Quoth Guy Cohen:
Hello,
I'm trying to discarded all those annoying windows unicode breakin attempts,
iptables -A INPUT -j REJECT -p tcp --dport 80 -m string --string cmd.exe
Since as of iptables v1.2.6a I can find no such match rule or option, I
assume you have developed it yourself. If I
On Tue, Aug 13, 2002 at 09:59:40PM +0300, Official Flamer/Cabal NON-Leader wrote:
Quoth Guy Cohen:
Hello,
I'm trying to discarded all those annoying windows unicode breakin attempts,
iptables -A INPUT -j REJECT -p tcp --dport 80 -m string --string cmd.exe
Since as of iptables
Quoth Official Flamer/Cabal NON-Leader:
The version I have does not have THAT. Mine's Debian, so they COULD have
chopped it out. Or, it could have been the other way around - it is not
Yes, debian HAS compiled netfilter without extensions.
On Tue, Aug 13, 2002 at 11:01:56PM +0300, Official Flamer/Cabal NON-Leader wrote:
Therefore, you CANNOT prevent logging info without KNOWING in advance
that some form of an attack is going to be following a legal connection,
OR having the kernel inform the application (i.e. netfilter inform
Quoth Guy Cohen:
yes, but why netfilter transfers the connection to apache in the first
place?
Do it manually ;-)...
---cuttez---dicez---removez---slicez---ambutez---choppez---
telnet foo.bar.com 80
GET /
GET /zumbu.html
GET
PROTECTED]
Sent: Tuesday, August 13, 2002 10:24 PM
Subject: Re: ipchains --string on http
Quoth Guy Cohen:
yes, but why netfilter transfers the connection to apache in the first
place?
Do it manually ;-)...
---cuttez---dicez---removez---slicez---ambutez---choppez---
telnet foo.bar.com 80
On Wed, Aug 14, 2002, Oleg Kobets wrote about Re: ipchains --string on http:
you forget that HTTP is stateless protocol. after one GET you will be
disconnected.
This is only strictly true in HTTP 0.9, a standard that nobody is using for
at least 5 years.
You can make requests in HTTP 1.1
Hi,
I need a quick fix for the following problem: I want to switch between
ipchains and iptables on a RH7.2 (kernel 2.4.9-31) without rebooting.
I figured I needed to rmmod ip_tables and insmod ipchains.o. ;-)
I flushed iptables, stopped the service, tried to rmmod ip_tables,
and got
# /sbin
On Wed, Apr 24, 2002, Oleg Goldshmidt wrote about switching between iptables and
ipchains:
# /sbin/rmmod ip_tables
ip_tables: Device or resource busy
# echo $?
1
What am I forgetting? So far TFW and TFMs did not yield anything
useful.
Try running lsmod and seeing if you have other modules
On Wed, 2002-04-24 at 10:50, Oleg Goldshmidt wrote:
Hi,
I need a quick fix for the following problem: I want to switch between
ipchains and iptables on a RH7.2 (kernel 2.4.9-31) without rebooting.
I figured I needed to rmmod ip_tables and insmod ipchains.o. ;-)
I flushed iptables
Nadav Har'El [EMAIL PROTECTED] writes:
So you might have to remove the iptable_filter module before you can
remove ip_tables.
Stupid me... Thanks.
--
Oleg Goldshmidt | [EMAIL PROTECTED]
[Lisp] is the only computer language that is beautiful.
- Neal Stephenson
Hi,
I need a quick fix for the following problem: I want to switch between
ipchains and iptables on a RH7.2 (kernel 2.4.9-31) without rebooting.
I figured I needed to rmmod ip_tables and insmod ipchains.o. ;-)
I flushed iptables, stopped the service, tried to rmmod ip_tables
the kernel would surely get larger.
btw, netfilter has not just 1 or 2 moduels - it has around 15+ modules -
unless you ocmpile them all into the kernel itself.
if you already had netfilter in the kernel,and were just missing the
ipchains compatibility layer - then i don't know (since i don't know
underestimate the power of
the cracker with a scanner.
i have both ipchains and iptables installed, but unfurtunally, my kernel is
compiled with no support to both
is it possible to enable support without recompiling the kernel?
nope.
if not, how can i make sure all the current options compiled
,
Volkind Danny
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of TCL
Sent: Friday, December 14, 2001 3:13 AM
To: [EMAIL PROTECTED]
Subject: enabling ipchains/iptables
hello
i have slack 8 with kernel 2.4.5
in the last week i got my
hello all.
basicly recompile the kernel with one or two new modules. Ok
I did this once, the only thing changed was one more module.
