Re: passwords and crypt?
crypt(3) only uses the first 8 characters for it's hash. roniosko is 8 characters. Any extras would be ignored. I think you'll find trying roniosk would fail. md5 passwords are a much better option and available at least from slink (2.1) on (iirc). I'm not sure about earlier versions. Roger Keays wrote: Hi all, I'm not sure if this is common knowledge or not, but I have just noticed the effects of having the first two letters of your password the same as the first two in your login name... You can use any extension of your password!! e.g., on my Woody box I added a user called 'ron' and his password was 'roniosko'. He could login in with 'ronioskos', 'ronioskoasdfasd' and so forth! I tried a few more and had the same results. This is something to do with the random salt right? Can anyone else reproduce this? Cheers, Roger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] J.R. Blain http://www.cowboyatheart.org/ -- Real programmers use chmod +x /dev/random and cross their fingers -- Comment found in a vi/emacs flamewar on slashdot. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: passwords and crypt?
crypt(3) only uses the first 8 characters for it's hash. roniosko is 8 characters. Any extras would be ignored. I think you'll find trying roniosk would fail. md5 passwords are a much better option and available at least from slink (2.1) on (iirc). I'm not sure about earlier versions. Roger Keays wrote: Hi all, I'm not sure if this is common knowledge or not, but I have just noticed the effects of having the first two letters of your password the same as the first two in your login name... You can use any extension of your password!! e.g., on my Woody box I added a user called 'ron' and his password was 'roniosko'. He could login in with 'ronioskos', 'ronioskoasdfasd' and so forth! I tried a few more and had the same results. This is something to do with the random salt right? Can anyone else reproduce this? Cheers, Roger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] J.R. Blain http://www.cowboyatheart.org/ -- Real programmers use chmod +x /dev/random and cross their fingers -- Comment found in a vi/emacs flamewar on slashdot.
Re: Firewall Related Question
Using kernel 2.2, I run a bridge, that handles packet filtering with ipchains. Patches are available here: http://www.ac2i.tzo.com/bridge_filter/ James wrote: That link might help... http://www.linuxdoc.org/HOWTO/mini/Bridge+Firewall.html - James -Original Message- From: Alson van der Meulen [mailto:[EMAIL PROTECTED]] Sent: Monday, October 22, 2001 1:31 PM To: Debian Security List Subject: Re: Firewall Related Question On Mon, Oct 22, 2001 at 10:17:59AM -0700, tony mancill wrote: I'd recommend the former (firewalling on each server). This will let you customize the firewall for that server alone, and spread the packet filtering load and logging. Also, with no access the Cisco box, you'd have to either MASQ or SNAT with proxy arps if you do insert a firewall into the packet path to get the traffic to cross the firewall. (The Cisco is going to assume that the subnet with the DMZ address space is still directly attached.) With FreeBSD/OpenBSD, you could use a packet filtering bridge (quit nice IMO), put two ethernet cards in a box, one to cisco, second to switch with Debian servers, no need for an IP address at the bridge, just bridge and firewall. I'm not sure if Linux can do this, maybe there are some patches for iptables to do it? On Mon, 22 Oct 2001, James wrote: Yes, you could definitely do a firewall on each server. Also, have you considered setting up a 4th machine between the Cisco and 3 servers? That could work also. You wouldn't make it a masq box, just configure it to pass packets based on the rules. - James -Original Message- From: Alson van der Meulen [mailto:[EMAIL PROTECTED]] Sent: Monday, October 22, 2001 6:58 AM To: Debian Security List Subject: Re: Firewall Related Question On Mon, Oct 22, 2001 at 12:44:03PM +0200, eim wrote: I've got some simple questions related to using a Firewall on some single pubblic Debian Boxes, I choose to post my questions here because I've always securitty in mind during the Developing time of my Network Services. Let me asume I've got a simple Network with 3 Pubblic Debian Servers and 1 Cisco Router (Internet Gateway). The router belongs to my Connection ISP so I can't configure it, but onlu use it for Internet connectivity. The 3 Debian Boxes