Re: (A little OT) Introduction to cryptography
Scott Jardine wrote: Hi, I have been studying crypto systems for awhile now and it seems that the best resource on the subject bar none is APPLIED CRYPTOGRAPHY written by Bruce Schneier 2nd Edition has copious code examples and execellent easy to understand explaination of practically all practical crypto algorithms out there. You may have heard of one of the authors algorithms - blowfish... Failing that try looking at the gnu privacy guard. It is an awesome public key algorithm. Here are some sample-Chapters of the english version: http://cacr.math.uwaterloo.ca/hac/ -- Winfried M. Thalmeier [EMAIL PROTECTED] -o) http://home.in.tum.de/~thalmeie/index.html /\\ ___/___/___/___/___/___/___/___/___/___/ _\_v -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: (A little OT) Introduction to cryptography
On Fri, 23 Mar 2001 13:50:54 +0100 Philippe Seidel [EMAIL PROTECTED] wrote: Hi all, As you are the only security-related list I'm subscribed to and cryptography has something to do with security, I'm directing this question to this list. [...] Hi Philippe, I'm reading 'Cryptography Network Security: Principles Practice' by: William Stallings. see: http://www.amazon.com/exec/obidos/ASIN/0138690170/qid=1017063207/sr=2-2/ref=sr_2_2/104-4862342-2058358 http://williamstallings.com/Security2e.html cya, -- _ _ __|_ _. _ _|_.__.._ _ _ (_||_|_ |_(_|\/(_) | |(_|| |(_(_)[EMAIL PROTECTED] _|nupg id: 0x37155778 [EMAIL PROTECTED] Alternex S/A - www.alternex.com.br -- Rio de Janeiro/Brazil gnupg id: 0x37155778 (fetch from keyserver: wwwkeys.eu.pgp.net) Key fingerprint = 1908 52B9 4A16 6EC2 74D1 C03B EDFB 7005 3715 5778 msg06070/pgp0.pgp Description: PGP signature
Security problem in PHP3+Postgres with Potato?
Hi, I think I found a security problem in PHP3+postgres+apache shipped with Potato. Correct me if I'm wrong, but the following code should support any $var. If you uncomment the client_encoding line, I'm able to execute any request I want with the good $var. %-- $conn = pg_connect(dbname= . BASE_DOC . port= . BASE_PORT . user= . BASE_USER); $var=X; //pg_exec($conn, SET client_encoding = 'LATIN1'); $requete = SELECT col FROM tab WHERE col=' . addslashes($var) . '; echo $requete; $query = pg_exec($conn, $requete); %-- Tested on Debian GNU/Linux Potato i386, with apache 1.3.9-14 php3 3.0.18-0 php3-pgsql 3.0.18-0 postgresql 6.5.3-27 What's the normal way to make a security bug report? -- Benoît Sibaud RD Engineer - France Telecom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: (A little OT) Introduction to cryptography
On Mon, 25 Mar 2002, Winfried M. Thalmeier wrote: Hi, I have been studying crypto systems for awhile now and it seems that the best resource on the subject bar none is APPLIED CRYPTOGRAPHY written by Bruce Schneier 2nd Edition has copious code examples and execellent easy to understand explaination of practically all practical crypto algorithms out there. You may have heard of one of the authors algorithms - blowfish... Failing that try looking at the gnu privacy guard. It is an awesome public key algorithm. Here are some sample-Chapters of the english version: http://cacr.math.uwaterloo.ca/hac/ Actually, this is the entire English version of Handbook of Applied Cryptography, by Menezes, Vanstone and van Oorschot. It's a serious crypto book, and covers the mathematics of crypto far better than Schneier does. (In fact, the first edition of Applied Crypto had not only horrible math, but incorrect math. The second edition fixed this by having people who knew what they were doing rewrite the chapters.) I recommend reading Applied Crypto to get the basic ideas, but then looking up the relavent sections in the Handbook. Another good crypto book is Stinson's Cryptography: Theory and Practice, which again delves into the mathematics more. I'm taking a crypto course from Menezes this term. One of the major points he made was that Bacon-Icecream is bad. More specifically, bacon is good, and ice cream is good. But together, the combination is questionable. If you're doing any sort of crypto work, you need to understand the crypto part so you don't just sprinkle magic-crypto-fairy-dust on your project and hope it works. It probably won't. Damian -- Damian Gryski == [EMAIL PROTECTED] | Linux, the choice of a GNU generation 512 pt Hacker Test score = 37% | 500 pt Nerd Test score = 56% geek / linux zealot / coder / juggler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: (A little OT) Introduction to cryptography
Hi, I'd just like to point out that every time I think of the book Applied Cryptography I always think of swarms of bacteria and weird conspiracies :) -Original Message- From: Damian M Gryski [mailto:[EMAIL PROTECTED]] On Behalf Of Damian M Gryski Sent: Tuesday, March 26, 2002 1:58 AM To: [EMAIL PROTECTED] Subject: Re: (A little OT) Introduction to cryptography On Mon, 25 Mar 2002, Winfried M. Thalmeier wrote: Hi, I have been studying crypto systems for awhile now and it seems that the best resource on the subject bar none is APPLIED CRYPTOGRAPHY written by Bruce Schneier 2nd Edition has copious code examples and execellent easy to understand explaination of practically all practical crypto algorithms out there. You may have heard of one of the authors algorithms - blowfish... Failing that try looking at the gnu privacy guard. It is an awesome public key algorithm. Here are some sample-Chapters of the english version: http://cacr.math.uwaterloo.ca/hac/ Actually, this is the entire English version of Handbook of Applied Cryptography, by Menezes, Vanstone and van Oorschot. It's a serious crypto book, and covers the mathematics of crypto far better than Schneier does. (In fact, the first edition of Applied Crypto had not only horrible math, but incorrect math. The second edition fixed this by having people who knew what they were doing rewrite the chapters.) I recommend reading Applied Crypto to get the basic ideas, but then looking up the relavent sections in the Handbook. Another good crypto book is Stinson's Cryptography: Theory and Practice, which again delves into the mathematics more. I'm taking a crypto course from Menezes this term. One of the major points he made was that Bacon-Icecream is bad. More specifically, bacon is good, and ice cream is good. But together, the combination is questionable. If you're doing any sort of crypto work, you need to understand the crypto part so you don't just sprinkle magic-crypto-fairy-dust on your project and hope it works. It probably won't. Damian -- Damian Gryski == [EMAIL PROTECTED] | Linux, the choice of a GNU generation 512 pt Hacker Test score = 37% | 500 pt Nerd Test score = 56% geek / linux zealot / coder / juggler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Security problem in PHP3+Postgres with Potato?