So why the new kernel (bzimage) was different, some bytes larger.
- diego
=
To unsubscribe,
hello
i have slack 8 with kernel 2.4.5
in the last week i got my modem working with linux and now is the time to set
up a firewall ruleset
i have both ipchains and iptables installed, but unfurtunally, my kernel is
compiled with no support to both
is it possible to enable support without
On Fri, 14 Dec 2001, TCL wrote:
Before answering, I warmly suggest using iptables and not ipchains. It's
setup is very similar, and so is the syntax. It pays to invest 30 minutes.
But, if you are determined not to do it, see below (and this will take
much more).
Assuming the kernel you run
as a gateway.
On Linux side:
nothing special. I disabled all firewall rules, changed Policies to ACCEPT,
run
ipchains -A forward -i ppp0 -s 192.168.0.0/24 -j MASQ
Still same problem.
What I missed?
Any RTFM with links to docs will be highly appreciated.
Thanks in advance
of sites, however, work OK. There are two or three sites that changed
their behaviour to me since I moved to Linux as a gateway.
On Linux side:
nothing special. I disabled all firewall rules, changed Policies to ACCEPT,
run
ipchains -A forward -i ppp0 -s 192.168.0.0/24 -j MASQ
Still same problem
On Sat, 1 Dec 2001, guy keren wrote:
On 30 Nov 2001, Noam Meltzer wrote:
I guess you didn't really understand what i wanted. I don't want to see
that the module is loaded. I want to see what is it doing while it's
running.
what its doing has different interpretations. if it is
: Re: checking the functioning of an ipchains module
On Sat, 1 Dec 2001, guy keren wrote:
On 30 Nov 2001, Noam Meltzer wrote:
I guess you didn't really understand what i wanted. I don't want to
see
that the module is loaded. I want to see what is it doing while it's
running.
what
On Sat, 1 Dec 2001, Oded Arbel wrote:
I don't have that file, but I have /proc/net/ip_conntrack which under
correct analyzis will yield the list of NATed connections.
(kernel 2.4.13, iptables)
i must have looked at it the other time when no internal client was
connected, since i only saw the
Mulix,
in iptables it is called conntrack :
/proc/net/ip_conntrack
Dani
On Sat, 1 Dec 2001, mulix wrote:
On Sat, 1 Dec 2001, guy keren wrote:
On 30 Nov 2001, Noam Meltzer wrote:
I guess you didn't really understand what i wanted. I don't want to see
that the module is loaded. I want
On Sat, 1 Dec 2001, mulix wrote:
also (2 questions for the price of one email), i'm looking to implement
traffic limiting on the linux router for internal users (bofh? me?
never. what was your user name again?). what tools am i looking for?
Have you looked at the advanced routing howto?
On Sat, 1 Dec 2001, Tzafrir Cohen wrote:
On Sat, 1 Dec 2001, mulix wrote:
also (2 questions for the price of one email), i'm looking to implement
traffic limiting on the linux router for internal users (bofh? me?
never. what was your user name again?). what tools am i looking for?
Have
2.4.16, approximately latest iptables.
--
mulix
http://www.pointer.co.il/~mulix/
http://syscalltrack.sf.net/
10x to mulix i got the direction I needed. There's a directory
/proc/net/ip_masq/ (accurate for ipchains on 2.2.20, i dunno about
netfilter) which has information about all the modules
On Sat, 1 Dec 2001, Tzafrir Cohen wrote:
On Sat, 1 Dec 2001, mulix wrote:
also (2 questions for the price of one email), i'm looking to implement
traffic limiting on the linux router for internal users (bofh? me?
never. what was your user name again?). what tools am i looking for?
