Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1
On 3/29/02 3:40 PM martin f krafft said... dear bugtraq'ers, i must confess that the information i provided wrt the acclaimed DoS exploit in Debian potato's proftpd package (1.2.0pre10-2.0potato1) was not fully accurate. the package *does in fact contain a buggy daemon* despite having been fixed, according to the changelog: proftpd (1.2.0pre10-2.0potato1) stable; urgency=high snip i don't think it's necessary to discuss this; the daemon as packaged by debian is buggy and that has to be fixed. but i hope i was able to give you some more information on the extent of the exploit. i will do my best to push a fixed package into the APT archive at security.debian.org as soon as possible. Plus 1.2.0 went final back in January 2001. It's been out for over a year. Many versions without this bug have been released for some time. I don't see any reason to beat a dead horse. Any distribution that still ships anything older than 1.2.4 should simply make 1.2.4 available in the updates or errata. -- Justin Shore, ES-SS ES-SSR Pittsburg State University Network Systems Manager Kelce 157Q Office of Information Systems Pittsburg, KS 66762 Voice: (620) 235-4606 Fax: (620) 235-4545 http://www.pittstate.edu/ois/ Warning: This message has been quadruple Rot13'ed for your protection. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A question about some network services
First of all thanks to all for responses. On Wed, 2002-04-03 at 20:22, Holger Eitzenberger wrote: On Wed, Apr 03, 2002 at 09:16:03AM +0200, Emmanuel Lacour wrote: 'time' is RFC 868, a pre-NTP time synchronization protocol. It just sends the time as a 32-bit int, where: The time is the number of seconds since 00:00 (midnight) 1 January 1900 GMT, such that the time 1 is 12:00:01 am on 1 January 1900 GMT; this base will serve until the year 2036. I think it sends it big-endian, but I'm not sure. Is it used by the old rdate tools? Old rdate tools ? I use them regulary to update my servers with the current time, is it more convenient to install an NTP server on my local network ? Thanks. Indeed. It's quite usefull if you don't have a NTP server at hand, e. g. behind a firewall. It's not ok if you need accuracy of less than 1 sec. /Holger -- ++ GnuPG Key - http://www.t-online.de/~holger.eitzenberger ++ -- »« »« »« »« »« »« »« »« »« »« »« »« »« »« »« Ivo Marino[EMAIL PROTECTED] UN*X Developer, running Debian GNU/Linux irc.OpenProjects.net #debian http://eimbox.org/~eim http://eimbox.org »« »« »« »« »« »« »« »« »« »« »« »« »« »« »« -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A question about some network services
rdate is probably easier to use. ntp requires at least a little configuration, but it is more accurate. xn On Thu, Apr 04, 2002 at 06:56:30PM +0200, eim wrote: First of all thanks to all for responses. On Wed, 2002-04-03 at 20:22, Holger Eitzenberger wrote: On Wed, Apr 03, 2002 at 09:16:03AM +0200, Emmanuel Lacour wrote: 'time' is RFC 868, a pre-NTP time synchronization protocol. It just sends the time as a 32-bit int, where: The time is the number of seconds since 00:00 (midnight) 1 January 1900 GMT, such that the time 1 is 12:00:01 am on 1 January 1900 GMT; this base will serve until the year 2036. I think it sends it big-endian, but I'm not sure. Is it used by the old rdate tools? Old rdate tools ? I use them regulary to update my servers with the current time, is it more convenient to install an NTP server on my local network ? Thanks. Indeed. It's quite usefull if you don't have a NTP server at hand, e. g. behind a firewall. It's not ok if you need accuracy of less than 1 sec. /Holger -- ++ GnuPG Key - http://www.t-online.de/~holger.eitzenberger ++ -- »« »« »« »« »« »« »« »« »« »« »« »« »« »« »« Ivo Marino[EMAIL PROTECTED] UN*X Developer, running Debian GNU/Linux irc.OpenProjects.net #debian http://eimbox.org/~eim http://eimbox.org »« »« »« »« »« »« »« »« »« »« »« »« »« »« »« -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A question about some network services
On Tue, Apr 02, 2002 at 01:34:32PM -0500, Noah L. Meyerhans wrote: Well, daytime spits out the time of day, time is for NTP, and I'm not sure what discard is used for. No, NTP does not use the time port. It uses port 123 (ntp in /etc/services). Ok, figures I don't know since I don't use it. Discard is the network equivalent of /dev/null W.. an MTU of zero :) The question of what to do with these ports comes up every once in a while on this list. Some people prefer to leave them on, others turn them off. I don't think there's ever been an exploit that involves these ports, as the code is quite simple (i.e. easy to implement securely). Occasionally, there may be a DOS attack, but nothing invasive. I usually turn off inetd completely. It helps makes things quieter on a nessus scan :) Yes, this is good advice, and something that never occurs to most people. Most common services these days run quite happily in standalone mode, so there's often no reason to use inetd at all. Given most everything can run through SSH or SSL (at least TCP-based) :) -Anne -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ msg06205/pgp0.pgp Description: PGP signature
Re: A question about some network services
On Thu, Apr 04, 2002 at 06:56:30PM +0200, eim wrote: First of all thanks to all for responses. On Wed, 2002-04-03 at 20:22, Holger Eitzenberger wrote: On Wed, Apr 03, 2002 at 09:16:03AM +0200, Emmanuel Lacour wrote: 'time' is RFC 868, a pre-NTP time synchronization protocol. It just sends the time as a 32-bit int, where: The time is the number of seconds since 00:00 (midnight) 1 January 1900 GMT, such that the time 1 is 12:00:01 am on 1 January 1900 GMT; this base will serve until the year 2036. I think it sends it big-endian, but I'm not sure. Is it used by the old rdate tools? Old rdate tools ? I use them regulary to update my servers with the current time, is it more convenient to install an NTP server on my local network ? Thanks. Sorry that's not that I wanted to say. Just rdate is a well known tool because it's an old tool (tcp/ip is old too, and we use it every days;-) when to use ntp/rdate well, it depends...-:) -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A question about some network services
Anne Carasik [EMAIL PROTECTED] writes: The question of what to do with these ports comes up every once in a while on this list. Some people prefer to leave them on, others turn them off. I don't think there's ever been an exploit that involves these ports, as the code is quite simple (i.e. easy to implement securely). Occasionally, there may be a DOS attack, but nothing invasive. Depends. I thought it was an old trick to persuade echo ports to talk to each other and run away giggling... Yes, this is good advice, and something that never occurs to most people. Most common services these days run quite happily in standalone mode, so there's often no reason to use inetd at all. Given most everything can run through SSH or SSL (at least TCP-based) :) The short reasons in favour of inetd are that a) you save memory space by not having the daemon running all the time (at the slight cost of latency on start-up - choose according to your situation!); b) (if using xinetd instead of boring old inetd) you can apply the same syntax for per-host rate- and resource-limiting to many services that would otherwise either require much research to implement (try exim and apache for size), or not even implement it at all; c) if you're writing a network listener of your own you can implement it in (x)inetd without having to worry about writing the regular listen-accept- process loop *again*. Not that it's *always* a good idea to use inetd, but it still has its plus- points by a long way, especially xinetd instead. ~Tim -- http://spodzone.