-Original Message- From: Benoît Sibaud [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 4:55 PM To: [EMAIL PROTECTED] Subject: Security problem in PHP3+Postgres with Potato? What's the normal way to make a security bug report? apt-get install bug Gergely Trifonov mailto:[EMAIL PROTECTED] System Administrator, WSD IND - Interactive Net Design http://www.indweb.hu Széchenyi u. 70.H - 3530 Miskolc Hungary Phone: +36 46 505 106 Fax: +36 46 505 107 Mobile: +36 30 488 2408 !Please install IND CA Certificate as TRUSTED CA! https://www.indweb.hu/IND.crt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Security problem in PHP3+Postgres with Potato?
What's the normal way to make a security bug report? apt-get install bug The 'bug' package is for normal bugs. [EMAIL PROTECTED] seems to be the good place to report security problems. Sorry for my previous post. -- Benoît Sibaud RD Engineer - France Telecom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: failed ssh breakins on my exposed www box ..
You do have another option, sue them in Civil court. Just because someone tries to break into your computer does not mean that you have to go to the Feds in order to get anything done, you can take them to civil court and sue them. Granted, this is a long process, you must have a good lawyer that understands or is willing to learn about the workings of the web, but it can be done. Oh yeah, there is also the problem that when you do sue the other person after having them tracked down, that they have no money. Well, you end up having to go after their paycheck, and normally this takes even longer. Does this work? Going to civil court against a cracker? YES. It comes down to: Do you have the time to wait for a result or lawsuit? Do you know or have a lawyer that is net-smart or willing to learn? Do you have the start-up money for the lawsuit? (at least $1,000-$5000) If you are willing to go through all of the above for an attack on your system, talk to your lawyer NOW! Don't start tracking, or doing anything offensive against your cracker until you have cleared it with your lawyer. Anything you do can come back to haunt you in the civil case. All in all, civil lawsuits are so much easier to handle then trying to get the Feds interested in attacks against your system. Unless, you have suffered at least $50,000 worth of damage. Just my experience, and two cents. Joe Seanor http://www.cibir.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: failed ssh breakins on my exposed www box ..
Does this work? Going to civil court against a cracker? YES. It comes down to: Do you have the time to wait for a result or lawsuit? Do you know or have a lawyer that is net-smart or willing to learn? Do you have the start-up money for the lawsuit? (at least $1,000-$5000) Sorry to disagree, but I personally don't think that civil court is worth it unless the stakes are pretty high and the person you're suing undoubtedly has the ability to pay a judgement. This may be very difficult (or expensive) to pin down unless the person who's causing you problems is physically somewhere near you. Also, remember that a civil suit (IHMO) will only be of use against someone who cares about their reputation and who ultimately has some ability to pay. I care about my credit rating, but do you think some script kiddie who likes breaking things and works at McDonald's part-time does? I don't want my employer to see garnishment on my check, and I'm not willing to quit my job, but that same script kiddie might not feel the same way. Once you get garnishment set up, if the cracker switches jobs (and forgets to tell you) your garnishment won't follow to their new job, and you may have to find them all over again (or pay someone to find them again, same difference). Even better, sometimes garnishment orders don't cross jurisdictions, etc., etc. (pay the lawyer some more money). There are lots of potential pitfalls. So, yes - get a lawyer, then think long and hard about whether it's really worth it to you. If it is, go for it. Good luck! KEN -- Kenneth J. Pronovici [EMAIL PROTECTED] Personal Homepage: http://www.skyjammer.com/~pronovic/ They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. - Benjamin Franklin, Historical Review of Pennsylvania, 1759 msg06077/pgp0.pgp Description: PGP signature
unsubscribe
unsubcribe
__ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards® http://movies.yahoo.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: failed ssh breakins on my exposed www box ..