Hi!
I recently installed the icq module for ipchains in my linux masqurading
machine. (and used the opportunity to upgrade to kernel 2.2.20)
Anyway, I was wondering if there's a way to see how that module is
functioning. Something like when i do: ipchains -L -M or something
similar.
10x,
Noam
~O0=-
He took his vorpal sword in hand:
Long time the manxome foe he sought -
So rested he by the Tumtum tree.
And stood awhile in thought.
[L.Carrol Jabberwacky]
On 30 Nov 2001, Noam Meltzer wrote:
Hi!
I recently installed the icq module for ipchains in my
he sought -
So rested he by the Tumtum tree.
And stood awhile in thought.
[L.Carrol Jabberwacky]
On 30 Nov 2001, Noam Meltzer wrote:
Hi!
I recently installed the icq module for ipchains in my linux masqurading
machine. (and used the opportunity to upgrade
On 30 Nov 2001, Noam Meltzer wrote:
I guess you didn't really understand what i wanted. I don't want to see
that the module is loaded. I want to see what is it doing while it's
running.
what its doing has different interpretations. if it is 'understanding
how it works' - use the source,
Hi,
I have networked my computers at Home that the Linux box is the gateway and
the other computers are windows Boxes. The Internet is shared without any
problems between the computers on the network. but, when Im starting my
ipchains script thhe gateway still has the connection but the rest
Hello Eran
the gateway thing (Masquerading Forwarding) is in fact ipchains' job. I
guess that your firewalling script first cleans ipchains rules (so it
'disconnects' the other computers from the internet), and then putting the
firewall thing.
another possibility is that there is an ipchains
syn ? "SYN " : /* "PENANCE" */ "", count);
It goes like this:
Packet log: ipchains label that caught packet ipchains action name
[if action=FW_REDIRECTthen destniation ip] interface name (like
"eth0") IP protocol (like 6)
source ip source port
addr))0xFF,
dst_port,
ntohs(ip-tot_len), ip-tos, ntohs(ip-id),
ntohs(ip-frag_off), ip-ttl);
for (opti = 0; opti (ip-ihl - sizeof(struct iphdr) / 4); opti++)
printk(" O=0x%8.8X", *opt++);
printk(" %s(#%d)\n", syn ? "SYN " : /* "PENANCE" */ "", count
On Sun, 31 Dec 2000, guy keren wrote:
On Sun, 31 Dec 2000, Jonathan Ben-Avraham wrote:
The ipchains HOWTO contains an example firewall configuration with
separate chains defined for each triple of source network, destination
network and direction. That is, there are chains "ne
On Mon, 1 Jan 2001, Adi Stav wrote:
Hmm. How is that different from from creating custom chains in
ipchains and sending packets from one chain to another?
with chains - when one chain matched a rule, then its action is taken
place, and no more rule matching is performed on that packet from
a complete "computation", and then the packets coming out
of it are re-processed by the rules in a second table. i already so a case
where this allowed for more functionality then s possible using kernel
2.2's chains.
Hmm. How is that different from from creating custom chains i
On Sun, 31 Dec 2000, Alex Shnitman wrote:
Hi, guy!
On Sun, Dec 31, 2000 at 10:01:07AM +0200, you wrote the following:
btw, in the new kernel (2.4), where netfilter is used, there is a new
notion of tables. unlike usage of multiple chains, usage of multiple
tables does add extra
On Sun, 31 Dec 2000, Alex Shnitman wrote:
btw, in the new kernel (2.4), where netfilter is used, there is a new
notion of tables. unlike usage of multiple chains, usage of multiple
tables does add extra functionality, in that it allows you to have one set
of rules perform a complete
"computation", and then the packets coming out
of it are re-processed by the rules in a second table. i already so a case
where this allowed for more functionality then s possible using kernel
2.2's chains.
Hmm. How is that different from from creating custom chains in
ipchains and sendi
Looks like this thread is never going to end. Does anybody still remember why
it was titled "ipchains"? :)
On Sat, Dec 30, 2000, Omer Zak wrote about "GPL or not GPL, that is the question (was:
Re: ipchains)":
I believe that all the arguments about GPLed software (sta
Hi, guy!