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DoS in Shells: was Re: DoS in debian (potato) proftpd:1.2.0pre10-2.0potato1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Also tested, and vulnerable on: FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002 [EMAIL PROTECTED]:/usr/src/sys/compile/GENERIC i386 Tested using the shells bash, csh, ksh, zsh. Chip - - Chip McClure Sr. Unix Administrator GigGuardian, Inc. http://www.gigguardian.com/ - - On Wed, 3 Apr 2002 [EMAIL PROTECTED] wrote: Hello All, I can confirm that the ls strings dos' slackware 8.0. Causes shell process of that user (user or root) to chew up the cpu until the shell terminates on sig 11. Works on any shell the user is using, csh, ksh, bash Tested on: Linux 2.2.19 #93 Thu Jun 21 01:09:03 PDT 2001 i586 unknown SunOS 5.8 Generic_108528-12 sun4u sparc SUNW,Ultra-Enterprise Not Vuln: OpenBSD 3.0 GENERIC#94 i386 Needs more investigation. Gilbert At 03:40 PM 3/29/2002, martin f krafft wrote: ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* ... DenyFilter \*.*/ Just as a quick question, why not deny the string /../ (you may have to deny the regex /\.\./, depending how the filter in question works)? As far as I can tell, it's the ability to embed /../ into a path that is at the root of this, far more than the ability to embed wildcards. I can't think of a situation in which /../ should appear in a user-supplied path, except after a string of repeated ../s. The workaround suggested by Mr Krafft would disable some useful functionality - one large user of mine, for instance, was keen to have my own software evaluate wildcards in the body of the path, which Mr Krafft's workaround disables completely. They even paid for the privilege (not enough, but they paid ;-)) So, let's see, a regex that would deny /../, except as part of a string of such... One bash would be [^/.].*/\.\./ - matching /../ if it's after any character other than '/' or '.'. Doubtless someone can come up with something better. Alun. -- Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at 1602 Harvest Moon Place | http://www.wftpd.com or email [EMAIL PROTECTED] Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT. Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople Output from pgp Pretty Good Privacy(tm) Version 6.5.8 Internal development version only - not for general release. (c) 1999 Network Associates Inc. Export of this software may be restricted by the U.S. government. File is signed. signature not checked. Signature made 2002/04/04 05:51 GMT key does not meet validity threshold. WARNING: Because this public key is not certified with a trusted signature, it is not known with high confidence that this public key actually belongs to: (KeyID: 0x91AB07A7). wiping file pgptemp.$00pattern is: 0x pattern is: 0x666 pattern is: 0xddd pattern is: 0x333 pattern is: 0x111 pattern is: 0xbbb pattern is: 0xfff pattern is: 0x999 pattern is: 0x pattern is: 0x6db pattern is: 0xccc pattern is: 0x492 pattern is: 0xdb6 pattern is: 0x pattern is: 0x249 pattern is: 0x777 pattern is: 0xaaa pattern is: 0xeee pattern is: 0x555 pattern is: 0x444 pattern is: 0x888 pattern is: 0xb6d pattern is: 0x0 pattern is: 0x222 pattern is: 0x924 pattern is: 0x wiping file pgptemp.$01pattern is: 0x pattern is: 0x777 pattern is: 0x222 pattern is: 0x6db pattern is: 0xbbb pattern is: 0xb6d pattern is: 0x666 pattern is: 0x333 pattern is: 0x pattern is: 0xccc pattern is: 0x924 pattern is: 0xeee pattern is: 0xaaa pattern is: 0x pattern is: 0xddd pattern is: 0xfff pattern is: 0x999 pattern is: 0x888 pattern is: 0x0 pattern is: 0xdb6 pattern is: 0x444 pattern is: 0x249 pattern is: 0x492 pattern is: 0x555 pattern is: 0x111 pattern is: 0x -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBPKyICZuKtP8CSC69EQImIACfZE5iDHm4ug5FRhiq6jPqrL1VKrgAoIbU y58V4TmV1Du3rS1tas+lYUpu =dU2C -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: on potato's proftpd
also sprach Andrew Pimlott [EMAIL PROTECTED] [2002.04.04.0135 +0200]: this problem is understood by the developers of proftpd Wichert said that nobody has explained why the current fix on s.d.o doesn't work. If the problem is understood, why hasn't someone explained this? That's all that is asked, AFAICT. i have no clue if the fix repaired anything or even how it works, but the actual problem as it affects proftpd is known. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; net@madduck nobody expects the spanish inquisition. -- monty python msg06211/pgp0.pgp Description: PGP signature
Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1
also sprach Alun Jones [EMAIL PROTECTED] [2002.04.04.0445 +0200]: DenyFilter \*.*/ Just as a quick question, why not deny the string /../ (you may have to deny the regex /\.\./, depending how the filter in question works)? quick answer: because i merely copied the fix from the security pages of the proftpd homepage [1]. 1. http://proftpd.linux.co.uk/critbugs.html As far as I can tell, it's the ability to embed /../ into a path that is at the root of this, far more than the ability to embed wildcards. I can't think of a situation in which /../ should appear in a user-supplied path, except after a string of repeated ../s. i actually agree with you here. [^/.].*/\.\./ mh, this would not prevent /some/.dotdir/../ right? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; net@madduck to vacillate or not to vacillate, that is the question ... or is it? msg06212/pgp0.pgp Description: PGP signature
Re: DoS in Shells: was Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1
This is, to put it politely, incredibly old news. Let's face it, if you give a user a shell acount, with no restrictions on CPU time or memory usage, yes, they will be able to suck up as much resources as the computer can spare (this is, among other reasons why nice exists). I advise you place limitson the users, memory, cpu, stack size, file descriptors, etc, finding good limits can be tricky though, and you will also want to limit concurrent logins. I wrote an article on using PAM (pluggable Authenticaiton Modules) which covers these issues and a few others, available at: http://www.samag.com/documents/s=1161/sam0009a/0009a.htm Also you can view information on setting limits with various shells, and PAM as well at: http://seifried.org/security/os/linux/20020324-securing-linux-step-by-step.h tml goto Limiting users overview. And the LASG, Limiting and monitoring users http://seifried.org/lasg/users/ Better to use PAM to limit users then the shell because the various shells do not all support the limiting the same items, or soft/hard limits, and if you miss a shell and the user chsh's they can avoid it, they can't really avoid pam. As for the /*/../. problem in general it was discovered many many years ago (more then two). Kurt Seifried, [EMAIL PROTECTED] A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ http://www.iDefense.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
NEOMAIL - as big kev in OZ would say, IM EXCITED !
Hi, Sorry know this is off topic but I Just wanted everyone to know about NeoMail http://neomail.sourceforge.net Its a fully functional Webmail server that looks better and is more functional than many commercial servers and its FREE ! And easy to setup ! Know someone out there will be as excited about this program as i am, wish i would have known about it earlier. HAPPY LINUXING ! Marcel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