I think the net is freedom, and that is good... That is the silliest thing I have ever heard. So what you are saying is that any kiddy/professional attacker is allowed to do whatever they want to anyones systems and data because the net is freedom. Equate it to the real world...if someone breaks into your house, they can do that cause they are free. If someone steals your possessions they can do that too cause they are freesure Think about it. ...you are responsable for your own security! That is true. Also sueing in the civil court sounds like a good idea. - Original Message - From: andreas mayer [EMAIL PROTECTED] To: Gary MacDougall [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, March 25, 2002 4:24 AM Subject: Re: failed ssh breakins on my exposed www box .. We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. I think if more people got prosecuted for trying to crack into a site, the level of BS would drop to zero. Yeah! And what if the attacker is from a other country? You cannot just bomb 'em for terrorist action, can you? I think the net is freedom, and that is good... ...you are responsable for your own security! -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: failed ssh breakins on my exposed www box ..
Agreed. I'll never understand why people will let crackers reap havoc on a network without issue, but if someone comes up and tries to break into my house, the police will be there in 2 seconds. g. -Original Message- From: Langdon Green [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 4:43 PM To: andreas mayer; Gary MacDougall; [EMAIL PROTECTED] Subject: Re: failed ssh breakins on my exposed www box .. I think the net is freedom, and that is good... That is the silliest thing I have ever heard. So what you are saying is that any kiddy/professional attacker is allowed to do whatever they want to anyones systems and data because the net is freedom. Equate it to the real world...if someone breaks into your house, they can do that cause they are free. If someone steals your possessions they can do that too cause they are freesure Think about it. ...you are responsable for your own security! That is true. Also sueing in the civil court sounds like a good idea. - Original Message - From: andreas mayer [EMAIL PROTECTED] To: Gary MacDougall [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Monday, March 25, 2002 4:24 AM Subject: Re: failed ssh breakins on my exposed www box .. We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. I think if more people got prosecuted for trying to crack into a site, the level of BS would drop to zero. Yeah! And what if the attacker is from a other country? You cannot just bomb 'em for terrorist action, can you? I think the net is freedom, and that is good... ...you are responsable for your own security! -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.338 / Virus Database: 189 - Release Date: 3/14/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.338 / Virus Database: 189 - Release Date: 3/14/2002 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
iptables filtering rules
Hello all, sorry to disturb you with this silly question. I am sure, that it is obvius to all list members (except me ;) scenario: intranet (10.10.1.x) with win clients (NT 2k), gateway (Debian GNU/Linux potato with kernel 2.4.18 + iptables). NAT is used for requests from intranet to Internet. this works fine. Web mailserver is behind the firewall, so I needed to set up portforwarding. dnat is used for this. this works fine. as the webserver is an ii$, I am sure, that some firewall rules must be set up for these two ports. The access.log shows, that is a MUST: GET /scripts/root.exe?/c+dir HTTP/1.0 GET /MSADC/root.exe?/c+dir HTTP/1.0 GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0 ... so on... I'm sure, that it's just a script kiddie, but, on the other hand, it's just m$ product. Q: how to set up filtering rules, if a PREROUTING dnat rule has been set up before? the packet never comes to the INPUT. nor to the FORWARD, doesn't it? I really do not want to set up another firewall onto that win2k server. TIA, gaan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: failed ssh breakins on my exposed www box ..
Yes, I've had a person that I had a judgement against change jobs once the papers were in to start taking money from his paycheck. The only thing is that I know until he pays up what the court says, he has to change jobs every 6 months. Is going to court for everyone? No, its up to you to decide that. It's a long process, and can get very ugly. It comes down to you and what you want to do. Use this against script kiddies? It depends on what happened to your system from them, again, YOUR decision. Joe Seanor http://www.cibir.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: failed ssh breakins on my exposed www box ..
On Mon, Mar 25, 2002 at 04:50:17PM -0500, Gary MacDougall wrote: Agreed. I'll never understand why people will let crackers reap havoc on a network without issue, but if someone comes up and tries to break into my house, the police will be there in 2 seconds. Hate to break it to you, but in normal circumstances, the cops aren't even going to want to show up for a normal burglary (well, if the person is *in the act* they may head that way). For a BE where the young socialists are no longer on-scene, you have to fight with them (the police) to get them to come out at all. Went through this twice in Chicago. Oh, and be there in 2 seconds. Call for a pizza, call the cops. You'll be well fed when the cops show up. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: failed ssh breakins on my exposed www box ..
