p
On Mon, May 06, 2002 at 04:02:46PM -0700, daniel wrote:
>
> great idea!
> how do i do that?
Hit the nearest ftp site for the Powertools and get the rpm for mirror.
Install it and edit /etc/mirror.defaults to suit you.
Then create a config file to mirror Red Hat's updates.
You can then run `mirr
At 5/6/2002 06:45 PM -0400, you wrote:
>With all due respect you sir are an idiot and a hazard to the rest of the
>community. After being hacked three separate times I would've thought
>that you would agree that you need more security. However, you continue
>to spout the above dribble to those t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rodolfo J. Paiz wrote:
>>I feel compelled to quickly point out that NAT/masquerading is _not_ a
>>security feature. What you're describing is a stateful firewall, which
>>allows only inbound traffic which is related to outgoing requests. This
>>is
At 5/6/2002 05:43 PM -0500, you wrote:
>As for Red Hat's role in this. They are culpable on one count - since I now
>have my own subnet, I always upgrade my systems with the new
>releases. However,
>they have decided that most of us are rich, and that no one uses 486s and PIs
>anymore.
Not tru
At 6:45 PM -0400 5/6/02, Gerry Doris wrote:
>On Mon, 6 May 2002, Glen Lee Edwards wrote:
>
>> Pieter De Wit writes:
>> >Hello Original Poster,
>> >
>> >Sorry I joined the thread late, but why don't you firewall the
>>box(es) using
>> >ipchains or iptables ?
>>
>> I haven't done that for sev
great idea!
how do i do that?
_
daniel a. g. quinn
starving programmer
mr. president, i have blood on my hands
- j. robert oppenheimer, the mind behind the atom bomb,
upon meeting american president harry s. truman
- Original Message -
> On Mon, M
On Mon, 6 May 2002, Glen Lee Edwards wrote:
> Pieter De Wit writes:
> >Hello Original Poster,
> >
> >Sorry I joined the thread late, but why don't you firewall the box(es) using
> >ipchains or iptables ?
>
> I haven't done that for several reasons:
>
> 1) If the firewall box goes down, the enti
On Mon, May 06, 2002 at 02:53:21PM -0700, daniel wrote:
>
> understood
> so is there a faq out there that'll show me how to set up one machine to
> download all the updates needed and then reuse them on all my other
> machines?
Why bother using up2date in this case? Just use a FTP mirroring
syste
[EMAIL PROTECTED] writes:
>Dave T. wrote -
>> I feel compelled to quickly point out that NAT/masquerading is
>> _not_ a
>> security feature. What you're describing is a stateful firewall,
>> which
>> allows only inbound traffic which is related to outgoing requests.
>> This
>> is not in any
At 5/6/2002 02:21 PM -0700, you wrote:
>I feel compelled to quickly point out that NAT/masquerading is _not_ a
>security feature. What you're describing is a stateful firewall, which
>allows only inbound traffic which is related to outgoing requests. This
>is not in any way related to network ad
Dave T. wrote -
> I feel compelled to quickly point out that NAT/masquerading is
> _not_ a
> security feature. What you're describing is a stateful firewall,
> which
> allows only inbound traffic which is related to outgoing requests.
> This
> is not in any way related to network address tr
understood
so is there a faq out there that'll show me how to set up one machine to
download all the updates needed and then reuse them on all my other
machines?
_
daniel a. g. quinn
starving programmer
giving it up would mean... it would mean that all along they
Responding to the default redhat security setup below, you should probably
not rely on this (ie, the medium or strong option during the redhat
install). For real security, you should have a custom rule-set (whether for
ipchains or iptables). I haven't played with iptables myself yet, but I'v
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Rodolfo J. Paiz wrote:
>Clearly you haven't seen the MASQUERADE feature in iptables; I can do
>*ANYTHING* from the inside to the outside, and the firewall is completely
>transparent to me. Bitch for someone to get in, though.
I feel compelled to q
At 5/6/2002 12:55 AM -0500, you wrote:
>I would think the fee would be intended for business accounts, not residential
>or non-commercial accounts. But I could be wrong.
Sorry, wrong. If you (you personally, or maybe your house) have more than
one computer, you are allowed only one computer's f
At 5/6/2002 01:05 AM -0500, you wrote:
>1) If the firewall box goes down, the entire system goes down.
Not if *each* box has iptables or ipchains running.
>2) I had a leased server that was behind a firewall. It frequently was a pain
>to deal with.
Not if the firewall is properly set up.
>3)
On Sun, May 05, 2002 at 02:32:24PM -0500, Glen Lee Edwards wrote:
: From what I read on their site last night, it's only free for the first box.
: After that you have to pay a fee. I have 3 Red Hat computers.