*****SPAM***** »ï¼º Ä®¶óÇÁ¸°ÅÍ Æ¯°¡ÆǸŠ110,000 ¿ø
HTML HEAD META content=text/html; charset=ks_c_5601-1987 http-equiv=Content-Type STYLE p, font, span { line-height:120%; margin-top:0; margin-bottom:0; }/STYLE /HEADBODY DIV align=left DL DTFONT face=±¼¸² color=black size=2¾È³ç Çϼ¼¿ä. nbsp;º» ¸ÞÀÏÀº ±¤°í ¸ÞÀÏ ÀÔ´Ï´Ù./FONT DTFONT face=±¼¸² color=black size=2»çÀü Çã¶ô¾øÀÌ ¸ÞÀÏÀ» º¸³»°Ô µÇ¾î¼ Áø½ÉÀ¸·Î Á˼ÛÇÕ´Ï´Ù/FONT/DT DTFONT face=±¼¸² color=black size=2/FONT /DT DTSPAN style=FONT-SIZE: 10ptFONT face=±¼¸² color=blackB¸ÞÀÏ ¹Þ±â¸¦ ¿øÄ¡ nbsp;¾ÊÀ¸½Å´Ù¸é ¾Æ·¡ ¸ÞÀÏ·Î ¹Ý¼Û¸ÞÀÏÀ» º¸³»Áֽøé BRÀÌÈÄ¿¡´Â Àý´ë·Î ¸ÞÀÏÀÌ ¼ö½ÅµÇÁö ¾ÊÀ» °ÍÀÔ´Ï´Ù.BR/B/FONT/SPANFONT face=±¼¸² color=black size=2. /FONT DTBFONT color=#ffSPAN style=FONT-SIZE: 14pt¹Ý¼Û¸ÞÀÏ ÁÖ¼Ò : [EMAIL PROTECTED]/SPAN/FONT/B/DT DTnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;Àü È : 02-895-7862 DT--- DT DTnbsp;nbsp;nbsp;nbsp;nbsp;»ï¼ºÇÁ¸°ÅÍ MJC-935 i nbsp;nbsp;nbsp;110,000 ¿ø¿¡ ÆǸŠnbsp;nbsp;( Ư°¡ ÆǸŰ¡°Ý ÀÔ´Ï´Ù ) DT DTnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;¼ÒºñÀÚ°¡:157,000 ¿ø ==gt; 110,000 ¿ø¿¡ ÆǸŠ/DT/DL DL DTnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;IMG height=354 src=http://2-sun.com/image/product/mjc935.jpg; width=354 border=0 DTnbsp;nbsp; nbsp; /DT/DL/DIV UL LI1200dpi ÃÊ°íÇØ»óµµ BR1ÀÎÄ¡´ç ÂïÈ÷´Â À×Å©¹æ¿ïÀÇ Å©±â°¡ ±âÁ¸ÀÇ ¹æ½Äº¸´Ù ÈξÀ ÀÛÀº LI'±Ø¹Ì¼¼ À×Å©¹æ½Ä'À» ä¿ë,ÀϹݿëÁö¿¡¼µµ ¼¶¼¼ÇÑ Ä÷¯ÀÇ ´À³¦À» ±×´ë·Î ÀçÇöÇØ µå¸³´Ï´Ù. BRBR/LI LI½Ã¿øÇÑ ¼Óµµ 7PPM BR1ºÐ¿¡ ÃÖ´ë 7ÀåÀÇ Èæ¹é¹®¼ ¹× 3ÀåÀÇ Ä÷¯¹®¼¸¦ Ãâ·ÂÇÒ ¼ö Àִ Ź¿ùÇÑ ½ºÇǵå! LIÀÏ¹Ý ÇнÀ¿ëÀ¸·Î³ª ¼Ò±Ô¸ð »ç¹«½Ç¿ëÀ¸·Î »ç¿ëÇϱ⿡ ¾Ë¸ÂÀº ¼ÓµµÀÔ´Ï´Ù. BRBR/LI LI¹øÁü¾ø°í ±ò²ûÇÑ ÇDZ׸ÕÆ® À×Å© BR¾î¶² Á¾·ùÀÇ ¿ëÁö¸¦ »ç¿ëÇصµ ¹øÁöÁö ¾Ê°í ¶Ç·ÈÇÏ°Ô ÀμâÇØÁÖ´Â °ËÁ¤»ö ÇDZ׸ÕÆ®À×Å©¸¦ »ç¿ë, LIÃâ·ÂµÈ ¹®¼°¡ ÇÑ°á ±ò²ûÇØ º¸ÀÔ´Ï´Ù. BRBR/LI LI45dBÀÇ Á¶¿ëÇÑ ÇÁ¸°Æà BR45dB ÀÌÇÏÀÇ Àú¼ÒÀ½ ÇÁ¸°ÆÃÀÌ °¡´ÉÇÑ ÃÊÁ¤¹Ð ¸ÞÄ«´ÏÁò ¿£ÁøÀ» ä¿ë, ÀÏ¹Ý °¡Á¤À̳ª »ç¹«½Ç¿¡¼ LIÁ¶¿ëÇÏ°Ô »ç¿ëÇÏ½Ç ¼ö ÀÖ½À´Ï´Ù. BRBR»ó¼¼spec BRBR/LI LIÀμâ¼Óµµ : 7ppm(Èæ¹é) / 3ppm(Ä÷¯) BRBR LIÇØ»óµµ : 1,200 x 1,200dpi(Ä÷¯, Èæ¹é) BRBR LIÀÎÀÚ¸ðµå : HBP BRBR LIȣȯ¼º : Window 95/98/NT 4.0 /2000/Me/XP,Mac OS 8.6/9.xÁö¿ø BRBR LI¸Þ¸ð¸® : 512KB BRBR LIÀÎÅÍÆäÀ̽º : USB(Universal Serial Bus), Æз¯·¼ BRBR LI¿ëÁöÅ©±â : A4,A5,B5,Legal,Executive,A6,¹è³Ê,¿±¼,¶óº§ ¿ëÁö BRBR LI±ÞÁö¿ë·® : 100¸Å(ÇÁ¸®¹Ì¾ö ¿ëÁö100¸Å ¹«·áÁ¦°ø) BRBR LI¹èÁö¿ë·® : 25¸Å BRBR LIÁ¦Ç° Å©±â(W*D*H) : 447 X 170X 210 mm BRBR LIÁ¤°ÝÀü¿ø : AC 220V Àü¿ë,60 Hz BRBRBRnbsp;nbsp;nbsp;nbsp;./LI/ULTRTD align=middle TABLE cellSpacing=0 cellPadding=5 width=691 border=0 TR TD width=681 OL type=1 LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redB¼Ò ºñ ÀÚ °¡ nbsp;: nbsp;157,000 ¿ø nbsp;¸ðµ¨:MJC-935 i nbsp;»ï¼ºÇÁ¸°ÅÍ/B/FONT/FONT LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redBÇö±ÝÆǸŰ¡ nbsp;: nbsp;110,000 ¿ø/B/FONT/FONT LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redBÅÃ¹è ¹ß¼Ûnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;/B/FONT/FONT LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redBÇÑ Á¤ ÆÇ ¸Å : 2002 .04.13±îÁö /B/FONT/FONT/LI/OL/TD/TR/TABLE TABLE cellSpacing=0 cellPadding=5 width=693 border=0 TR TD width=683 Pnbsp;/P/TD/TR/TABLE PFONT size=5Bnbsp;»ï¼ºÇÁ¸°ÅÍ nbsp;nbsp;ÀüÈ: 02-895-7862/B/FONT/P /BODY /HTML -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
*****SPAM***** »ï¼º Ä®¶óÇÁ¸°ÅÍ Æ¯°¡ÆǸŠ110,000 ¿ø
HTML HEAD META content=text/html; charset=ks_c_5601-1987 http-equiv=Content-Type STYLE p, font, span { line-height:120%; margin-top:0; margin-bottom:0; }/STYLE /HEADBODY DIV align=left DL DTFONT face=±¼¸² color=black size=2¾È³ç Çϼ¼¿ä. nbsp;º» ¸ÞÀÏÀº ±¤°í ¸ÞÀÏ ÀÔ´Ï´Ù./FONT DTFONT face=±¼¸² color=black size=2»çÀü Çã¶ô¾øÀÌ ¸ÞÀÏÀ» º¸³»°Ô µÇ¾î¼ Áø½ÉÀ¸·Î Á˼ÛÇÕ´Ï´Ù/FONT/DT DTFONT face=±¼¸² color=black size=2/FONT /DT DTSPAN style=FONT-SIZE: 10ptFONT face=±¼¸² color=blackB¸ÞÀÏ ¹Þ±â¸¦ ¿øÄ¡ nbsp;¾ÊÀ¸½Å´Ù¸é ¾Æ·¡ ¸ÞÀÏ·Î ¹Ý¼Û¸ÞÀÏÀ» º¸³»Áֽøé BRÀÌÈÄ¿¡´Â Àý´ë·Î ¸ÞÀÏÀÌ ¼ö½ÅµÇÁö ¾ÊÀ» °ÍÀÔ´Ï´Ù.BR/B/FONT/SPANFONT face=±¼¸² color=black size=2. /FONT DTBFONT color=#ffSPAN style=FONT-SIZE: 14pt¹Ý¼Û¸ÞÀÏ ÁÖ¼Ò : [EMAIL PROTECTED]/SPAN/FONT/B/DT DTnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;Àü È : 02-895-7862 DT--- DT DTnbsp;nbsp;nbsp;nbsp;nbsp;»ï¼ºÇÁ¸°ÅÍ MJC-935 i nbsp;nbsp;nbsp;110,000 ¿ø¿¡ ÆǸŠnbsp;nbsp;( Ư°¡ ÆǸŰ¡°Ý ÀÔ´Ï´Ù ) DT DTnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;¼ÒºñÀÚ°¡:157,000 ¿ø ==gt; 110,000 ¿ø¿¡ ÆǸŠ/DT/DL DL DTnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;IMG height=354 src=http://2-sun.com/image/product/mjc935.jpg; width=354 border=0 DTnbsp;nbsp; nbsp; /DT/DL/DIV UL LI1200dpi ÃÊ°íÇØ»óµµ BR1ÀÎÄ¡´ç ÂïÈ÷´Â À×Å©¹æ¿ïÀÇ Å©±â°¡ ±âÁ¸ÀÇ ¹æ½Äº¸´Ù ÈξÀ ÀÛÀº LI'±Ø¹Ì¼¼ À×Å©¹æ½Ä'À» ä¿ë,ÀϹݿëÁö¿¡¼µµ ¼¶¼¼ÇÑ Ä÷¯ÀÇ ´À³¦À» ±×´ë·Î ÀçÇöÇØ µå¸³´Ï´Ù. BRBR/LI LI½Ã¿øÇÑ ¼Óµµ 7PPM BR1ºÐ¿¡ ÃÖ´ë 7ÀåÀÇ Èæ¹é¹®¼ ¹× 3ÀåÀÇ Ä÷¯¹®¼¸¦ Ãâ·ÂÇÒ ¼ö Àִ Ź¿ùÇÑ ½ºÇǵå! LIÀÏ¹Ý ÇнÀ¿ëÀ¸·Î³ª ¼Ò±Ô¸ð »ç¹«½Ç¿ëÀ¸·Î »ç¿ëÇϱ⿡ ¾Ë¸ÂÀº ¼ÓµµÀÔ´Ï´Ù. BRBR/LI LI¹øÁü¾ø°í ±ò²ûÇÑ ÇDZ׸ÕÆ® À×Å© BR¾î¶² Á¾·ùÀÇ ¿ëÁö¸¦ »ç¿ëÇصµ ¹øÁöÁö ¾Ê°í ¶Ç·ÈÇÏ°Ô ÀμâÇØÁÖ´Â °ËÁ¤»ö ÇDZ׸ÕÆ®À×Å©¸¦ »ç¿ë, LIÃâ·ÂµÈ ¹®¼°¡ ÇÑ°á ±ò²ûÇØ º¸ÀÔ´Ï´Ù. BRBR/LI LI45dBÀÇ Á¶¿ëÇÑ ÇÁ¸°Æà BR45dB ÀÌÇÏÀÇ Àú¼ÒÀ½ ÇÁ¸°ÆÃÀÌ °¡´ÉÇÑ ÃÊÁ¤¹Ð ¸ÞÄ«´ÏÁò ¿£ÁøÀ» ä¿ë, ÀÏ¹Ý °¡Á¤À̳ª »ç¹«½Ç¿¡¼ LIÁ¶¿ëÇÏ°Ô »ç¿ëÇÏ½Ç ¼ö ÀÖ½À´Ï´Ù. BRBR»ó¼¼spec BRBR/LI LIÀμâ¼Óµµ : 7ppm(Èæ¹é) / 3ppm(Ä÷¯) BRBR LIÇØ»óµµ : 1,200 x 1,200dpi(Ä÷¯, Èæ¹é) BRBR LIÀÎÀÚ¸ðµå : HBP BRBR LIȣȯ¼º : Window 95/98/NT 4.0 /2000/Me/XP,Mac OS 8.6/9.xÁö¿ø BRBR LI¸Þ¸ð¸® : 512KB BRBR LIÀÎÅÍÆäÀ̽º : USB(Universal Serial Bus), Æз¯·¼ BRBR LI¿ëÁöÅ©±â : A4,A5,B5,Legal,Executive,A6,¹è³Ê,¿±¼,¶óº§ ¿ëÁö BRBR LI±ÞÁö¿ë·® : 100¸Å(ÇÁ¸®¹Ì¾ö ¿ëÁö100¸Å ¹«·áÁ¦°ø) BRBR LI¹èÁö¿ë·® : 25¸Å BRBR LIÁ¦Ç° Å©±â(W*D*H) : 447 X 170X 210 mm BRBR LIÁ¤°ÝÀü¿ø : AC 220V Àü¿ë,60 Hz BRBRBRnbsp;nbsp;nbsp;nbsp;./LI/ULTRTD align=middle TABLE cellSpacing=0 cellPadding=5 width=691 border=0 TR TD width=681 OL type=1 LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redB¼Ò ºñ ÀÚ °¡ nbsp;: nbsp;157,000 ¿ø nbsp;¸ðµ¨:MJC-935 i nbsp;»ï¼ºÇÁ¸°ÅÍ/B/FONT/FONT LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redBÇö±ÝÆǸŰ¡ nbsp;: nbsp;110,000 ¿ø/B/FONT/FONT LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redBÅÃ¹è ¹ß¼Ûnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;/B/FONT/FONT LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redBÇÑ Á¤ ÆÇ ¸Å : 2002 .04.13±îÁö /B/FONT/FONT/LI/OL/TD/TR/TABLE TABLE cellSpacing=0 cellPadding=5 width=693 border=0 TR TD width=683 Pnbsp;/P/TD/TR/TABLE PFONT size=5Bnbsp;»ï¼ºÇÁ¸°ÅÍ nbsp;nbsp;ÀüÈ: 02-895-7862/B/FONT/P /BODY /HTML -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
what's that?
Hi! I found that in my logs: Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by (uid=0) who could use su at six o'clock in the morning? -- Regards, Kirill Zverev mailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh allowing password logins even though its disabled
From: Jeremy T. Bouse [EMAIL PROTECTED] Have you verified that keyboard-interaction is not enabled as well? As I quote from the man page for sshd... PAMAuthenticationViaKbdInt Specifies whether PAM challenge response authentication is allowed. This allows the use of most PAM challenge response authentication modules, but it will allow password authentication regardless of whether PasswordAuthentication is disabled. The default is ``no''. Right on the money. I had followed the instructions that were given with bug 109846 and added this line to /etc/pam.d/ssh after the line mentioning pam_env.so: auth required pam_deny.so This left me with a password prompt, but no matter which password I typed in, it didn't let me in. Secure, but ugly. Commenting out this line from pam.d/ssh and changing the line in /etc/ssh/sshd_config to PAMAuthenticationViaKbdInt no makes it omit the password prompt instead of putting up a prompt which rejects all passwords. I should have read around all mentions of password in the sshd man page when changing the config files. Thanks for the pointer. cc'd this to [EMAIL PROTECTED] -- Tim Freeman [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: what's that?
It's a cron job belonging to root that changes its user before it goes to work. At 11:21 2002-04-05 +0600, Kirill Zverev wrote: Hi! I found that in my logs: Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by (uid=0) who could use su at six o'clock in the morning? -- Regards, Kirill Zverev mailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: what's that?
On Fri, 5 Apr 2002, Kirill Zverev wrote: I found that in my logs: Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by (uid=0) who could use su at six o'clock in the morning? from /etc/crontab: # m h dom mon dow user command 25 6* * * roottest -e /usr/sbin/anacron || run-parts --report /etc/cron.daily which then in turn invokes: /etc/cron.daily/find which contains the line: cd / updatedb --localuser=nobody 2/dev/null and from the manpage for updatedb, you'll see that --localuser invokes su. :) In short, this appears to be normal daily processing on your system. tony -- All parts should go together without forcing. You must remember that the parts you are reassembling were disassembled by you. Therefore, if you can't get them together again, there must be a reason. By all means, do not use a hammer.-- IBM maintenance manual, 1925 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: what's that?