Thats in your neighborhood dude, Here in Boston, you sneeze and blue lights are flashing... g. -Original Message- From: Christopher Petro [mailto:[EMAIL PROTECTED]]On Behalf Of Petro Sent: Monday, March 25, 2002 5:30 PM To: Gary MacDougall Cc: Langdon Green; andreas mayer; [EMAIL PROTECTED] Subject: Re: failed ssh breakins on my exposed www box .. On Mon, Mar 25, 2002 at 04:50:17PM -0500, Gary MacDougall wrote: Agreed. I'll never understand why people will let crackers reap havoc on a network without issue, but if someone comes up and tries to break into my house, the police will be there in 2 seconds. Hate to break it to you, but in normal circumstances, the cops aren't even going to want to show up for a normal burglary (well, if the person is *in the act* they may head that way). For a BE where the young socialists are no longer on-scene, you have to fight with them (the police) to get them to come out at all. Went through this twice in Chicago. Oh, and be there in 2 seconds. Call for a pizza, call the cops. You'll be well fed when the cops show up. -- Share and Enjoy. --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.338 / Virus Database: 189 - Release Date: 3/14/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.338 / Virus Database: 189 - Release Date: 3/14/2002 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: iptables filtering rules
i'm in the middle of switching from ipchains to iptables right now and i haven't tested my DNAT rules yet, but from what i understand, packets pass through the FORWARD chain in the filter table after the PREROUTING chain in the nat table. see the second paragraph here: http://netfilter.samba.org/documentation/HOWTO//packet-filtering-HOWTO-9.html xn On Mon, Mar 25, 2002 at 10:46:45PM +0100, Andras GALAMBOSI wrote: Hello all, sorry to disturb you with this silly question. I am sure, that it is obvius to all list members (except me ;) scenario: intranet (10.10.1.x) with win clients (NT 2k), gateway (Debian GNU/Linux potato with kernel 2.4.18 + iptables). NAT is used for requests from intranet to Internet. this works fine. Web mailserver is behind the firewall, so I needed to set up portforwarding. dnat is used for this. this works fine. as the webserver is an ii$, I am sure, that some firewall rules must be set up for these two ports. The access.log shows, that is a MUST: GET /scripts/root.exe?/c+dir HTTP/1.0 GET /MSADC/root.exe?/c+dir HTTP/1.0 GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0 ... so on... I'm sure, that it's just a script kiddie, but, on the other hand, it's just m$ product. Q: how to set up filtering rules, if a PREROUTING dnat rule has been set up before? the packet never comes to the INPUT. nor to the FORWARD, doesn't it? I really do not want to set up another firewall onto that win2k server. TIA, gaan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: iptables filtering rules
Andras GALAMBOSI wrote: Hello all, ... as the webserver is an ii$, I am sure, that some firewall rules must be set up for these two ports. The access.log shows, that is a MUST: GET /scripts/root.exe?/c+dir HTTP/1.0 GET /MSADC/root.exe?/c+dir HTTP/1.0 GET /c/winnt/system32/cmd.exe?/... Hi I've found entries like this in the log of a site recently migrated from a NT to a BeOS box; probably due to the old structure of some web pages still dependents of M$ typical server extensions, in my situation. --- Luiz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: iptables filtering rules
The entries you are seeing are caused by the army of infected MS IIS server (Codered, Nimda, etc) try to hack into other IIS servers at random. I see these on every web server I manage that aren't behind a firewall (ie, blocking port 80). Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 It's the smell! If there is such a thing. Agent Smith - The Matrix - Original Message - From: Luiz Carlos Santos de Alencar [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, April 26, 2002 12:50 PM Subject: Re: iptables filtering rules Andras GALAMBOSI wrote: Hello all, ... as the webserver is an ii$, I am sure, that some firewall rules must be set up for these two ports. The access.log shows, that is a MUST: GET /scripts/root.exe?/c+dir HTTP/1.0 GET /MSADC/root.exe?/c+dir HTTP/1.0 GET /c/winnt/system32/cmd.exe?/... Hi I've found entries like this in the log of a site recently migrated from a NT to a BeOS box; probably due to the old structure of some web pages still dependents of M$ typical server extensions, in my situation. --- Luiz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: failed ssh breakins on my exposed www box ..
In article [EMAIL PROTECTED] [EMAIL PROTECTED] writes: What's the best way to figure out the admin for a subnet from a machine's IP? As others have pointed out, whois is the normal tool to do it, but they forgot to mention the complexities you get with servers pointing to each other and sometimes to rwhois servers, etc. There are some whois servers (like geektools) that try to work through this mess, but I've written hinfo, a tool I use to get this info as well as looking them up in several DNSBL lists, etc. I mainly use it on spammers addresses and URLs so I can complain to their IP block owner. (and add the block to BlarsBL (http://www.blars.org/errors/block.html) if the ISP doesn't take care of their spamming problem) hinfo is avilable from http://www.blars.org/hinfo.html . I may package it for debian, if people want me to, after some more cleanup and documentation. Here is the hinfo output