On Sun, Dec 31, 2000 at 10:01:07AM +0200, you wrote the following:
btw, in the new kernel (2.4), where netfilter is used, there is a new
notion of tables. unlike usage of multiple chains, usage of multiple
tables does add extra functionality, in that it allows you to have one set
On Fri, 29 Dec 2000, "Stanislav Malyshev" [EMAIL PROTECTED] wrote:
For GPL, RMS is the copyright law.
No it isn't. RMS has his legal counsel (a professor of law) issue his
opinions. If you think you opinions of law are worth more, you're
welcome to do whatever you want. I just think RMS's
On Sat, 30 Dec 2000, "Stanislav Malyshev" [EMAIL PROTECTED] wrote:
MZ I just think RMS's legal counsel
MZ is pretty sound. Is that a problem for you?
Yes
..
since I do not
have my own law professor, all I can do is ranting about it.
Not so. For a couple of hundred dollars, you can get a
On Sat, 30 Dec 2000, "Stanislav Malyshev" [EMAIL PROTECTED] wrote:
Well, dual licensing code as GPL and BSD (or GPL and PD, for example) is a
You can't dual license as GPL and PD -- public domain is not a license.
A license refers to the terms under which you may use copyrighted works
while
MZ For GPL, RMS is the copyright law.
MZ
MZ No it isn't. RMS has his legal counsel (a professor of law) issue his
MZ opinions. If you think you opinions of law are worth more, you're
MZ welcome to do whatever you want. I just think RMS's legal counsel
MZ is pretty sound. Is that a problem for
On Fri, Dec 29, 2000 at 09:26:59PM +0200, Stanislav Malyshev a.k.a Frodo wrote:
AS ==quote==
AS Richard Stallman wrote:
AS
AS That you don't distribute binaries does not change the fact that your
AS source code is designed to include Readline in the program. You
AS cannot do that,
On Fri, Dec 29, 2000 at 09:29:51PM +0200, Stanislav Malyshev a.k.a Frodo wrote:
AS Have you actually READ the GPL? It does not define "derived work"
AS anywhere, leaving that to copyright law. RMS has said as much, too.
For GPL, RMS is the copyright law. Since if RMS thinks it's violating
On Fri, Dec 29, 2000 at 07:27:34PM +0200, Nadav Har'El wrote:
But the GPL causes the following sort of "comtamination": Take any of the
important pieces of GPL software on the Internet. Most, if not all, of them
have been written by more than one person. Some of them have been written
or
On Fri, Dec 29, 2000 at 08:44:52PM +0200, Stanislav Malyshev a.k.a Frodo wrote:
NH What kind of judge is going to make a decision against a company
NH when in a 100,000 line code, 50 lines "somehow distantly
NH resemble" code from a GPLed program? If the developer only looks
NH at the code,
AS That is necessary for copyleft. If you could take Linux and release it
Sure. So be aware that any time you read "proprietary" in FSF texts, you
should read "non-GPL", since GPL restricts not only more strict licenses,
but also less strict. I understand why it's done, but let's be honest -
On Sat, Dec 30, 2000, Adi Stav wrote about "Re: ipchains":
On Fri, Dec 29, 2000 at 07:27:34PM +0200, Nadav Har'El wrote:
There's another problematic issue about the GPL. It's quite clear how it
applies to software companies, but how does it apply to Hardware companies?
For exa
I believe that all the arguments about GPLed software (starting from
ipchains and then wandered elsewhere) overlooked one important point.
This point is what originally motivated RMS in his GNU crusade.
His original point is that users must have the power to modify software
and tailor
On Sat, Dec 30, 2000 at 10:14:33PM +0200, Stanislav Malyshev a.k.a Frodo wrote:
AS That is necessary for copyleft. If you could take Linux and release it
Sure. So be aware that any time you read "proprietary" in FSF texts, you
should read "non-GPL", since GPL restricts not only more strict
On Sat, Dec 30, 2000 at 10:25:31PM +0200, Nadav Har'El wrote:
I'd say that as soon as a company releases software, it doesn't matter
whether the company's core business is hardware or not. The software
is governed by the same laws.