I will take yet another opportunity to point out the use of apt-rpm.
http://apt-rpm.tu
At 3:33 PM -0400 5/6/02, Mike Burger wrote:
>On Mon, 6 May 2002, Patrick Beart wrote:
>
> >I recommend the appliance variety, rather than using firewall
> > software(*).
>
> > Patrick Beart
>>
>> (*) Mensa members and other hair-splitters: "appliance" = firewall
>> software installed in
On Mon, 6 May 2002, Patrick Beart wrote:
> New word: "Firewall". Get one.
>
> I recommend the appliance variety, rather than using firewall
> software(*).
>
>
>
>
> Patrick Beart
>
> (*) Mensa members and other hair-splitters: "appliance" = firewall
> software installed in
At 12:25 PM -0500 5/5/02, Glen Lee Edwards wrote:
>Ed Wilts writes:
>>One of the first things you need to look at is why you were hacked for the
>>3rd time. Once I can understand, but after that your system should have
>>been so tight and your procedures enhanced such that there is likely no 2nd
I'm going to have to (respectfully) disagree with your statement that the
OpenBSD Packet Filter requires "spending hours/days reading about and
experimenting with the ins and outs of firewall/networking"
Speaking only of OpenBSD (I've never used iptables), you can do some pretty
serious firewalli
Yesterday, at 08:20, Ashwin Kutty sent through the Star Gate:
>
>If this is the third time, you might want to look into the security of
>your system as well; not to mention think of a honey pot in case you are
>being singled out by someone for some reason..
This doesn't appear to be a personal a
Thomas Ribbrock <[EMAIL PROTECTED]> writes:
[...]
>> I found it a big pain in the butt fussing with ipchains and then
>> iptables too so finally got a hardware firewall/router.
> [...]
>
>> It is what is known as `statefull' and allows full NATing with fairly
>> simple choices on a java based i
You can run up2date for one system and have it leave the rpms
than just install them on the other machines. You just have
to check periodically for updates of programs not on the machine
with up2date on it. I maintain 4 machines that way 2 or not
connected to the internet so I make a cd and load
On Mon, May 06, 2002 at 01:02:20AM -0700, Harry Putnam wrote:
> Glen Lee Edwards <[EMAIL PROTECTED]> writes:
>
> > 5) Having a tight firewall is like living in a fenced in yard. No one
> > can get in, but you can't get out. I have no desire to live on an
> > island.
>
> I found it a big pain i
er
-Original Message-
From: Glen Lee Edwards [mailto:[EMAIL PROTECTED]]
Sent: 06 May 2002 08:06
To: [EMAIL PROTECTED]
Subject: Re: Hacked again...
Pieter De Wit writes:
>Hello Original Poster,
>
>Sorry I joined the thread late, but why don't you firewall the box(es)
using
>i
Glen Lee Edwards <[EMAIL PROTECTED]> writes:
> 5) Having a tight firewall is like living in a fenced in yard. No one can get
> in, but you can't get out. I have no desire to live on an island.
I found it a big pain in the butt fussing with ipchains and then
iptables too so finally got a hardwa
Pieter De Wit writes:
>Hello Original Poster,
>
>Sorry I joined the thread late, but why don't you firewall the box(es) using
>ipchains or iptables ?
I haven't done that for several reasons:
1) If the firewall box goes down, the entire system goes down.
2) I had a leased server that was behind
Gordon Messmer writes:
>How's this for a script?
>
>#!/bin/sh
>
>rpm -ivh \
>http://ftp.freshrpms.net/pub/freshrpms/enigma/apt/apt-0.3.19cnc55-fr7.i386.rpm
>
>cat > /etc/cron.daily/apt-upgrade <#!/bin/sh
>apt-get update >/dev/null 2>&1
>apt-get upgrade -S | grep ' from '
>EOF
>
>chmod +x /etc/cr
Michael Fratoni writes:
>-BEGIN PGP SIGNED MESSAGE-
>Hash: SHA1
>
>On Sunday 05 May 2002 03:42 pm, Glen Lee Edwards wrote:
>
>> >3) register your system for up2date and let the up2date agent do its
>> > thing. It may take a while but a fully updated system is less prone
>> > to security ho
- Original Message -
> > Tried that. It doesn't work - keeps dying part way through, saying
> > that I need authorization. It's only good for one box, anyway.
>
> up2date isn't the only way to update your system.
> You can also download the updates from a mirror near you and
> apply the
5, 2002 9:42 PM
Subject: Re: Hacked again...
> Jack Bowling writes:
> >** Reply to message from Glen Lee Edwards <[EMAIL PROTECTED]> on Sun, 05 May
2002 12:25:47 -0500
> >
> >
> >> You're right. I'm a RH Linux end user, not a geek. I don't have the
Am currently running up2date on a fresh install of RH 7.2. Kept running
into the same problem of "authorization required". I was running
#up2date -u and all I had to do was hit either the up or down key, I
think it is the down key and that would bring up the #up2date -u command
and it would run
On Sun, 2002-05-05 at 14:12, Glen Lee Edwards wrote:
> Emmanuel Seyman writes:
> >On Sun, May 05, 2002 at 02:42:27PM -0500, Glen Lee Edwards wrote:
> >>
> >> Tried that. It doesn't work - keeps dying part way through, saying
> >> that I need authorization. It's only good for one box, anyway.