for that address: Processing 213.26.96.103 (213.26.96.103) 213.26.96.103 is in selwerd XBL as 127.0.0.4 IPQuery: 213.26.96.103 Server: whois.arin.net IPQuery: 213.26.96.103 Server: whois.ripe.net Referering Data: European Regional Internet Registry/RIPE NCC (NETBLK-213-RIPE) These addresses have been further assigned to European users. Contact info can be found in the RIPE database, via the WHOIS and TELNET servers at whois.ripe.net, and at http://www.ripe.net/perl/whois/ NL Netname: RIPE-213 Netblock: 213.0.0.0 - 213.255.255.255 Maintainer: RIPE Coordinator: Reseaux IP European Network Co-ordination Centre Singel 258 (RIPE-NCC-ARIN) [EMAIL PROTECTED] +31 20 535 Domain System inverse mapping provided by: NS.RIPE.NET 193.0.0.193 NS.EU.NET192.16.202.11 AUTH00.NS.UU.NET 198.6.1.65 NS3.NIC.FR 192.134.0.49 SUNIC.SUNET.SE 192.36.125.2 MUNNARI.OZ.AU128.250.1.21 NS.APNIC.NET 203.37.255.97 SVC00.APNIC.NET 202.12.28.131 Record last updated on 08-Apr-1999. Database last updated on 23-Mar-2002 19:56:37 EDT. % This is the RIPE Whois server. % The objects are in RPSL format. % Please visit http://www.ripe.net/rpsl for more information. % Rights restricted by copyright. % See http://www.ripe.net/ripencc/pub-services/db/copyright.html inetnum: 213.26.96.96 - 213.26.96.127 netname: SATEL-GROUP descr:Satel Group Srl country: IT admin-c: SB10545-RIPE tech-c: FC3284-RIPE status: ASSIGNED PA notify: [EMAIL PROTECTED] mnt-by: INTERB-MNT changed: [EMAIL PROTECTED] 2605 source: RIPE route:213.26.0.0/16 descr:INTERBUSINESS origin: AS3269 remarks: Send report of network abuse/spam remarks: only to: [EMAIL PROTECTED] . remarks: If you report abuse to any other address remarks: you will get no response. notify: [EMAIL PROTECTED] mnt-by: INTERB-MNT changed: [EMAIL PROTECTED] 20011009 source: RIPE person: Sonia Ballaben address: Satel Group Srl address: Centro Commerciale A1/12 address: I- 33170 Pordenone address: Italy phone:+39 0434 571110 fax-no: +39 0434 572830 e-mail: [EMAIL PROTECTED] nic-hdl: SB10545-RIPE changed: [EMAIL PROTECTED] 2605 source: RIPE person: Fabio Cardin address: Satel Group Srl address: Centro Commerciale A1/12 address: I- 33170 Pordenone address: Italy phone:+39 0434 571110 fax-no: +39 0434 572830 e-mail: [EMAIL PROTECTED] nic-hdl: FC3284-RIPE changed: [EMAIL PROTECTED] 2605 source: RIPE kk -- Blars Blarson [EMAIL PROTECTED] http://www.blars.org/blars.html Text is a way we cheat time. -- Patrick Nielsen Hayden -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: (A little OT) Introduction to cryptography
On Fri, 23 Mar 2001 13:50:54 +0100 Philippe Seidel [EMAIL PROTECTED] wrote: Hi all, As you are the only security-related list I'm subscribed to and cryptography has something to do with security, I'm directing this question to this list. [...] Hi Philippe, I'm reading 'Cryptography Network Security: Principles Practice' by: William Stallings. see: http://www.amazon.com/exec/obidos/ASIN/0138690170/qid=1017063207/sr=2-2/ref=sr_2_2/104-4862342-2058358 http://williamstallings.com/Security2e.html cya, -- _ _ __|_ _. _ _|_.__.._ _ _ (_||_|_ |_(_|\/(_) | |(_|| |(_(_)[EMAIL PROTECTED] _|nupg id: 0x37155778 [EMAIL PROTECTED] Alternex S/A - www.alternex.com.br -- Rio de Janeiro/Brazil gnupg id: 0x37155778 (fetch from keyserver: wwwkeys.eu.pgp.net) Key fingerprint = 1908 52B9 4A16 6EC2 74D1 C03B EDFB 7005 3715 5778 pgppftgfw4prC.pgp Description: PGP signature
Security problem in PHP3+Postgres with Potato?
Hi, I think I found a security problem in PHP3+postgres+apache shipped with Potato. Correct me if I'm wrong, but the following code should support any $var. If you uncomment the client_encoding line, I'm able to execute any request I want with the good $var. %-- $conn = pg_connect(dbname= . BASE_DOC . port= . BASE_PORT . user= . BASE_USER); $var=X; //pg_exec($conn, SET client_encoding = 'LATIN1'); $requete = SELECT col FROM tab WHERE col=' . addslashes($var) . '; echo $requete; $query = pg_exec($conn, $requete); %-- Tested on Debian GNU/Linux Potato i386, with apache 1.3.9-14 php3 3.0.18-0 php3-pgsql 3.0.18-0 postgresql 6.5.3-27 What's the normal way to make a security bug report? -- Benoît Sibaud RD Engineer - France Telecom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: (A little OT) Introduction to cryptography
On Mon, 25 Mar 2002, Winfried M. Thalmeier wrote: Hi, I have been studying crypto systems for awhile now and it seems that the best resource on the subject bar none is APPLIED CRYPTOGRAPHY written by Bruce Schneier 2nd Edition has copious code examples and execellent easy to understand explaination of practically all practical crypto algorithms out there. You may have heard of one of the authors algorithms - blowfish... Failing that try looking at the gnu privacy guard. It is an awesome public key algorithm. Here are some sample-Chapters of the english version: http://cacr.math.uwaterloo.ca/hac/ Actually, this is the entire English version of Handbook of Applied Cryptography, by Menezes, Vanstone and van Oorschot. It's a serious crypto book, and covers the mathematics of crypto far better than Schneier does. (In fact, the first edition of Applied Crypto had not only horrible math, but incorrect math. The second edition fixed this by having people who knew what they were doing rewrite the chapters.) I recommend reading Applied Crypto to get the basic ideas, but then looking up the relavent sections in the Handbook. Another good crypto book is Stinson's Cryptography: Theory and Practice, which again delves into the mathematics more. I'm taking a crypto course from Menezes this term. One of the major points he made was that Bacon-Icecream is bad. More specifically, bacon is good, and ice cream is good. But together, the combination is questionable. If you're doing any sort of crypto work, you need to understand the crypto part so you don't just sprinkle magic-crypto-fairy-dust on your project and hope it works. It probably won't. Damian -- Damian Gryski == [EMAIL PROTECTED] | Linux, the choice of a GNU generation 512 pt Hacker Test score = 37% | 500 pt Nerd Test score = 56% geek / linux zealot / coder / juggler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: (A little OT) Introduction to cryptography