On 2002-04-05 11:21:39, Kirill Zverev wrote: Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by (uid=0) who could use su at six o'clock in the morning? cron, possibly /etc/cron.daily/find: awind@pawan:/etc$ grep 25 crontab 25 6* * * roottest -e /usr/sbin/anacron || run-parts --report /etc/cron.daily awind@pawan:/etc/cron.daily$ grep nobody * find:cd / updatedb --localuser=nobody 2/dev/null /Allan -- Allan Wind P.O. Box 2022 Woburn, MA 01888-0022 USA msg06222/pgp0.pgp Description: PGP signature
Re: what's that?
Logrotate is a good candidate, that's what I found when looking at top output. /Karl Kirill Zverev skrev: Hi! I found that in my logs: Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by (uid=0) who could use su at six o'clock in the morning? -- Regards, Kirill Zverev mailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
*****SPAM***** (±¤°í)´ç½ÅÀ» ¹é¸¸ÀåÀÚŬ·´¿¡ ÃÊ´ëÇÕ´Ï´Ù...
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=Content-Type content=text/html; charset=unicode META content=MSHTML 6.00.2713.1100 name=GENERATOR/HEAD BODY font color=blue face=ÈÞ¸Õ¸ÅÁ÷ü size=3span style=FONT-SIZE: 18ptnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷üa href=http://nancho.starhana.com;script language=javascript src= http://myhome.hananet.net/~nannaya77/js/don1.js;/script/a/font P/P a href=http://nancho.starhana.com; target=_blankimg src=http://starhana.com/images/mtima1.jpg; border=0 width=134 height=114img src=http://starhana.com/images/mtima2.gif; border=0 width=146 height=114img src=http://starhana.com/images/mtima3.gif; border=0 width=146 height=114img src=http://starhana.com/images/mtima4.jpg; border=0 width=170 height=114/a pfont face=ÈÞ¸Õ¸ÅÁ÷ü color=red size=3span style=FONT-SIZE: 20ptÀÌÀ¯°¡ ÀÖ´Â ·©Å· 1À§ ½ÎÀÌÆ®/span/font/p pFONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 14ptÃÖ±Ù ¿©·¯´Þµ¿¾È /spanfont color=blue span style=FONT-SIZE: 14pt¹«·áÁ¤º¸ºÐ¾ß/span/fontspan style=FONT-SIZE: 14pt ÀÇ ·©Ä» ¼øÀ§ 1À§ÀÎ ½ÎÀÌÆ®°¡ ¾îµðÀÎÁö Ȥ½Ã ¾Æ½Ã³ª¿ä? /span/FONT/FONT/p pa href=http://nancho.starhana.com;span style=FONT-SIZE: 20ptfont face=ÈÞ¸Õ¸ÅÁ÷ü color=#ff size=5¿© ±â/font/span/aFONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 14pt °¡ ·©Å· 1À§¶ó¸é ±×·² ¸¸ÇÑ ÀÌÀ¯°¡ÀÖÁö ¾Ê°Ú½À´Ï±î? /span/FONT/FONT/p pFONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 14pt´ÔÀ» Á¤ÁßÈ÷ ÃÊ´ëÇÏ°Ú½À´Ï´Ù. /span/FONT/FONTfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14pt»ç¾÷°¡Àû ¾È¸ñÀ¸·Î °ËÅäÇϽŴٸé Á¤¸» ³î¶ó½Ç °ÍÀÔ´Ï´Ù./span/font/p pa href=http://nancho.starhana.com;span style=FONT-SIZE: 26ptfont face=ÈÞ¸Õ¸ÅÁ÷ü color=red size=6¹é¸¸ÀåÀÚŬ·´/font/span/aspan style=FONT-SIZE: 26pta href=http://nancho.starhana.com;font face=ÈÞ¸Õ¸ÅÁ÷ü color=fuchsia size=6nbsp;/font/afont face=ÈÞ¸Õ¸ÅÁ÷ü color=fuchsia size=5nbsp;/font/spanFONT size=3FONT face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 20ptfont color=fuchsia nbsp;/fontfont color=blue ¹Ù·Î°¡±â/font/spanspan style=FONT-SIZE: 26ptfont color=fuchsia nbsp;nbsp;nbsp;nbsp;/font/span/FONT/FONT/p pfont face=ÈÞ¸Õ¸ÅÁ÷ü color=#33 size=3span style=FONT-SIZE: 16ptnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;¶Ç ÇϳªÀÇ ºò ´º½º /span/fonta href=http://www.winergrup.com;span style=FONT-SIZE: 20ptfont face=ÈÞ¸Õ¸ÅÁ÷ü color=#ff00ff size=6nbsp;ºòÇ÷¡´Ö/font/span/aFONT size=3font face=ÈÞ¸Õ¸ÅÁ÷ü color=fuchsiaspan style=FONT-SIZE: 20pt nbsp;/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü color=bluespan style=FONT-SIZE: 20pt¹Ù·Î°¡±â/span/font/FONT/p pnbsp;FONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷ünbsp;span style=FONT-SIZE: 14ptÀÌ ¸ðµÎ°¡ /spanfont color=red span style=FONT-SIZE: 14pt¹é¸¸ÀåÀÚŬ·´/span/fontspan style=FONT-SIZE: 14pt¿¡¼ ½ÇÇö °¡´ÉÇÕ´Ï´Ù. ÂüÀ¸·Î ¾öû³ Á¤º¸°¡ /span/FONT/FONTfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÁ¦ ȨÆäÀÌÁö¿¡ ÀÖ½À´Ï´Ù. /span/font/p pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÀϹÝȸ¿ø°¡ÀÔÀº ¹«·áÀ̸ç ÀÚ¼¼È÷ ÀÐ¾î º¸½Ã¸é ÁÁÀº Á¤º¸¸¦ ¾òÀ» ¼ö ÀÖ°í »ç¾÷¼³¸íȸ Àå¼Òµµ/span/font font face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÂü¼® ÇÏ½Ç ¼ö ÀÖ½À´Ï´Ù./span/font/p pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÇÁ·£Â÷ÀÌÁî¿¡ °¡ÀÔÇϽøé Á¤½Ä »ç¾÷ÀÚ ÀÚ°ÝÀ¸·Î ÀÚ½ÅÀÇ È¨ÆäÀÌÁö°¡ /span/fontfont size=3span style=FONT-SIZE: 14ptFONT face=ÈÞ¸Õ¸ÅÁ÷üFONT size=4»ý¼ºµÇ¸ç ÀçÅñٹ«·Î¼ ¹«ÀÚº» ¹«Á¡Æ÷/FONT/FONT FONT face=ÈÞ¸Õ¸ÅÁ÷üFONT size=4ÀÇ ÀÎÅͳݿöÅ· »ç¾÷ÀÌ °¡´ÉÇÕ´Ï´Ù/FONT./FONT/span/font/p pfont size=3span style=FONT-SIZE: 14ptFONT face=ÈÞ¸Õ¸ÅÁ÷üÇÁ·£Â÷ÀÌÁî °¡ÀԽô ¾à°£ÀÇ È¨ÆäÀÌÁö ¿î¿µ À¯Áöºñ¸¸ °¨¼öÇÏ½Ã¸é µË´Ï´Ù./FONT/span/font/p pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÁÖÀÇ ÇϽÇÁ¡ ȸ¿ø°¡ÀԽà id¸¦ °£´ÜÇÏ¸ç ¿Ü¿ì±â ½¬¿î °ÍÀ¸·Î Çϼ¼¿ä. ÀÌÀ¯´Â ÇÁ·£Â÷ÀÌÁî °¡ÀԽà id°¡ ÀÚ½ÅÀÇ µµ¸ÞÀÎÀ¸·Î ¿Ã¶ó°©´Ï´Ù./span/font/p pfont size=4span style=FONT-SIZE: 14ptFONT face=ÈÞ¸Õ¸ÅÁ÷üÁ¦ Ȩ¿¡ ¿À½Ã¸é FONT color=#ff¿î¿µÀÚ ÇÁ·ÎÇÊ/FONTFONT color=#00À» ÀÐ¾î º¸½Ã°í ±× ´ÙÀ½ ´Ù¸¥ Á¤º¸µéÀ» /FONT/FONT/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14pt²Ä²ÄÈ÷ ¿¶÷Çϼ¼¿ä./span/font/p pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 color=fuchsiaspan style=FONT-SIZE: 14pt(Âü°í)/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14pt¹é¸¸ÀåÀÚŬ·´°ú »ó°ü¾øÀÌ /span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 color=bluespan style=FONT-SIZE: 14ptºòÇ÷¡´Ö/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 color=#01span style=FONT-SIZE: 14pt»ç¾÷¸¸/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÀ» Èñ¸ÁÇϽô ºÐÀº ¹«·áȸ¿ø °¡ÀÔÈÄ /span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 color=redspan style=FONT-SIZE: 14ptiwÂü°¡Çϱâ/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14pt Ç׸ñÀ» Ŭ¸¯ÇϽþî Âü¿©½ÅûÀ»/span/font/p pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÇϽðųª Àüȸ¦ ÁÖ½Ã¸é ¾È³»¸¦ ÇÏ°Ú½À´Ï´Ù. »ç¾÷½Åû