> >
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sunday 05 May 2002 03:42 pm, Glen Lee Edwards wrote:
> >3) register your system for up2date and let the up2date agent do its
> > thing. It may take a while but a fully updated system is less prone
> > to security holes.
>
> Tried that. It doesn't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sunday 05 May 2002 05:55 pm, Ed Wilts wrote:
>
> > After that you have to pay a fee. I have 3 Red Hat computers.
>
> You've actually got several choices. You can create a different
> username for each system and continue to use up2date;
I'm goi
If this is the third time, you might want to look into the security of
your system as well; not to mention think of a honey pot in case you are
being singled out by someone for some reason..
On Sun, 5 May 2002, Emmanuel Seyman wrote:
> On Sun, May 05, 2002 at 01:13:04AM -0500, Glen Lee Edwards
>From what I read on their site last night, it's only free for the first
box.
> After that you have to pay a fee. I have 3 Red Hat computers.
You've actually got several choices. You can create a different username
for each system and continue to use up2date; you can go to
http://www.freshmeat
Emmanuel Seyman writes:
>On Sun, May 05, 2002 at 02:42:27PM -0500, Glen Lee Edwards wrote:
>>
>> Tried that. It doesn't work - keeps dying part way through, saying
>> that I need authorization. It's only good for one box, anyway.
>
>up2date isn't the only way to update your system.
>You can also
On Sun, May 05, 2002 at 02:42:27PM -0500, Glen Lee Edwards wrote:
>
> Tried that. It doesn't work - keeps dying part way through, saying
> that I need authorization. It's only good for one box, anyway.
up2date isn't the only way to update your system.
You can also download the updates from a mi
Jack Bowling writes:
>** Reply to message from Glen Lee Edwards <[EMAIL PROTECTED]> on Sun, 05 May 2002
>12:25:47 -0500
>
>
>> You're right. I'm a RH Linux end user, not a geek. I don't have the
>> tools/experience to track him down, find out how he got in, and plug the holes.
>> I just install
Ed Wilts writes:
>> I just install what Red Hat sends and hope it works.
>
>Red Hat provides for free security fixes via up2date. This should be
>From what I read on their site last night, it's only free for the first box.
After that you have to pay a fee. I have 3 Red Hat computers.
Glen
_
** Reply to message from Glen Lee Edwards <[EMAIL PROTECTED]> on Sun, 05 May 2002 12:25:47
-0500
> You're right. I'm a RH Linux end user, not a geek. I don't have the
> tools/experience to track him down, find out how he got in, and plug the holes.
> I just install what Red Hat sends and hope
> I just install what Red Hat sends and hope it works.
Red Hat provides for free security fixes via up2date. This should be
considered mandatory if your system doesn't have enough firewalls in front
of it to block the bad guys. A Linksys or other DSL/Cable router/firewall
doesn't hurt either.
On Sun, 5 May 2002, Glen Lee Edwards wrote:
> You're right. I'm a RH Linux end user, not a geek. I don't have the
> tools/experience to track him down, find out how he got in, and plug the holes.
> I just install what Red Hat sends and hope it works.
>
> Have you tried Krispy Kreme yet? We've
On Sun, May 05, 2002 at 12:25:47PM -0500 or thereabouts, Glen Lee Edwards wrote:
> The first time I was hacked it was on a remote box I was leasing. I
> discontinued the lease on it. The hacker then found my home system and got into
> You're right. I'm a RH Linux end user, not a geek. I do
Ed Wilts writes:
>One of the first things you need to look at is why you were hacked for the
>3rd time. Once I can understand, but after that your system should have
>been so tight and your procedures enhanced such that there is likely no 2nd
>time, and definitely no 3rd time.
>
>Please read the
One of the first things you need to look at is why you were hacked for the
3rd time. Once I can understand, but after that your system should have
been so tight and your procedures enhanced such that there is likely no 2nd
time, and definitely no 3rd time.
Please read the archives for this list
On Sun, May 05, 2002 at 01:13:04AM -0500, Glen Lee Edwards wrote:
>
> >* Info : Linux nazarene 2.2.14-5.0
^^
This kernel has severe security problem.
You'll find a replacement kernel in the updates.
Emmanuel
___
Re
On Sunday 05 May 2002 09:13, Glen Lee Edwards wrote:
> I was hacked again. This is the 3rd time in a couple of months. The
> hacker sent himself some emails from my computer with my system info on it.
> Here are the email addresses he used:
>
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
>
> He was a
63 matches
Mail list logo