Hi, I'd just like to point out that every time I think of the book Applied Cryptography I always think of swarms of bacteria and weird conspiracies :) -Original Message- From: Damian M Gryski [mailto:[EMAIL PROTECTED] On Behalf Of Damian M Gryski Sent: Tuesday, March 26, 2002 1:58 AM To: debian-security@lists.debian.org Subject: Re: (A little OT) Introduction to cryptography On Mon, 25 Mar 2002, Winfried M. Thalmeier wrote: Hi, I have been studying crypto systems for awhile now and it seems that the best resource on the subject bar none is APPLIED CRYPTOGRAPHY written by Bruce Schneier 2nd Edition has copious code examples and execellent easy to understand explaination of practically all practical crypto algorithms out there. You may have heard of one of the authors algorithms - blowfish... Failing that try looking at the gnu privacy guard. It is an awesome public key algorithm. Here are some sample-Chapters of the english version: http://cacr.math.uwaterloo.ca/hac/ Actually, this is the entire English version of Handbook of Applied Cryptography, by Menezes, Vanstone and van Oorschot. It's a serious crypto book, and covers the mathematics of crypto far better than Schneier does. (In fact, the first edition of Applied Crypto had not only horrible math, but incorrect math. The second edition fixed this by having people who knew what they were doing rewrite the chapters.) I recommend reading Applied Crypto to get the basic ideas, but then looking up the relavent sections in the Handbook. Another good crypto book is Stinson's Cryptography: Theory and Practice, which again delves into the mathematics more. I'm taking a crypto course from Menezes this term. One of the major points he made was that Bacon-Icecream is bad. More specifically, bacon is good, and ice cream is good. But together, the combination is questionable. If you're doing any sort of crypto work, you need to understand the crypto part so you don't just sprinkle magic-crypto-fairy-dust on your project and hope it works. It probably won't. Damian -- Damian Gryski == [EMAIL PROTECTED] | Linux, the choice of a GNU generation 512 pt Hacker Test score = 37% | 500 pt Nerd Test score = 56% geek / linux zealot / coder / juggler -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: Security problem in PHP3+Postgres with Potato?
-Original Message- From: Benoît Sibaud [mailto:[EMAIL PROTECTED] Sent: Monday, March 25, 2002 4:55 PM To: debian-security@lists.debian.org Subject: Security problem in PHP3+Postgres with Potato? What's the normal way to make a security bug report? apt-get install bug Gergely Trifonov mailto:[EMAIL PROTECTED] System Administrator, WSD IND - Interactive Net Design http://www.indweb.hu Széchenyi u. 70.H - 3530 Miskolc Hungary Phone: +36 46 505 106 Fax: +36 46 505 107 Mobile: +36 30 488 2408 !Please install IND CA Certificate as TRUSTED CA! https://www.indweb.hu/IND.crt -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Security problem in PHP3+Postgres with Potato?
What's the normal way to make a security bug report? apt-get install bug The 'bug' package is for normal bugs. [EMAIL PROTECTED] seems to be the good place to report security problems. Sorry for my previous post. -- Benoît Sibaud RD Engineer - France Telecom -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: failed ssh breakins on my exposed www box ..
You do have another option, sue them in Civil court. Just because someone tries to break into your computer does not mean that you have to go to the Feds in order to get anything done, you can take them to civil court and sue them. Granted, this is a long process, you must have a good lawyer that understands or is willing to learn about the workings of the web, but it can be done. Oh yeah, there is also the problem that when you do sue the other person after having them tracked down, that they have no money. Well, you end up having to go after their paycheck, and normally this takes even longer. Does this work? Going to civil court against a cracker? YES. It comes down to: Do you have the time to wait for a result or lawsuit? Do you know or have a lawyer that is net-smart or willing to learn? Do you have the start-up money for the lawsuit? (at least $1,000-$5000) If you are willing to go through all of the above for an attack on your system, talk to your lawyer NOW! Don't start tracking, or doing anything offensive against your cracker until you have cleared it with your lawyer. Anything you do can come back to haunt you in the civil case. All in all, civil lawsuits are so much easier to handle then trying to get the Feds interested in attacks against your system. Unless, you have suffered at least $50,000 worth of damage. Just my experience, and two cents. Joe Seanor http://www.cibir.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: failed ssh breakins on my exposed www box ..