I'm not sure I understand: do you mean the GPL should
Hi, Stanislav!
I'll skip the GPL-related part of the email since it has already been
discussed to death by others. (I think it's been a bit like "a
watermelon is red from the inside" "no, asshole, it's green from the
outside" type of thing, but whatever.)
On Thu, Dec 28, 2000 at 11:07:47PM
Hi,
The ipchains HOWTO contains an example firewall configuration with
separate chains defined for each triple of source network, destination
network and direction. That is, there are chains "net-dmz", "dmz-net",
"net-int", "int-net", "int-dmz&qu
On Sun, 31 Dec 2000, Jonathan Ben-Avraham wrote:
The ipchains HOWTO contains an example firewall configuration with
separate chains defined for each triple of source network, destination
network and direction. That is, there are chains "net-dmz", "dmz-net",
"net-
On Fri, Dec 29, 2000 at 09:34:22AM +0200, Stanislav Malyshev a.k.a Frodo wrote:
AS That's a common misconception. It should have been obvious, but
AS somehow never is, that no amount of licensing trickery can make one
AS program be considered a derivative work of an unrelated program. And
On Fri, Dec 29, 2000, Adi Stav wrote about "Re: ipchains":
Likewise, no program can
"contaminate" other programs and change their license, whether or not
you link them together. What the GPL is saying that you cannot
If you want to use others' GPLed code in more
res
NH What kind of judge is going to make a decision against a company
NH when in a 100,000 line code, 50 lines "somehow distantly
NH resemble" code from a GPLed program? If the developer only looks
NH at the code, that's what going to happen - he won't suddenly
NH have 10,000 lines identical to a
NH What kind of judge is going to make a decision against a company
NH when in a 100,000 line code, 50 lines "somehow distantly
NH resemble" code from a GPLed program? If the developer only looks
NH at the code, that's what going to happen - he won't suddenly
NH have 10,000 lines identical
AS The same copyright system that disallows you to copy ripped MP3s
AS disallows companies to make proprietary products out of GPLed
AS software. Our copyright system is just fine.
With our GPLed software the matter is pretty complicated. Generally, GPLed
software is referred to as a "free
On Thu, Dec 28, 2000 at 11:07:47PM +0200, Stanislav Malyshev a.k.a Frodo wrote:
With our GPLed software the matter is pretty complicated. Generally, GPLed
software is referred to as a "free software". But, in fact, it's not free
at all, in the common meaning of the word "freedom". You cannot
On Thu, 28 Dec 2000, "Stanislav Malyshev" [EMAIL PROTECTED] wrote:
RIAA is within it's right when it uses current law. I agree that it might
be immoral
When some company does something that is within the law but immoral, I
tend to lose respect for that company's requests. Whatever happened
to
AS That's a common misconception. It should have been obvious, but
AS somehow never is, that no amount of licensing trickery can make one
AS program be considered a derivative work of an unrelated program. And
See, this is an official position of RMS. I have quotes from him
personally saying
At 11:07 PM 12/28/00 +0200, you wrote:
AS The same copyright system that disallows you to copy ripped MP3s
AS disallows companies to make proprietary products out of GPLed
AS software. Our copyright system is just fine.
With our GPLed software the matter is pretty complicated. Generally, GPLed
On Mon, 25 Dec 2000 16:41:49 +0200, System1 [EMAIL PROTECTED] wrote:
using ICQ remote attacker is able to make full port scan on networks behind
the firewall.
No, when a user uses the client with a bug, a remote attacker is able to
If ICQ gives people the ability to make scans of my
Moshe Zadka wrote:
On Mon, 25 Dec 2000 16:41:49 +0200, System1 [EMAIL PROTECTED] wrote:
using ICQ remote attacker is able to make full port scan on networks behind
the firewall.