are under my full control. The best way to protect my Debian Servers would be to install a Firewall on my Gateway (Cisco Router) but actually I can't, so my question is: Can I install a Firewall on each of my Debian Boxes to filter/block incoming and outgoing Network Traffic ? Is this a good choice ? or should I put another machine in my Network, between the Gateway and the Servers, which acts as Firewall ? You can just configure a packet filter on all your servers, the main disadvantage is that it's more difficult to administer -- ,---. Name: Alson van der Meulen Personal:[EMAIL PROTECTED] School: [EMAIL PROTECTED] `---' I remember the last time I saw it do that... - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] Name: Linux Bridge+Firewall Mini-HOWTO version 1.2.0.url Linux Bridge+Firewall Mini-HOWTO version 1.2.0.urlType: unspecified type (application/octet-stream) Encoding: quoted-printable J.R. Blain http://www.clockmedia.com/ -- Real programmers use chmod +x /dev/random and cross their fingers -- Comment found in a vi/emacs flamewar on slashdot. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Firewall Related Question
Using kernel 2.2, I run a bridge, that handles packet filtering with ipchains. Patches are available here: http://www.ac2i.tzo.com/bridge_filter/ James wrote: That link might help... http://www.linuxdoc.org/HOWTO/mini/Bridge+Firewall.html - James -Original Message- From: Alson van der Meulen [mailto:[EMAIL PROTECTED] Sent: Monday, October 22, 2001 1:31 PM To: Debian Security List Subject: Re: Firewall Related Question On Mon, Oct 22, 2001 at 10:17:59AM -0700, tony mancill wrote: I'd recommend the former (firewalling on each server). This will let you customize the firewall for that server alone, and spread the packet filtering load and logging. Also, with no access the Cisco box, you'd have to either MASQ or SNAT with proxy arps if you do insert a firewall into the packet path to get the traffic to cross the firewall. (The Cisco is going to assume that the subnet with the DMZ address space is still directly attached.) With FreeBSD/OpenBSD, you could use a packet filtering bridge (quit nice IMO), put two ethernet cards in a box, one to cisco, second to switch with Debian servers, no need for an IP address at the bridge, just bridge and firewall. I'm not sure if Linux can do this, maybe there are some patches for iptables to do it? On Mon, 22 Oct 2001, James wrote: Yes, you could definitely do a firewall on each server. Also, have you considered setting up a 4th machine between the Cisco and 3 servers? That could work also. You wouldn't make it a masq box, just configure it to pass packets based on the rules. - James -Original Message- From: Alson van der Meulen [mailto:[EMAIL PROTECTED] Sent: Monday, October 22, 2001 6:58 AM To: Debian Security List Subject: Re: Firewall Related Question On Mon, Oct 22, 2001 at 12:44:03PM +0200, eim wrote: I've got some simple questions related to using a Firewall on some single pubblic Debian Boxes, I choose to post my questions here because I've always securitty in mind during the Developing time of my Network Services. Let me asume I've got a simple Network with 3 Pubblic Debian Servers and 1 Cisco Router (Internet Gateway). The router belongs to my Connection ISP so I can't configure it, but onlu use it for Internet connectivity. The 3 Debian Boxes are under my full control. The best way to protect my Debian Servers would be to install a Firewall on my Gateway (Cisco Router) but actually I can't, so my question is: Can I install a Firewall on each of my Debian Boxes to filter/block incoming and outgoing Network Traffic ? Is this a good choice ? or should I put another machine in my Network, between the Gateway and the Servers, which acts as Firewall ? You can just configure a packet filter on all your servers, the main disadvantage is that it's more difficult to administer -- ,---. Name: Alson van der Meulen Personal:[EMAIL PROTECTED] School: [EMAIL PROTECTED] `---' I remember the last time I saw it do that... - -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] Name: Linux Bridge+Firewall Mini-HOWTO version 1.2.0.url Linux Bridge+Firewall Mini-HOWTO version 1.2.0.urlType: unspecified type (application/octet-stream) Encoding: quoted-printable J.R. Blain http://www.clockmedia.com/ -- Real programmers use chmod +x /dev/random and cross their fingers -- Comment found in a vi/emacs flamewar on slashdot.