Does this work? Going to civil court against a cracker? YES. It comes down to: Do you have the time to wait for a result or lawsuit? Do you know or have a lawyer that is net-smart or willing to learn? Do you have the start-up money for the lawsuit? (at least $1,000-$5000) Sorry to disagree, but I personally don't think that civil court is worth it unless the stakes are pretty high and the person you're suing undoubtedly has the ability to pay a judgement. This may be very difficult (or expensive) to pin down unless the person who's causing you problems is physically somewhere near you. Also, remember that a civil suit (IHMO) will only be of use against someone who cares about their reputation and who ultimately has some ability to pay. I care about my credit rating, but do you think some script kiddie who likes breaking things and works at McDonald's part-time does? I don't want my employer to see garnishment on my check, and I'm not willing to quit my job, but that same script kiddie might not feel the same way. Once you get garnishment set up, if the cracker switches jobs (and forgets to tell you) your garnishment won't follow to their new job, and you may have to find them all over again (or pay someone to find them again, same difference). Even better, sometimes garnishment orders don't cross jurisdictions, etc., etc. (pay the lawyer some more money). There are lots of potential pitfalls. So, yes - get a lawyer, then think long and hard about whether it's really worth it to you. If it is, go for it. Good luck! KEN -- Kenneth J. Pronovici [EMAIL PROTECTED] Personal Homepage: http://www.skyjammer.com/~pronovic/ They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety. - Benjamin Franklin, Historical Review of Pennsylvania, 1759 pgpgLLHNxKq6t.pgp Description: PGP signature
unsubscribe
unsubcribe
__ Do You Yahoo!? Yahoo! Movies - coverage of the 74th Academy Awards® http://movies.yahoo.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: failed ssh breakins on my exposed www box ..
I think the net is freedom, and that is good... That is the silliest thing I have ever heard. So what you are saying is that any kiddy/professional attacker is allowed to do whatever they want to anyones systems and data because the net is freedom. Equate it to the real world...if someone breaks into your house, they can do that cause they are free. If someone steals your possessions they can do that too cause they are freesure Think about it. ...you are responsable for your own security! That is true. Also sueing in the civil court sounds like a good idea. - Original Message - From: andreas mayer [EMAIL PROTECTED] To: Gary MacDougall [EMAIL PROTECTED]; debian-security@lists.debian.org Sent: Monday, March 25, 2002 4:24 AM Subject: Re: failed ssh breakins on my exposed www box .. We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. I think if more people got prosecuted for trying to crack into a site, the level of BS would drop to zero. Yeah! And what if the attacker is from a other country? You cannot just bomb 'em for terrorist action, can you? I think the net is freedom, and that is good... ...you are responsable for your own security! -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: failed ssh breakins on my exposed www box ..
Agreed. I'll never understand why people will let crackers reap havoc on a network without issue, but if someone comes up and tries to break into my house, the police will be there in 2 seconds. g. -Original Message- From: Langdon Green [mailto:[EMAIL PROTECTED] Sent: Monday, March 25, 2002 4:43 PM To: andreas mayer; Gary MacDougall; debian-security@lists.debian.org Subject: Re: failed ssh breakins on my exposed www box .. I think the net is freedom, and that is good... That is the silliest thing I have ever heard. So what you are saying is that any kiddy/professional attacker is allowed to do whatever they want to anyones systems and data because the net is freedom. Equate it to the real world...if someone breaks into your house, they can do that cause they are free. If someone steals your possessions they can do that too cause they are freesure Think about it. ...you are responsable for your own security! That is true. Also sueing in the civil court sounds like a good idea. - Original Message - From: andreas mayer [EMAIL PROTECTED] To: Gary MacDougall [EMAIL PROTECTED]; debian-security@lists.debian.org Sent: Monday, March 25, 2002 4:24 AM Subject: Re: failed ssh breakins on my exposed www box .. We seriouslly need a US branch of the law-enforcement to deal with this sort of stuff. I think if more people got prosecuted for trying to crack into a site, the level of BS would drop to zero. Yeah! And what if the attacker is from a other country? You cannot just bomb 'em for terrorist action, can you? I think the net is freedom, and that is good... ...you are responsable for your own security! -- GMX - Die Kommunikationsplattform im Internet. http://www.gmx.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.338 / Virus Database: 189 - Release Date: 3/14/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.338 / Virus Database: 189 - Release Date: 3/14/2002 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
iptables filtering rules
Hello all, sorry to disturb you with this silly question. I am sure, that it is obvius to all list members (except me ;) scenario: intranet (10.10.1.x) with win clients (NT 2k), gateway (Debian GNU/Linux potato with kernel 2.4.18 + iptables). NAT is used for requests from intranet to Internet. this works fine. Web mailserver is behind the firewall, so I needed to set up portforwarding. dnat is used for this. this works fine. as the webserver is an ii$, I am sure, that some firewall rules must be set up for these two ports. The access.log shows, that is a MUST: GET /scripts/root.exe?/c+dir HTTP/1.0 GET /MSADC/root.exe?/c+dir HTTP/1.0 GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0 ... so on... I'm sure, that it's just a script kiddie, but, on the other hand, it's just m$ product. Q: how to set up filtering rules, if a PREROUTING dnat rule has been set up before? the packet never comes to the INPUT. nor to the FORWARD, doesn't it? I really do not want to set up another firewall onto that win2k server. TIA, gaan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: failed ssh breakins on my exposed www box ..
Yes, I've had a person that I had a judgement against change jobs once the papers were in to start taking money from his paycheck. The only thing is that I know until he pays up what the court says, he has to change jobs every 6 months. Is going to court for everyone? No, its up to you to decide that. It's a long process, and can get very ugly. It comes down to you and what you want to do. Use this against script kiddies? It depends on what happened to your system from them, again, YOUR decision. Joe Seanor http://www.cibir.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: failed ssh breakins on my exposed www box ..