*****SPAM***** (±¤°í)´ç½ÅÀ» ¹é¸¸ÀåÀÚŬ·´¿¡ ÃÊ´ëÇÕ´Ï´Ù...
!DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=Content-Type content=text/html; charset=unicode META content=MSHTML 6.00.2713.1100 name=GENERATOR/HEAD BODY font color=blue face=ÈÞ¸Õ¸ÅÁ÷ü size=3span style=FONT-SIZE: 18ptnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷üa href=http://nancho.starhana.com;script language=javascript src= http://myhome.hananet.net/~nannaya77/js/don1.js;/script/a/font P/P a href=http://nancho.starhana.com; target=_blankimg src=http://starhana.com/images/mtima1.jpg; border=0 width=134 height=114img src=http://starhana.com/images/mtima2.gif; border=0 width=146 height=114img src=http://starhana.com/images/mtima3.gif; border=0 width=146 height=114img src=http://starhana.com/images/mtima4.jpg; border=0 width=170 height=114/a pfont face=ÈÞ¸Õ¸ÅÁ÷ü color=red size=3span style=FONT-SIZE: 20ptÀÌÀ¯°¡ ÀÖ´Â ·©Å· 1À§ ½ÎÀÌÆ®/span/font/p pFONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 14ptÃÖ±Ù ¿©·¯´Þµ¿¾È /spanfont color=blue span style=FONT-SIZE: 14pt¹«·áÁ¤º¸ºÐ¾ß/span/fontspan style=FONT-SIZE: 14pt ÀÇ ·©Ä» ¼øÀ§ 1À§ÀÎ ½ÎÀÌÆ®°¡ ¾îµðÀÎÁö Ȥ½Ã ¾Æ½Ã³ª¿ä? /span/FONT/FONT/p pa href=http://nancho.starhana.com;span style=FONT-SIZE: 20ptfont face=ÈÞ¸Õ¸ÅÁ÷ü color=#ff size=5¿© ±â/font/span/aFONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 14pt °¡ ·©Å· 1À§¶ó¸é ±×·² ¸¸ÇÑ ÀÌÀ¯°¡ÀÖÁö ¾Ê°Ú½À´Ï±î? /span/FONT/FONT/p pFONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 14pt´ÔÀ» Á¤ÁßÈ÷ ÃÊ´ëÇÏ°Ú½À´Ï´Ù. /span/FONT/FONTfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14pt»ç¾÷°¡Àû ¾È¸ñÀ¸·Î °ËÅäÇϽŴٸé Á¤¸» ³î¶ó½Ç °ÍÀÔ´Ï´Ù./span/font/p pa href=http://nancho.starhana.com;span style=FONT-SIZE: 26ptfont face=ÈÞ¸Õ¸ÅÁ÷ü color=red size=6¹é¸¸ÀåÀÚŬ·´/font/span/aspan style=FONT-SIZE: 26pta href=http://nancho.starhana.com;font face=ÈÞ¸Õ¸ÅÁ÷ü color=fuchsia size=6nbsp;/font/afont face=ÈÞ¸Õ¸ÅÁ÷ü color=fuchsia size=5nbsp;/font/spanFONT size=3FONT face=ÈÞ¸Õ¸ÅÁ÷üspan style=FONT-SIZE: 20ptfont color=fuchsia nbsp;/fontfont color=blue ¹Ù·Î°¡±â/font/spanspan style=FONT-SIZE: 26ptfont color=fuchsia nbsp;nbsp;nbsp;nbsp;/font/span/FONT/FONT/p pfont face=ÈÞ¸Õ¸ÅÁ÷ü color=#33 size=3span style=FONT-SIZE: 16ptnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;¶Ç ÇϳªÀÇ ºò ´º½º /span/fonta href=http://www.winergrup.com;span style=FONT-SIZE: 20ptfont face=ÈÞ¸Õ¸ÅÁ÷ü color=#ff00ff size=6nbsp;ºòÇ÷¡´Ö/font/span/aFONT size=3font face=ÈÞ¸Õ¸ÅÁ÷ü color=fuchsiaspan style=FONT-SIZE: 20pt nbsp;/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü color=bluespan style=FONT-SIZE: 20pt¹Ù·Î°¡±â/span/font/FONT/p pnbsp;FONT size=4FONT face=ÈÞ¸Õ¸ÅÁ÷ünbsp;span style=FONT-SIZE: 14ptÀÌ ¸ðµÎ°¡ /spanfont color=red span style=FONT-SIZE: 14pt¹é¸¸ÀåÀÚŬ·´/span/fontspan style=FONT-SIZE: 14pt¿¡¼ ½ÇÇö °¡´ÉÇÕ´Ï´Ù. ÂüÀ¸·Î ¾öû³ Á¤º¸°¡ /span/FONT/FONTfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÁ¦ ȨÆäÀÌÁö¿¡ ÀÖ½À´Ï´Ù. /span/font/p pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÀϹÝȸ¿ø°¡ÀÔÀº ¹«·áÀ̸ç ÀÚ¼¼È÷ ÀÐ¾î º¸½Ã¸é ÁÁÀº Á¤º¸¸¦ ¾òÀ» ¼ö ÀÖ°í »ç¾÷¼³¸íȸ Àå¼Òµµ/span/font font face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÂü¼® ÇÏ½Ç ¼ö ÀÖ½À´Ï´Ù./span/font/p pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÇÁ·£Â÷ÀÌÁî¿¡ °¡ÀÔÇϽøé Á¤½Ä »ç¾÷ÀÚ ÀÚ°ÝÀ¸·Î ÀÚ½ÅÀÇ È¨ÆäÀÌÁö°¡ /span/fontfont size=3span style=FONT-SIZE: 14ptFONT face=ÈÞ¸Õ¸ÅÁ÷üFONT size=4»ý¼ºµÇ¸ç ÀçÅñٹ«·Î¼ ¹«ÀÚº» ¹«Á¡Æ÷/FONT/FONT FONT face=ÈÞ¸Õ¸ÅÁ÷üFONT size=4ÀÇ ÀÎÅͳݿöÅ· »ç¾÷ÀÌ °¡´ÉÇÕ´Ï´Ù/FONT./FONT/span/font/p pfont size=3span style=FONT-SIZE: 14ptFONT face=ÈÞ¸Õ¸ÅÁ÷üÇÁ·£Â÷ÀÌÁî °¡ÀԽô ¾à°£ÀÇ È¨ÆäÀÌÁö ¿î¿µ À¯Áöºñ¸¸ °¨¼öÇÏ½Ã¸é µË´Ï´Ù./FONT/span/font/p pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÁÖÀÇ ÇϽÇÁ¡ ȸ¿ø°¡ÀԽà id¸¦ °£´ÜÇÏ¸ç ¿Ü¿ì±â ½¬¿î °ÍÀ¸·Î Çϼ¼¿ä. ÀÌÀ¯´Â ÇÁ·£Â÷ÀÌÁî °¡ÀԽà id°¡ ÀÚ½ÅÀÇ µµ¸ÞÀÎÀ¸·Î ¿Ã¶ó°©´Ï´Ù./span/font/p pfont size=4span style=FONT-SIZE: 14ptFONT face=ÈÞ¸Õ¸ÅÁ÷üÁ¦ Ȩ¿¡ ¿À½Ã¸é FONT color=#ff¿î¿µÀÚ ÇÁ·ÎÇÊ/FONTFONT color=#00À» ÀÐ¾î º¸½Ã°í ±× ´ÙÀ½ ´Ù¸¥ Á¤º¸µéÀ» /FONT/FONT/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14pt²Ä²ÄÈ÷ ¿¶÷Çϼ¼¿ä./span/font/p pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 color=fuchsiaspan style=FONT-SIZE: 14pt(Âü°í)/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14pt¹é¸¸ÀåÀÚŬ·´°ú »ó°ü¾øÀÌ /span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 color=bluespan style=FONT-SIZE: 14ptºòÇ÷¡´Ö/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 color=#01span style=FONT-SIZE: 14pt»ç¾÷¸¸/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÀ» Èñ¸ÁÇϽô ºÐÀº ¹«·áȸ¿ø °¡ÀÔÈÄ /span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4 color=redspan style=FONT-SIZE: 14ptiwÂü°¡Çϱâ/span/fontfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14pt Ç׸ñÀ» Ŭ¸¯ÇϽþî Âü¿©½ÅûÀ»/span/font/p pfont face=ÈÞ¸Õ¸ÅÁ÷ü size=4span style=FONT-SIZE: 14ptÇϽðųª Àüȸ¦ ÁÖ½Ã¸é ¾È³»¸¦ ÇÏ°Ú½À´Ï´Ù. »ç¾÷½Åû
ssh allowing password logins even though its disabled
I just rediscovered bug 109846 in ssh, SSH uses PAM password authentication in SSH2 even if disabled It's filed as a normal bug. Before I discovered the dup, I was going to file it as a grave bug, since the system involved has weak passwords (my kids have to be able to log in, and they can't type too well). If I had not tested that ssh disables passwords when you tell it to, it would have allowed fairly easy penetration, so there might be lots of vulnerable systems out there. Can anyone clue me in on why other people don't think this is grave, or lend me encouragment on pushing the priority up? -- Tim Freeman [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1
On 3/29/02 3:40 PM martin f krafft said... dear bugtraq'ers, i must confess that the information i provided wrt the acclaimed DoS exploit in Debian potato's proftpd package (1.2.0pre10-2.0potato1) was not fully accurate. the package *does in fact contain a buggy daemon* despite having been fixed, according to the changelog: proftpd (1.2.0pre10-2.0potato1) stable; urgency=high snip i don't think it's necessary to discuss this; the daemon as packaged by debian is buggy and that has to be fixed. but i hope i was able to give you some more information on the extent of the exploit. i will do my best to push a fixed package into the APT archive at security.debian.org as soon as possible. Plus 1.2.0 went final back in January 2001. It's been out for over a year. Many versions without this bug have been released for some time. I don't see any reason to beat a dead horse. Any distribution that still ships anything older than 1.2.4 should simply make 1.2.4 available in the updates or errata. -- Justin Shore, ES-SS ES-SSR Pittsburg State University Network Systems Manager Kelce 157Q Office of Information Systems Pittsburg, KS 66762 Voice: (620) 235-4606 Fax: (620) 235-4545 http://www.pittstate.edu/ois/ Warning: This message has been quadruple Rot13'ed for your protection. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A question about some network services
