Is there some way to override this? :-)
You can edit packets on your firewall ( something along the lines of
iptables -t mangle -p tcp --dport 22 -j TOS --set-tos Minimize-Delay ),
but in general it's not a good idea ( you don't want your bulk traffic
eating your interactive sessions ).
--
Hans Spaans wrote:
'dig . ns @nameserver /etc/bind/db.root' can give you a new db.root
file for your nameserver. If its wise? Yes and no, your db.root must
contain valid data, but to take a random nameserver, that is not wise.
Most resolvers return an empty additional section anyway, which
unsubscribe
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
On Mon, Feb 02, 2004 at 09:51:02AM -0800, Maria Rodriguez wrote:
Does anyone know what's going on?
http://lists.debian.org/debian-news/debian-news-2004/msg5.html
regards
fEnIo
--
_ Bartosz Feski aka fEnIo | mailto:[EMAIL PROTECTED] | pgp:0x13fefc40
_|_|_32-050 Skawina -
http://www.debian.org/News/2004/20040202
Security Host Downtime
Yesterday around 15:00 UTC we the host klecker.debian.org crashed.
Unfortunately, it didn't react on the serial console and to a remotely
issued power-cycle
On Mon, 2004-02-02 at 09:51, Maria Rodriguez wrote:
Am I the only one who is having difficulties reaching security.debian.org? I manage
a few Debian machines here in Florida as well as Southern Georgia and all of them
seem to be timing out when trying to reach that server:
Err
* Quoting Maria Rodriguez ([EMAIL PROTECTED]):
That appears to be klecker.debian.org which isn't currently responding to pings,
which in itself isn't scary, but it looks as though it may have been inaccessible
for a few days now.
Does anyone know what's going on?
Hello,
As of this morning two of my machines - which are regularly contacted
trough ssh from each other - showed this message upon 'chkrootkit':
Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
Checking 'lkm'... You have 4 processes hidden for ps command
The latter happened to me before
im soroush
i live iran
im need information about telnet for complete project
univercity
please help me
thanks
godbye
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
--
To UNSUBSCRIBE, email
Hi,
I have written the following mail to the debian-gnome-gtk mailing list,
but I got no answere. I hope that I have more luck at the
debian-security list ;)
I have a really annoying problem with GnuPG and Gnome2/GTK2. I think,
but I'm not sure, that since I have upgraded from Gnome2.2 to
On 2004.02.02 21:08, Johannes Graumann wrote:
Hello,
Checksecurity reports this:
Security Violations for su
=-=-=-=-=-=-=-=-=-=-=-=-=-
Feb 2 06:33:11 server_name su[16863]: + ??? root:nobody
'tiger' also reports - while performing signature check of system
binaries, that /bin/ping,
On Mon, Feb 02, 2004 at 02:54:33PM -0800, Alvin Oga wrote:
If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
this exact behavior, with nothing listening on these ports.
and am wondering, why explicitly reject those ports and not
explicity reject other ports that is
On Tue, 3 Feb 2004 09:55:04 +1300 (NZDT)
TiM [EMAIL PROTECTED] wrote:
Hello,
As of this morning two of my machines - which are regularly
contacted trough ssh from each other - showed this message upon
'chkrootkit':
Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
Checking
hi ya noah
On Mon, 2 Feb 2004, Noah Meyerhans wrote:
On Mon, Feb 02, 2004 at 02:06:41PM -0800, Alvin Oga wrote:
'nmap' to those ports gives me:
PORT STATESERVICE
1524/tcp filtered ingreslock
31337/tcp filtered Elite
turn off those ports ... kill ingress and
On Mon, Feb 02, 2004 at 10:59:11PM +0100, Andreas Schmidt wrote:
=-=-=-=-=-=-=-=-=-=-=-=-=-
Feb 2 06:33:11 server_name su[16863]: + ??? root:nobody
That's normal, its been discussed here before. It just needs to be added to
logcheck patterns, a bug should be filed.