On Mon, Mar 25, 2002 at 04:50:17PM -0500, Gary MacDougall wrote: Agreed. I'll never understand why people will let crackers reap havoc on a network without issue, but if someone comes up and tries to break into my house, the police will be there in 2 seconds. Hate to break it to you, but in normal circumstances, the cops aren't even going to want to show up for a normal burglary (well, if the person is *in the act* they may head that way). For a BE where the young socialists are no longer on-scene, you have to fight with them (the police) to get them to come out at all. Went through this twice in Chicago. Oh, and be there in 2 seconds. Call for a pizza, call the cops. You'll be well fed when the cops show up. -- Share and Enjoy. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: iptables filtering rules
i'm in the middle of switching from ipchains to iptables right now and i haven't tested my DNAT rules yet, but from what i understand, packets pass through the FORWARD chain in the filter table after the PREROUTING chain in the nat table. see the second paragraph here: http://netfilter.samba.org/documentation/HOWTO//packet-filtering-HOWTO-9.html xn On Mon, Mar 25, 2002 at 10:46:45PM +0100, Andras GALAMBOSI wrote: Hello all, sorry to disturb you with this silly question. I am sure, that it is obvius to all list members (except me ;) scenario: intranet (10.10.1.x) with win clients (NT 2k), gateway (Debian GNU/Linux potato with kernel 2.4.18 + iptables). NAT is used for requests from intranet to Internet. this works fine. Web mailserver is behind the firewall, so I needed to set up portforwarding. dnat is used for this. this works fine. as the webserver is an ii$, I am sure, that some firewall rules must be set up for these two ports. The access.log shows, that is a MUST: GET /scripts/root.exe?/c+dir HTTP/1.0 GET /MSADC/root.exe?/c+dir HTTP/1.0 GET /c/winnt/system32/cmd.exe?/c+dir HTTP/1.0 ... so on... I'm sure, that it's just a script kiddie, but, on the other hand, it's just m$ product. Q: how to set up filtering rules, if a PREROUTING dnat rule has been set up before? the packet never comes to the INPUT. nor to the FORWARD, doesn't it? I really do not want to set up another firewall onto that win2k server. TIA, gaan -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
RE: failed ssh breakins on my exposed www box ..
Thats in your neighborhood dude, Here in Boston, you sneeze and blue lights are flashing... g. -Original Message- From: Christopher Petro [mailto:[EMAIL PROTECTED] Behalf Of Petro Sent: Monday, March 25, 2002 5:30 PM To: Gary MacDougall Cc: Langdon Green; andreas mayer; debian-security@lists.debian.org Subject: Re: failed ssh breakins on my exposed www box .. On Mon, Mar 25, 2002 at 04:50:17PM -0500, Gary MacDougall wrote: Agreed. I'll never understand why people will let crackers reap havoc on a network without issue, but if someone comes up and tries to break into my house, the police will be there in 2 seconds. Hate to break it to you, but in normal circumstances, the cops aren't even going to want to show up for a normal burglary (well, if the person is *in the act* they may head that way). For a BE where the young socialists are no longer on-scene, you have to fight with them (the police) to get them to come out at all. Went through this twice in Chicago. Oh, and be there in 2 seconds. Call for a pizza, call the cops. You'll be well fed when the cops show up. -- Share and Enjoy. --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.338 / Virus Database: 189 - Release Date: 3/14/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.338 / Virus Database: 189 - Release Date: 3/14/2002 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: iptables filtering rules
Andras GALAMBOSI wrote: Hello all, ... as the webserver is an ii$, I am sure, that some firewall rules must be set up for these two ports. The access.log shows, that is a MUST: GET /scripts/root.exe?/c+dir HTTP/1.0 GET /MSADC/root.exe?/c+dir HTTP/1.0 GET /c/winnt/system32/cmd.exe?/... Hi I've found entries like this in the log of a site recently migrated from a NT to a BeOS box; probably due to the old structure of some web pages still dependents of M$ typical server extensions, in my situation. --- Luiz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: iptables filtering rules
The entries you are seeing are caused by the army of infected MS IIS server (Codered, Nimda, etc) try to hack into other IIS servers at random. I see these on every web server I manage that aren't behind a firewall (ie, blocking port 80). Andrew Tait System Administrator Country NetLink Pty, Ltd E-Mail: [EMAIL PROTECTED] WWW: http://www.cnl.com.au 30 Bank St Cobram, VIC 3644, Australia Ph: +61 (03) 58 711 000 Fax: +61 (03) 58 711 874 It's the smell! If there is such a thing. Agent Smith - The Matrix - Original Message - From: Luiz Carlos Santos de Alencar [EMAIL PROTECTED] To: debian-security@lists.debian.org Sent: Friday, April 26, 2002 12:50 PM Subject: Re: iptables filtering rules Andras GALAMBOSI wrote: Hello all, ... as the webserver is an ii$, I am sure, that some firewall rules must be set up for these two ports. The access.log shows, that is a MUST: GET /scripts/root.exe?/c+dir HTTP/1.0 GET /MSADC/root.exe?/c+dir HTTP/1.0 GET /c/winnt/system32/cmd.exe?/... Hi I've found entries like this in the log of a site recently migrated from a NT to a BeOS box; probably due to the old structure of some web pages still dependents of M$ typical server extensions, in my situation. --- Luiz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]