First of all thanks to all for responses. On Wed, 2002-04-03 at 20:22, Holger Eitzenberger wrote: On Wed, Apr 03, 2002 at 09:16:03AM +0200, Emmanuel Lacour wrote: 'time' is RFC 868, a pre-NTP time synchronization protocol. It just sends the time as a 32-bit int, where: The time is the number of seconds since 00:00 (midnight) 1 January 1900 GMT, such that the time 1 is 12:00:01 am on 1 January 1900 GMT; this base will serve until the year 2036. I think it sends it big-endian, but I'm not sure. Is it used by the old rdate tools? Old rdate tools ? I use them regulary to update my servers with the current time, is it more convenient to install an NTP server on my local network ? Thanks. Indeed. It's quite usefull if you don't have a NTP server at hand, e. g. behind a firewall. It's not ok if you need accuracy of less than 1 sec. /Holger -- ++ GnuPG Key - http://www.t-online.de/~holger.eitzenberger ++ -- »« »« »« »« »« »« »« »« »« »« »« »« »« »« »« Ivo Marino[EMAIL PROTECTED] UN*X Developer, running Debian GNU/Linux irc.OpenProjects.net #debian http://eimbox.org/~eim http://eimbox.org »« »« »« »« »« »« »« »« »« »« »« »« »« »« »« -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DoS in Shells: was Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Also tested, and vulnerable on: FreeBSD 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002 [EMAIL PROTECTED]:/usr/src/sys/compile/GENERIC i386 Tested using the shells bash, csh, ksh, zsh. Chip - - Chip McClure Sr. Unix Administrator GigGuardian, Inc. http://www.gigguardian.com/ - - On Wed, 3 Apr 2002 [EMAIL PROTECTED] wrote: Hello All, I can confirm that the ls strings dos' slackware 8.0. Causes shell process of that user (user or root) to chew up the cpu until the shell terminates on sig 11. Works on any shell the user is using, csh, ksh, bash Tested on: Linux 2.2.19 #93 Thu Jun 21 01:09:03 PDT 2001 i586 unknown SunOS 5.8 Generic_108528-12 sun4u sparc SUNW,Ultra-Enterprise Not Vuln: OpenBSD 3.0 GENERIC#94 i386 Needs more investigation. Gilbert At 03:40 PM 3/29/2002, martin f krafft wrote: ls */../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../*/../* ... DenyFilter \*.*/ Just as a quick question, why not deny the string /../ (you may have to deny the regex /\.\./, depending how the filter in question works)? As far as I can tell, it's the ability to embed /../ into a path that is at the root of this, far more than the ability to embed wildcards. I can't think of a situation in which /../ should appear in a user-supplied path, except after a string of repeated ../s. The workaround suggested by Mr Krafft would disable some useful functionality - one large user of mine, for instance, was keen to have my own software evaluate wildcards in the body of the path, which Mr Krafft's workaround disables completely. They even paid for the privilege (not enough, but they paid ;-)) So, let's see, a regex that would deny /../, except as part of a string of such... One bash would be [^/.].*/\.\./ - matching /../ if it's after any character other than '/' or '.'. Doubtless someone can come up with something better. Alun. -- Texas Imperial Software | Try WFTPD, the Windows FTP Server. Find us at 1602 Harvest Moon Place | http://www.wftpd.com or email [EMAIL PROTECTED] Cedar Park TX 78613-1419 | VISA/MC accepted. NT-based sites, be sure to Fax/Voice +1(512)258-9858 | read details of WFTPD Pro for NT. Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople Output from pgp Pretty Good Privacy(tm) Version 6.5.8 Internal development version only - not for general release. (c) 1999 Network Associates Inc. Export of this software may be restricted by the U.S. government. File is signed. signature not checked. Signature made 2002/04/04 05:51 GMT key does not meet validity threshold. WARNING: Because this public key is not certified with a trusted signature, it is not known with high confidence that this public key actually belongs to: (KeyID: 0x91AB07A7). wiping file pgptemp.$00pattern is: 0x pattern is: 0x666 pattern is: 0xddd pattern is: 0x333 pattern is: 0x111 pattern is: 0xbbb pattern is: 0xfff pattern is: 0x999 pattern is: 0x pattern is: 0x6db pattern is: 0xccc pattern is: 0x492 pattern is: 0xdb6 pattern is: 0x pattern is: 0x249 pattern is: 0x777 pattern is: 0xaaa pattern is: 0xeee pattern is: 0x555 pattern is: 0x444 pattern is: 0x888 pattern is: 0xb6d pattern is: 0x0 pattern is: 0x222 pattern is: 0x924 pattern is: 0x wiping file pgptemp.$01pattern is: 0x pattern is: 0x777 pattern is: 0x222 pattern is: 0x6db pattern is: 0xbbb pattern is: 0xb6d pattern is: 0x666 pattern is: 0x333 pattern is: 0x pattern is: 0xccc pattern is: 0x924 pattern is: 0xeee pattern is: 0xaaa pattern is: 0x pattern is: 0xddd pattern is: 0xfff pattern is: 0x999 pattern is: 0x888 pattern is: 0x0 pattern is: 0xdb6 pattern is: 0x444 pattern is: 0x249 pattern is: 0x492 pattern is: 0x555 pattern is: 0x111 pattern is: 0x -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.76 iQA/AwUBPKyICZuKtP8CSC69EQImIACfZE5iDHm4ug5FRhiq6jPqrL1VKrgAoIbU y58V4TmV1Du3rS1tas+lYUpu =dU2C -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A question about some network services
rdate is probably easier to use. ntp requires at least a little configuration, but it is more accurate. xn On Thu, Apr 04, 2002 at 06:56:30PM +0200, eim wrote: First of all thanks to all for responses. On Wed, 2002-04-03 at 20:22, Holger Eitzenberger wrote: On Wed, Apr 03, 2002 at 09:16:03AM +0200, Emmanuel Lacour wrote: 'time' is RFC 868, a pre-NTP time synchronization protocol. It just sends the time as a 32-bit int, where: The time is the number of seconds since 00:00 (midnight) 1 January 1900 GMT, such that the time 1 is 12:00:01 am on 1 January 1900 GMT; this base will serve until the year 2036. I think it sends it big-endian, but I'm not sure. Is it used by the old rdate tools? Old rdate tools ? I use them regulary to update my servers with the current time, is it more convenient to install an NTP server on my local network ? Thanks. Indeed. It's quite usefull if you don't have a NTP server at hand, e. g. behind a firewall. It's not ok if you need accuracy of less than 1 sec. /Holger -- ++ GnuPG Key - http://www.t-online.de/~holger.eitzenberger ++ -- »« »« »« »« »« »« »« »« »« »« »« »« »« »« »« Ivo Marino[EMAIL PROTECTED] UN*X Developer, running Debian GNU/Linux irc.OpenProjects.net #debian http://eimbox.org/~eim http://eimbox.org »« »« »« »« »« »« »« »« »« »« »« »« »« »« »« -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A question about some network services
On Tue, Apr 02, 2002 at 01:34:32PM -0500, Noah L. Meyerhans wrote: Well, daytime spits out the time of day, time is for NTP, and I'm not sure what discard is used for. No, NTP does not use the time port. It uses port 123 (ntp in /etc/services). Ok, figures I don't know since I don't use it. Discard is the network equivalent of /dev/null W.. an MTU of zero :) The question of what to do with these ports comes up every once in a while on this list. Some people prefer to leave them on, others turn them off. I don't think there's ever been an exploit that involves these ports, as the code is quite simple (i.e. easy to implement securely). Occasionally, there may be a DOS attack, but nothing invasive. I usually turn off inetd completely. It helps makes things quieter on a nessus scan :) Yes, this is good advice, and something that never occurs to most people. Most common services these days run quite happily in standalone mode, so there's often no reason to use inetd at all. Given most everything can run through SSH or SSL (at least TCP-based) :) -Anne -- .-.__.``. Anne Carasik, System Administrator .-.--. _...' (/) (/) ``' [EMAIL PROTECTED] (O/ O) \-' ` -==.', Center for Advanced Computing Research ~`~~ pgpTYNkc4r1PK.pgp Description: PGP signature
Re: A question about some network services
On Thu, Apr 04, 2002 at 06:56:30PM +0200, eim wrote: First of all thanks to all for responses. On Wed, 2002-04-03 at 20:22, Holger Eitzenberger wrote: On Wed, Apr 03, 2002 at 09:16:03AM +0200, Emmanuel Lacour wrote: 'time' is RFC 868, a pre-NTP time synchronization protocol. It just sends the time as a 32-bit int, where: The time is the number of seconds since 00:00 (midnight) 1 January 1900 GMT, such that the time 1 is 12:00:01 am on 1 January 1900 GMT; this base will serve until the year 2036. I think it sends it big-endian, but I'm not sure. Is it used by the old rdate tools? Old rdate tools ? I use them regulary to update my servers with the current time, is it more convenient to install an NTP server on my local network ? Thanks. Sorry that's not that I wanted to say. Just rdate is a well known tool because it's an old tool (tcp/ip is old too, and we use it every days;-) when to use ntp/rdate well, it depends...-:) -- Easter-eggsSpécialiste GNU/Linux 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37- Fax: +33 (0) 1 41 35 00 76 mailto:[EMAIL PROTECTED] -http://www.easter-eggs.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: A question about some network services