'tiger' also reports -
On Mon, Feb 02, 2004 at 05:58:29PM -0500, Noah Meyerhans wrote:
On Mon, Feb 02, 2004 at 02:54:33PM -0800, Alvin Oga wrote:
If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
this exact behavior, with nothing listening on these ports.
and am wondering, why explicitly
Is there some way to override this? :-)
You can edit packets on your firewall ( something along the lines of
iptables -t mangle -p tcp --dport 22 -j TOS --set-tos Minimize-Delay ),
but in general it's not a good idea ( you don't want your bulk traffic
eating your interactive sessions ).
--
Hans Spaans wrote:
'dig . ns @nameserver /etc/bind/db.root' can give you a new db.root
file for your nameserver. If its wise? Yes and no, your db.root must
contain valid data, but to take a random nameserver, that is not wise.
Most resolvers return an empty additional section anyway, which
unsubscribe
Am I the only one who is having difficulties reaching security.debian.org? I
manage a few Debian machines here in Florida as well as Southern Georgia and
all of them seem to be timing out when trying to reach that server:
Err http://security.debian.org woody/updates/main Packages
Could not
On Mon, Feb 02, 2004 at 09:51:02AM -0800, Maria Rodriguez wrote:
Does anyone know what's going on?
http://lists.debian.org/debian-news/debian-news-2004/msg5.html
regards
fEnIo
--
_ Bartosz Feński aka fEnIo | mailto:[EMAIL PROTECTED] |
pgp:0x13fefc40
_|_|_32-050 Skawina -
http://www.debian.org/News/2004/20040202
Security Host Downtime
Yesterday around 15:00 UTC we the host klecker.debian.org crashed.
Unfortunately, it didn't react on the serial console and to a remotely
issued power-cycle
On Mon, 2004-02-02 at 09:51, Maria Rodriguez wrote:
Am I the only one who is having difficulties reaching security.debian.org? I
manage a few Debian machines here in Florida as well as Southern Georgia and
all of them seem to be timing out when trying to reach that server:
Err
* Quoting Maria Rodriguez ([EMAIL PROTECTED]):
That appears to be klecker.debian.org which isn't currently responding to
pings, which in itself isn't scary, but it looks as though it may have been
inaccessible for a few days now.
Does anyone know what's going on?
Hello,
As of this morning two of my machines - which are regularly contacted
trough ssh from each other - showed this message upon 'chkrootkit':
Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
Checking 'lkm'... You have 4 processes hidden for ps command
The latter happened to me before
im soroush
i live iran
im need information about telnet for complete project
univercity
please help me
thanks
godbye
__
Do you Yahoo!?
Yahoo! SiteBuilder - Free web site building tool. Try it!
http://webhosting.yahoo.com/ps/sb/
Hi,
I have written the following mail to the debian-gnome-gtk mailing list,
but I got no answere. I hope that I have more luck at the
debian-security list ;)
I have a really annoying problem with GnuPG and Gnome2/GTK2. I think,
but I'm not sure, that since I have upgraded from Gnome2.2 to
Yep, it definately looks like you're hacked with those ports open unless
you've installed something that uses them. I'd look into those hidden
processes also but I know there's a problem with procfs or something
that causes some hidden pid's 2-5 or something.
check out
On 2004.02.02 21:08, Johannes Graumann wrote:
Hello,
Checksecurity reports this:
Security Violations for su
=-=-=-=-=-=-=-=-=-=-=-=-=-
Feb 2 06:33:11 server_name su[16863]: + ??? root:nobody
'tiger' also reports - while performing signature check of system
binaries, that /bin/ping,
hi ya Johannes
if you ( a debian box?? ) have been hacked .. other hosts are equally
susceptable .. finding out what is going on is important
On Sun, 1 Feb 2004, Eric Nelson wrote:
Yep, it definately looks like you're hacked with those ports open unless
hummm... i'm not as sure .. so i'd
On Mon, Feb 02, 2004 at 02:06:41PM -0800, Alvin Oga wrote:
'nmap' to those ports gives me:
PORT STATESERVICE
1524/tcp filtered ingreslock
31337/tcp filtered Elite
turn off those ports ... kill ingress and whatever uses elite
and keep poking around with nmap till it
===
As you are not a member of this email list (parablenet@jesusyouth.org)
you cannot post a message to the list.