No, when a user uses the client with a bug, a remote attacker is able to
No, it's a protocol feature
Moshe Zadka wrote:
On Tue, 26 Dec 2000 17:53:08 +0200, Alon Oz [EMAIL PROTECTED] wrote:
As you said, the sysadmin was an idiot, if a sysadmin wants
he can easily block ICQ.
ssh UDP forwarding to home machine. 'Nuff said.
1 problem though, by using firewall piercing techniques you
On Tue, 26 Dec 2000, Alon Oz [EMAIL PROTECTED] wrote:
1 problem though, by using firewall piercing techniques you probably
violate your contract with the company.
And what part of "I'm an advocate of company policy/polite request rather
then technical solutions" did I fail to make clear?
Moshe Zadka wrote:
On Tue, 26 Dec 2000, Alon Oz [EMAIL PROTECTED] wrote:
1 problem though, by using firewall piercing techniques you probably
violate your contract with the company.
And what part of "I'm an advocate of company policy/polite request rather
then technical solutions"
AO 1. the computer on 192.168.1.78(example) is up
Nice. Most computers tend to be up when people are working.
AO 2. It can receive connection to the ICQ port
Wrong. Firewall won't let incoming connection in. It would only allow to
receive UDP packets inside "virtual circuit" created by
AO Even if the CEO does. Seen any company that the users don't hold mp3s
AO on their computers? It's illegal in the US and most startups are
AO registered in the US.
MP3 format is illegal in US? News for me. Is WAV going to be banned too?
--
[EMAIL PROTECTED] \/ There shall be counsels
Hi,
we are using here IPChains Firewall.
Is there anyway to block complete domain such as *.icq.com ?
Moran.
=
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run t
Jonathan Ben-Avraham wrote:
On Mon, 25 Dec 2000, System1 wrote:
Hi,
we are using here IPChains Firewall.
Is there anyway to block complete domain such as *.icq.com ?
No, not with ipchains, because -s accepts only a hostname, network address
or plain IP address
You dig all
On Mon, 25 Dec 2000, Alon Oz wrote:
Jonathan Ben-Avraham wrote:
On Mon, 25 Dec 2000, System1 wrote:
Hi,
we are using here IPChains Firewall.
Is there anyway to block complete domain such as *.icq.com ?
No, not with ipchains, because -s accepts only a hostname, network
Jonathan Ben-Avraham wrote:
On Mon, 25 Dec 2000, Alon Oz wrote:
Jonathan Ben-Avraham wrote:
On Mon, 25 Dec 2000, Alon Oz wrote:
Jonathan Ben-Avraham wrote:
On Mon, 25 Dec 2000, System1 wrote:
Hi,
we are using here IPChains Firewall
its not so easy , i blocked while ago port 5194 (icq login port) but today i
found users still able to connect.
so i made port scan on login.icq.com and found that they have above 100
ports you can login to incase your admin locks you out :)
so what i did was adding the following rule:
$IPCHAINS
On Mon, Dec 25, 2000, System1 wrote about "ipchains":
its not so easy , i blocked while ago port 5194 (icq login port) but today i
found users still able to connect.
..
and to block aol messanger (another client with security bugs which allows
remote attacker take full contro
trying to block it)
Moran.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hetz Ben Hamo
Sent: Monday, December 25, 2000 4:34 PM
To: System1
Cc: [EMAIL PROTECTED]
Subject: Re: ipchains
Well, if I was a sys admin, then I would allow ICQ..
BUT, I would
On Mon, Dec 25, 2000, System1 wrote about "RE: ipchains":
using ICQ remote attacker is able to make full port scan on networks behind
the firewall.
If ICQ gives people the ability to make scans of my servers that are behind
firewall I dont want it here. its only troubles.
Nadav Har'El wrote:
On Mon, Dec 25, 2000, System1 wrote about "RE: ipchains":
using ICQ remote attacker is able to make full port scan on networks behind
the firewall.