Anne Carasik [EMAIL PROTECTED] writes: The question of what to do with these ports comes up every once in a while on this list. Some people prefer to leave them on, others turn them off. I don't think there's ever been an exploit that involves these ports, as the code is quite simple (i.e. easy to implement securely). Occasionally, there may be a DOS attack, but nothing invasive. Depends. I thought it was an old trick to persuade echo ports to talk to each other and run away giggling... Yes, this is good advice, and something that never occurs to most people. Most common services these days run quite happily in standalone mode, so there's often no reason to use inetd at all. Given most everything can run through SSH or SSL (at least TCP-based) :) The short reasons in favour of inetd are that a) you save memory space by not having the daemon running all the time (at the slight cost of latency on start-up - choose according to your situation!); b) (if using xinetd instead of boring old inetd) you can apply the same syntax for per-host rate- and resource-limiting to many services that would otherwise either require much research to implement (try exim and apache for size), or not even implement it at all; c) if you're writing a network listener of your own you can implement it in (x)inetd without having to worry about writing the regular listen-accept- process loop *again*. Not that it's *always* a good idea to use inetd, but it still has its plus- points by a long way, especially xinetd instead. ~Tim -- http://spodzone.org.uk/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: on potato's proftpd
On Wed, Apr 03, 2002 at 09:22:34AM +, Martin WHEELER wrote: Release early; release often. On Wed, 3 Apr 2002, Petro wrote: bemfont size=7blinkNO/font/em/b Measure twice, cut once. Fine. You wear the same size suit from birth to death; me, I'll adjust according to circumstances. -- Martin Wheeler [EMAIL PROTECTED] gpg key 01269BEB @ the.earth.li -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: on potato's proftpd
also sprach Michael Stone [EMAIL PROTECTED] [2002.04.04.0211 +0200]: because it will prevent s.d.o from serving a buggy package. it's not fixed perfectly, but at least it's not subject to a known exploit. Could you be a little more careful with your terms? A DOS is not an exploit, it's a DOS. By saying exploit your implying a far more critical problem than actually exists. will do, sorry. a DOS is still a form of exploit - you exploit services without giving in return, but then again the exploit has no direct benefit for the instigator... but no, i'll keep my head down and simply say i'm sorry. you are absolutely right. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] and if the cloud bursts, thunder in your ear you shout and no one seems to hear and if the band you're in starts playing different tunes i'll see you on the dark side of the moon. -- pink floyd, 1972 pgpOk0Asz4PTh.pgp Description: PGP signature
Re: on potato's proftpd
also sprach Andrew Pimlott [EMAIL PROTECTED] [2002.04.04.0135 +0200]: this problem is understood by the developers of proftpd Wichert said that nobody has explained why the current fix on s.d.o doesn't work. If the problem is understood, why hasn't someone explained this? That's all that is asked, AFAICT. i have no clue if the fix repaired anything or even how it works, but the actual problem as it affects proftpd is known. -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] nobody expects the spanish inquisition. -- monty python pgpAtXkwn2fpc.pgp Description: PGP signature
Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1
also sprach Alun Jones [EMAIL PROTECTED] [2002.04.04.0445 +0200]: DenyFilter \*.*/ Just as a quick question, why not deny the string /../ (you may have to deny the regex /\.\./, depending how the filter in question works)? quick answer: because i merely copied the fix from the security pages of the proftpd homepage [1]. 1. http://proftpd.linux.co.uk/critbugs.html As far as I can tell, it's the ability to embed /../ into a path that is at the root of this, far more than the ability to embed wildcards. I can't think of a situation in which /../ should appear in a user-supplied path, except after a string of repeated ../s. i actually agree with you here. [^/.].*/\.\./ mh, this would not prevent /some/.dotdir/../ right? -- martin; (greetings from the heart of the sun.) \ echo mailto: !#^.*|tr * mailto:; [EMAIL PROTECTED] to vacillate or not to vacillate, that is the question ... or is it? pgplXg9sxFYVR.pgp Description: PGP signature
Re: ssh allowing password logins even though its disabled
Have you verified that keyboard-interaction is not enabled as well? As I quote from the man page for sshd... PAMAuthenticationViaKbdInt Specifies whether PAM challenge response authentication is allowed. This allows the use of most PAM challenge response authentication modules, but it will allow password authentication regardless of whether PasswordAuthentication is disabled. The default is ``no''. Jeremy On Wed, Apr 03, 2002 at 09:39:21PM -0700, Tim Freeman wrote: I just rediscovered bug 109846 in ssh, SSH uses PAM password authentication in SSH2 even if disabled It's filed as a normal bug. Before I discovered the dup, I was going to file it as a grave bug, since the system involved has weak passwords (my kids have to be able to log in, and they can't type too well). If I had not tested that ssh disables passwords when you tell it to, it would have allowed fairly easy penetration, so there might be lots of vulnerable systems out there. Can anyone clue me in on why other people don't think this is grave, or lend me encouragment on pushing the priority up? -- Tim Freeman [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: DoS in Shells: was Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1
This is, to put it politely, incredibly old news. Let's face it, if you give a user a shell acount, with no restrictions on CPU time or memory usage, yes, they will be able to suck up as much resources as the computer can spare (this is, among other reasons why nice exists). I advise you place limitson the users, memory, cpu, stack size, file descriptors, etc, finding good limits can be tricky though, and you will also want to limit concurrent logins. I wrote an article on using PAM (pluggable Authenticaiton Modules) which covers these issues and a few others, available at: http://www.samag.com/documents/s=1161/sam0009a/0009a.htm Also you can view information on setting limits with various shells, and PAM as well at: http://seifried.org/security/os/linux/20020324-securing-linux-step-by-step.h tml goto Limiting users overview. And the LASG, Limiting and monitoring users http://seifried.org/lasg/users/ Better to use PAM to limit users then the shell because the various shells do not all support the limiting the same items, or soft/hard limits, and if you miss a shell and the user chsh's they can avoid it, they can't really avoid pam. As for the /*/../. problem in general it was discovered many many years ago (more then two). Kurt Seifried, [EMAIL PROTECTED] A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ http://www.iDefense.com/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
NEOMAIL - as big kev in OZ would say, IM EXCITED !
Hi, Sorry know this is off topic but I Just wanted everyone to know about NeoMail http://neomail.sourceforge.net Its a fully functional Webmail server that looks better and is more functional than many commercial servers and its FREE ! And easy to setup ! Know someone out there will be as excited about this program as i am, wish i would have known about it earlier. HAPPY LINUXING ! Marcel -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