Your message will not be forwarded to the list.
Kindly bear with the incovenience.
On Mon, Feb 02, 2004 at 02:54:33PM -0800, Alvin Oga wrote:
If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
this exact behavior, with nothing listening on these ports.
and am wondering, why explicitly reject those ports and not
explicity reject other ports that is
On Tue, 3 Feb 2004 09:55:04 +1300 (NZDT)
TiM [EMAIL PROTECTED] wrote:
Hello,
As of this morning two of my machines - which are regularly
contacted trough ssh from each other - showed this message upon
'chkrootkit':
Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
Checking
hi ya noah
On Mon, 2 Feb 2004, Noah Meyerhans wrote:
On Mon, Feb 02, 2004 at 02:06:41PM -0800, Alvin Oga wrote:
'nmap' to those ports gives me:
PORT STATESERVICE
1524/tcp filtered ingreslock
31337/tcp filtered Elite
turn off those ports ... kill ingress and
On Mon, Feb 02, 2004 at 10:59:11PM +0100, Andreas Schmidt wrote:
=-=-=-=-=-=-=-=-=-=-=-=-=-
Feb 2 06:33:11 server_name su[16863]: + ??? root:nobody
That's normal, its been discussed here before. It just needs to be added to
logcheck patterns, a bug should be filed.
'tiger' also reports -
hi ya noah
On Mon, 2 Feb 2004, Noah Meyerhans wrote:
On Mon, Feb 02, 2004 at 02:54:33PM -0800, Alvin Oga wrote:
If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
this exact behavior, with nothing listening on these ports.
and am wondering, why explicitly reject
On Mon, Feb 02, 2004 at 05:58:29PM -0500, Noah Meyerhans wrote:
On Mon, Feb 02, 2004 at 02:54:33PM -0800, Alvin Oga wrote:
If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
this exact behavior, with nothing listening on these ports.
and am wondering, why explicitly
Hello again,
Here is what I make of my evidence at the end of a quite anxious day. I
would highly appreciate any comments on my conclusions!
Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
At this point I believe to be able to attribute this to portsentry
running -
hi ya johannes
On Mon, 2 Feb 2004, Johannes Graumann wrote:
Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
At this point I believe to be able to attribute this to portsentry
running - '/etc/init.d/portsentry stop' makes it go away,
'/etc/init.d/portsentry start' makes it reappear
Your mail to 'devel' with the subject
hi
Is being held until the list moderator can review it for approval.
The reason it is being held:
Post by non-member to a members-only list
Either the message will get posted to the list, or you will receive
notification of the moderator's
On Mon, 2 Feb 2004 18:28:31 -0800 (PST), Alvin Oga wrote:
On Mon, 2 Feb 2004, Johannes Graumann wrote:
Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
At this point I believe to be able to attribute this to portsentry
running - '/etc/init.d/portsentry stop' makes it go away,
odd that
Noah Meyerhans wrote:
Those ports are not showing up as open. 'Filtered' does not mean open.
If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
this exact behavior, with nothing listening on these ports.
No, with REJECT they would show up as closed. DROP produces
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 03 Feb 2004 03:50:06 +0100,
Alvin Oga [EMAIL PROTECTED] wrote:
hi ya johannes
On Mon, 2 Feb 2004, Johannes Graumann wrote:
Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
At this point I believe to be able to attribute this to
hi ya nick/jim
On Tue, 3 Feb 2004, Nick Boyce wrote:
On Mon, 2 Feb 2004 18:28:31 -0800 (PST), Alvin Oga wrote:
On Mon, 2 Feb 2004, Johannes Graumann wrote:
Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
At this point I believe to be able to attribute this to portsentry
45 matches
Mail list logo