If ICQ gives people the ability to make scans of my servers that are behind
firewall I dont want it here
and found that they have above 100
ports you can login to incase your admin locks you out :)
so what i did was adding the following rule:
$IPCHAINS -A output -p tcp -s $REMOTENET -d login.icq.com 0: -i
$OUTERIF -j DENY
$IPCHAINS -A output -p tcp -s $REMOTENET -d web.icq.com 0: -i
$OUTERIF
can you point us out to this tool?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of System1
Sent: Monday, December 25, 2000 4:42 PM
To: 'Hetz Ben Hamo'
Cc: [EMAIL PROTECTED]
Subject: RE: ipchains
using ICQ remote attacker is able to make full port scan
Ishay Sommer wrote:
email headers sent via smtp include the original ip from which the message
sent from
Not if you make a few changes to the mailer (checked on qmail/sendmail)
--
Alon Oz,
Aduva Research Team,
Mailto: [EMAIL PROTECTED]
--
A proud member in the Evil Linux
On Mon, Dec 25, 2000, Alon Oz wrote about "Re: ipchains":
The ICQ protocol reveals the real IP of the computer running the client,
so even if you use GNU replacements it doesn't matter.
So what? Unless you have a completely-proxy-firewall (block everything and
allow only applicati
I dont think many knows about this.
The person who show us this vulnerability didnt say where he found it. but
we saw how he make it.
Moran.
-Original Message-
From: Nadav Har'El [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 25, 2000 5:26 PM
To: Alon Oz
Subject: Re: ipchains
Sure
this.
| The person who show us this vulnerability didnt say where he found it. but
| we saw how he make it.
|
| Moran.
|
|
|
| -Original Message-
| From: Nadav Har'El [mailto:[EMAIL PROTECTED]]
| Sent: Monday, December 25, 2000 5:26 PM
| To: Alon Oz
| Subject: Re: ipchains
|
| Sure
On Mon, 25 Dec 2000, System1 wrote:
the first step is using udp sniffer.
after that you have tools you can find on the webto preform scans in the
network of the victim.
you must have direct connection to the user for that. (I think its ICQ
default).
Is that correct?
Then you can make sure
NH So what? Unless you have a completely-proxy-firewall (block
NH everything and allow only application proxies), whatever packets
NH you let through (be they http, ftp, or icq) carry the IP address
NH of the machine behind the firewall. But so what? If you use
I give you address of a machine
AO The ICQ protocol reveals the real IP of the computer running the client,
AO so even if you use GNU replacements it doesn't matter.
AO This "feature" opens a window for "crackers" to use various firewall
AO penetrating/piercing techniques.
If the computer is behind the firewall, most chances
Nadav Har'El wrote:
On Mon, Dec 25, 2000, Alon Oz wrote about "Re: ipchains":
The ICQ protocol reveals the real IP of the computer running the client,
so even if you use GNU replacements it doesn't matter.
So what? Unless you have a completely-proxy-firewall (block everything
S using ICQ remote attacker is able to make full port scan on networks behind
S the firewall.
How exactly one does that? Can you elaborate?
--
[EMAIL PROTECTED] \/ There shall be counsels taken
Stanislav Malyshev /\ Stronger than Morgul-spells
phone +972-3-9316425/\
AO But if icq.com(example) got my packet and know my "secret" intranet
AO addresses
Oh, yeah, those defined in top-secret RFC1918? 10.1.1.1? 10.10.1.1?
192.168.1.1? 172.16.1.1? Am I l33t haxx0r already?
Guess how many pings is it going to take me to know each
internet-accessible address on your
Barak Rosenberg wrote:
I have problems using a stand alone configuration,which means using brctl
and ipchains
in our LRP Linux system.
Are you using the new bridge patch for the 2.2.x kernels or the old
bridge code that comes with 2.2.x?
I managed to load the instance of the bridge
Hello,
I have problems using a stand alone configuration,which means using brctl
and ipchains
in our LRP Linux system.
I managed to load the instance of the bridge,and even sending ping outside
using my Linux,
threw the bridge (the bridge instance connected to eth0 and eth1),
I probably
On Fri, 7 Jul 2000, Ira Abramov wrote:
Am I secure now?
most probably an IPchains script should help.
I just moved back from Frame Relay to ISDN, so I updated my
firewall+masq script for the new setup. feel free to use it as a start
point, although it needs much revision. remember
1 - 100 of 103 matches
Mail list logo