*****SPAM***** »ï¼º Ä®¶óÇÁ¸°ÅÍ Æ¯°¡ÆǸŠ110,000 ¿ø
HTML HEAD META content=text/html; charset=ks_c_5601-1987 http-equiv=Content-Type STYLE p, font, span { line-height:120%; margin-top:0; margin-bottom:0; }/STYLE /HEADBODY DIV align=left DL DTFONT face=±¼¸² color=black size=2¾È³ç Çϼ¼¿ä. nbsp;º» ¸ÞÀÏÀº ±¤°í ¸ÞÀÏ ÀÔ´Ï´Ù./FONT DTFONT face=±¼¸² color=black size=2»çÀü Çã¶ô¾øÀÌ ¸ÞÀÏÀ» º¸³»°Ô µÇ¾î¼ Áø½ÉÀ¸·Î Á˼ÛÇÕ´Ï´Ù/FONT/DT DTFONT face=±¼¸² color=black size=2/FONT /DT DTSPAN style=FONT-SIZE: 10ptFONT face=±¼¸² color=blackB¸ÞÀÏ ¹Þ±â¸¦ ¿øÄ¡ nbsp;¾ÊÀ¸½Å´Ù¸é ¾Æ·¡ ¸ÞÀÏ·Î ¹Ý¼Û¸ÞÀÏÀ» º¸³»Áֽøé BRÀÌÈÄ¿¡´Â Àý´ë·Î ¸ÞÀÏÀÌ ¼ö½ÅµÇÁö ¾ÊÀ» °ÍÀÔ´Ï´Ù.BR/B/FONT/SPANFONT face=±¼¸² color=black size=2. /FONT DTBFONT color=#ffSPAN style=FONT-SIZE: 14pt¹Ý¼Û¸ÞÀÏ ÁÖ¼Ò : [EMAIL PROTECTED]/SPAN/FONT/B/DT DTnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;Àü È : 02-895-7862 DT--- DT DTnbsp;nbsp;nbsp;nbsp;nbsp;»ï¼ºÇÁ¸°ÅÍ MJC-935 i nbsp;nbsp;nbsp;110,000 ¿ø¿¡ ÆǸŠnbsp;nbsp;( Ư°¡ ÆǸŰ¡°Ý ÀÔ´Ï´Ù ) DT DTnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;¼ÒºñÀÚ°¡:157,000 ¿ø ==gt; 110,000 ¿ø¿¡ ÆǸŠ/DT/DL DL DTnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;IMG height=354 src=http://2-sun.com/image/product/mjc935.jpg; width=354 border=0 DTnbsp;nbsp; nbsp; /DT/DL/DIV UL LI1200dpi ÃÊ°íÇØ»óµµ BR1ÀÎÄ¡´ç ÂïÈ÷´Â À×Å©¹æ¿ïÀÇ Å©±â°¡ ±âÁ¸ÀÇ ¹æ½Äº¸´Ù ÈξÀ ÀÛÀº LI'±Ø¹Ì¼¼ À×Å©¹æ½Ä'À» ä¿ë,ÀϹݿëÁö¿¡¼µµ ¼¶¼¼ÇÑ Ä÷¯ÀÇ ´À³¦À» ±×´ë·Î ÀçÇöÇØ µå¸³´Ï´Ù. BRBR/LI LI½Ã¿øÇÑ ¼Óµµ 7PPM BR1ºÐ¿¡ ÃÖ´ë 7ÀåÀÇ Èæ¹é¹®¼ ¹× 3ÀåÀÇ Ä÷¯¹®¼¸¦ Ãâ·ÂÇÒ ¼ö Àִ Ź¿ùÇÑ ½ºÇǵå! LIÀÏ¹Ý ÇнÀ¿ëÀ¸·Î³ª ¼Ò±Ô¸ð »ç¹«½Ç¿ëÀ¸·Î »ç¿ëÇϱ⿡ ¾Ë¸ÂÀº ¼ÓµµÀÔ´Ï´Ù. BRBR/LI LI¹øÁü¾ø°í ±ò²ûÇÑ ÇDZ׸ÕÆ® À×Å© BR¾î¶² Á¾·ùÀÇ ¿ëÁö¸¦ »ç¿ëÇصµ ¹øÁöÁö ¾Ê°í ¶Ç·ÈÇÏ°Ô ÀμâÇØÁÖ´Â °ËÁ¤»ö ÇDZ׸ÕÆ®À×Å©¸¦ »ç¿ë, LIÃâ·ÂµÈ ¹®¼°¡ ÇÑ°á ±ò²ûÇØ º¸ÀÔ´Ï´Ù. BRBR/LI LI45dBÀÇ Á¶¿ëÇÑ ÇÁ¸°Æà BR45dB ÀÌÇÏÀÇ Àú¼ÒÀ½ ÇÁ¸°ÆÃÀÌ °¡´ÉÇÑ ÃÊÁ¤¹Ð ¸ÞÄ«´ÏÁò ¿£ÁøÀ» ä¿ë, ÀÏ¹Ý °¡Á¤À̳ª »ç¹«½Ç¿¡¼ LIÁ¶¿ëÇÏ°Ô »ç¿ëÇÏ½Ç ¼ö ÀÖ½À´Ï´Ù. BRBR»ó¼¼spec BRBR/LI LIÀμâ¼Óµµ : 7ppm(Èæ¹é) / 3ppm(Ä÷¯) BRBR LIÇØ»óµµ : 1,200 x 1,200dpi(Ä÷¯, Èæ¹é) BRBR LIÀÎÀÚ¸ðµå : HBP BRBR LIȣȯ¼º : Window 95/98/NT 4.0 /2000/Me/XP,Mac OS 8.6/9.xÁö¿ø BRBR LI¸Þ¸ð¸® : 512KB BRBR LIÀÎÅÍÆäÀ̽º : USB(Universal Serial Bus), Æз¯·¼ BRBR LI¿ëÁöÅ©±â : A4,A5,B5,Legal,Executive,A6,¹è³Ê,¿±¼,¶óº§ ¿ëÁö BRBR LI±ÞÁö¿ë·® : 100¸Å(ÇÁ¸®¹Ì¾ö ¿ëÁö100¸Å ¹«·áÁ¦°ø) BRBR LI¹èÁö¿ë·® : 25¸Å BRBR LIÁ¦Ç° Å©±â(W*D*H) : 447 X 170X 210 mm BRBR LIÁ¤°ÝÀü¿ø : AC 220V Àü¿ë,60 Hz BRBRBRnbsp;nbsp;nbsp;nbsp;./LI/ULTRTD align=middle TABLE cellSpacing=0 cellPadding=5 width=691 border=0 TR TD width=681 OL type=1 LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redB¼Ò ºñ ÀÚ °¡ nbsp;: nbsp;157,000 ¿ø nbsp;¸ðµ¨:MJC-935 i nbsp;»ï¼ºÇÁ¸°ÅÍ/B/FONT/FONT LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redBÇö±ÝÆǸŰ¡ nbsp;: nbsp;110,000 ¿ø/B/FONT/FONT LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redBÅÃ¹è ¹ß¼Ûnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;/B/FONT/FONT LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redBÇÑ Á¤ ÆÇ ¸Å : 2002 .04.13±îÁö /B/FONT/FONT/LI/OL/TD/TR/TABLE TABLE cellSpacing=0 cellPadding=5 width=693 border=0 TR TD width=683 Pnbsp;/P/TD/TR/TABLE PFONT size=5Bnbsp;»ï¼ºÇÁ¸°ÅÍ nbsp;nbsp;ÀüÈ: 02-895-7862/B/FONT/P /BODY /HTML -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
*****SPAM***** »ï¼º Ä®¶óÇÁ¸°ÅÍ Æ¯°¡ÆǸŠ110,000 ¿ø
HTML HEAD META content=text/html; charset=ks_c_5601-1987 http-equiv=Content-Type STYLE p, font, span { line-height:120%; margin-top:0; margin-bottom:0; }/STYLE /HEADBODY DIV align=left DL DTFONT face=±¼¸² color=black size=2¾È³ç Çϼ¼¿ä. nbsp;º» ¸ÞÀÏÀº ±¤°í ¸ÞÀÏ ÀÔ´Ï´Ù./FONT DTFONT face=±¼¸² color=black size=2»çÀü Çã¶ô¾øÀÌ ¸ÞÀÏÀ» º¸³»°Ô µÇ¾î¼ Áø½ÉÀ¸·Î Á˼ÛÇÕ´Ï´Ù/FONT/DT DTFONT face=±¼¸² color=black size=2/FONT /DT DTSPAN style=FONT-SIZE: 10ptFONT face=±¼¸² color=blackB¸ÞÀÏ ¹Þ±â¸¦ ¿øÄ¡ nbsp;¾ÊÀ¸½Å´Ù¸é ¾Æ·¡ ¸ÞÀÏ·Î ¹Ý¼Û¸ÞÀÏÀ» º¸³»Áֽøé BRÀÌÈÄ¿¡´Â Àý´ë·Î ¸ÞÀÏÀÌ ¼ö½ÅµÇÁö ¾ÊÀ» °ÍÀÔ´Ï´Ù.BR/B/FONT/SPANFONT face=±¼¸² color=black size=2. /FONT DTBFONT color=#ffSPAN style=FONT-SIZE: 14pt¹Ý¼Û¸ÞÀÏ ÁÖ¼Ò : [EMAIL PROTECTED]/SPAN/FONT/B/DT DTnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;Àü È : 02-895-7862 DT--- DT DTnbsp;nbsp;nbsp;nbsp;nbsp;»ï¼ºÇÁ¸°ÅÍ MJC-935 i nbsp;nbsp;nbsp;110,000 ¿ø¿¡ ÆǸŠnbsp;nbsp;( Ư°¡ ÆǸŰ¡°Ý ÀÔ´Ï´Ù ) DT DTnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;¼ÒºñÀÚ°¡:157,000 ¿ø ==gt; 110,000 ¿ø¿¡ ÆǸŠ/DT/DL DL DTnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;IMG height=354 src=http://2-sun.com/image/product/mjc935.jpg; width=354 border=0 DTnbsp;nbsp; nbsp; /DT/DL/DIV UL LI1200dpi ÃÊ°íÇØ»óµµ BR1ÀÎÄ¡´ç ÂïÈ÷´Â À×Å©¹æ¿ïÀÇ Å©±â°¡ ±âÁ¸ÀÇ ¹æ½Äº¸´Ù ÈξÀ ÀÛÀº LI'±Ø¹Ì¼¼ À×Å©¹æ½Ä'À» ä¿ë,ÀϹݿëÁö¿¡¼µµ ¼¶¼¼ÇÑ Ä÷¯ÀÇ ´À³¦À» ±×´ë·Î ÀçÇöÇØ µå¸³´Ï´Ù. BRBR/LI LI½Ã¿øÇÑ ¼Óµµ 7PPM BR1ºÐ¿¡ ÃÖ´ë 7ÀåÀÇ Èæ¹é¹®¼ ¹× 3ÀåÀÇ Ä÷¯¹®¼¸¦ Ãâ·ÂÇÒ ¼ö Àִ Ź¿ùÇÑ ½ºÇǵå! LIÀÏ¹Ý ÇнÀ¿ëÀ¸·Î³ª ¼Ò±Ô¸ð »ç¹«½Ç¿ëÀ¸·Î »ç¿ëÇϱ⿡ ¾Ë¸ÂÀº ¼ÓµµÀÔ´Ï´Ù. BRBR/LI LI¹øÁü¾ø°í ±ò²ûÇÑ ÇDZ׸ÕÆ® À×Å© BR¾î¶² Á¾·ùÀÇ ¿ëÁö¸¦ »ç¿ëÇصµ ¹øÁöÁö ¾Ê°í ¶Ç·ÈÇÏ°Ô ÀμâÇØÁÖ´Â °ËÁ¤»ö ÇDZ׸ÕÆ®À×Å©¸¦ »ç¿ë, LIÃâ·ÂµÈ ¹®¼°¡ ÇÑ°á ±ò²ûÇØ º¸ÀÔ´Ï´Ù. BRBR/LI LI45dBÀÇ Á¶¿ëÇÑ ÇÁ¸°Æà BR45dB ÀÌÇÏÀÇ Àú¼ÒÀ½ ÇÁ¸°ÆÃÀÌ °¡´ÉÇÑ ÃÊÁ¤¹Ð ¸ÞÄ«´ÏÁò ¿£ÁøÀ» ä¿ë, ÀÏ¹Ý °¡Á¤À̳ª »ç¹«½Ç¿¡¼ LIÁ¶¿ëÇÏ°Ô »ç¿ëÇÏ½Ç ¼ö ÀÖ½À´Ï´Ù. BRBR»ó¼¼spec BRBR/LI LIÀμâ¼Óµµ : 7ppm(Èæ¹é) / 3ppm(Ä÷¯) BRBR LIÇØ»óµµ : 1,200 x 1,200dpi(Ä÷¯, Èæ¹é) BRBR LIÀÎÀÚ¸ðµå : HBP BRBR LIȣȯ¼º : Window 95/98/NT 4.0 /2000/Me/XP,Mac OS 8.6/9.xÁö¿ø BRBR LI¸Þ¸ð¸® : 512KB BRBR LIÀÎÅÍÆäÀ̽º : USB(Universal Serial Bus), Æз¯·¼ BRBR LI¿ëÁöÅ©±â : A4,A5,B5,Legal,Executive,A6,¹è³Ê,¿±¼,¶óº§ ¿ëÁö BRBR LI±ÞÁö¿ë·® : 100¸Å(ÇÁ¸®¹Ì¾ö ¿ëÁö100¸Å ¹«·áÁ¦°ø) BRBR LI¹èÁö¿ë·® : 25¸Å BRBR LIÁ¦Ç° Å©±â(W*D*H) : 447 X 170X 210 mm BRBR LIÁ¤°ÝÀü¿ø : AC 220V Àü¿ë,60 Hz BRBRBRnbsp;nbsp;nbsp;nbsp;./LI/ULTRTD align=middle TABLE cellSpacing=0 cellPadding=5 width=691 border=0 TR TD width=681 OL type=1 LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redB¼Ò ºñ ÀÚ °¡ nbsp;: nbsp;157,000 ¿ø nbsp;¸ðµ¨:MJC-935 i nbsp;»ï¼ºÇÁ¸°ÅÍ/B/FONT/FONT LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redBÇö±ÝÆǸŰ¡ nbsp;: nbsp;110,000 ¿ø/B/FONT/FONT LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redBÅÃ¹è ¹ß¼Ûnbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;nbsp;/B/FONT/FONT LIFONT style=LINE-HEIGHT: 20px color=#00FONT color=redBÇÑ Á¤ ÆÇ ¸Å : 2002 .04.13±îÁö /B/FONT/FONT/LI/OL/TD/TR/TABLE TABLE cellSpacing=0 cellPadding=5 width=693 border=0 TR TD width=683 Pnbsp;/P/TD/TR/TABLE PFONT size=5Bnbsp;»ï¼ºÇÁ¸°ÅÍ nbsp;nbsp;ÀüÈ: 02-895-7862/B/FONT/P /BODY /HTML -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
what's that?
Hi! I found that in my logs: Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by (uid=0) who could use su at six o'clock in the morning? -- Regards, Kirill Zverev mailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ssh allowing password logins even though its disabled
From: Jeremy T. Bouse [EMAIL PROTECTED] Have you verified that keyboard-interaction is not enabled as well? As I quote from the man page for sshd... PAMAuthenticationViaKbdInt Specifies whether PAM challenge response authentication is allowed. This allows the use of most PAM challenge response authentication modules, but it will allow password authentication regardless of whether PasswordAuthentication is disabled. The default is ``no''. Right on the money. I had followed the instructions that were given with bug 109846 and added this line to /etc/pam.d/ssh after the line mentioning pam_env.so: auth required pam_deny.so This left me with a password prompt, but no matter which password I typed in, it didn't let me in. Secure, but ugly. Commenting out this line from pam.d/ssh and changing the line in /etc/ssh/sshd_config to PAMAuthenticationViaKbdInt no makes it omit the password prompt instead of putting up a prompt which rejects all passwords. I should have read around all mentions of password in the sshd man page when changing the config files. Thanks for the pointer. cc'd this to [EMAIL PROTECTED] -- Tim Freeman [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: what's that?
It's a cron job belonging to root that changes its user before it goes to work. At 11:21 2002-04-05 +0600, Kirill Zverev wrote: Hi! I found that in my logs: Apr 4 06:25:01 cmss su[30315]: + ??? root-nobody Apr 4 06:25:01 cmss PAM_unix[30315]: (su) session opened for user nobody by (uid=0) who could use su at six o'clock in the morning? -- Regards, Kirill Zverev mailto:[EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]