Re: ABfrag/ac1db1tch3z Kernel Exploit ?
On Thursday 17 October 2002 05:03 am, Orlando wrote: Not sure if this is real. He's using a hushmail account to post to the lists which is somewhat suspicious. He claims to have attached the binary but no one seems to have a copy of it. Some co-workers and other people have asked for a copy of it without success. I woudln't be too surprised if this is another PHC attempt for more attention. Ok I stand corrected, silvio the moderator of unix-virii list on segfault.net seems to have a copy of that binary. -x -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ABfrag/ac1db1tch3z Kernel Exploit ?
On Thursday 17 October 2002 05:03 am, Orlando wrote: Not sure if this is real. He's using a hushmail account to post to the lists which is somewhat suspicious. He claims to have attached the binary but no one seems to have a copy of it. Some co-workers and other people have asked for a copy of it without success. I woudln't be too surprised if this is another PHC attempt for more attention. Ok I stand corrected, silvio the moderator of unix-virii list on segfault.net seems to have a copy of that binary. -x
Re: ABfrag/ac1db1tch3z Kernel Exploit ?
Not sure if this is real. He's using a hushmail account to post to the lists which is somewhat suspicious. He claims to have attached the binary but no one seems to have a copy of it. Some co-workers and other people have asked for a copy of it without success. I woudln't be too surprised if this is another PHC attempt for more attention. On Thursday 17 October 2002 11:31 am, Dragan Cvetkovic wrote: Stephan Schmieder [EMAIL PROTECTED] writes: Hello, I`ve just read an article at linuxsecurity.com regrading the ABfrag exploit. http://www.linuxsecurity.com/articles/intrusion_detection_article-5933.ht ml Does anyone know something about that one? I find this part both intersting and ironic: ABfrag - Linux Kernel ( = 2.4.20pre20 ) Remote Syncing exploit Found and coded by Ac1db1tch3z - t3kn10n, n0n3 and t3kn0h03. WARNING: Unlicensed usage and/or distribution of this program carries heavy fines and penalties under American, British, European and International copyright law. Should you find this program on any compromised system we urge you to delete this binary rather than attempt distribution or analysis. Such actions would be both unlawful and unwise. Can you be charged for reverse engineering exploits found on your system? Bye, Dragan -- -- Orlando Padilla http://www.g0thead.com/xbud.asc 'A woman drove me to drink and I didn't even have the courtesy to thank her' -wa -- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: ABfrag/ac1db1tch3z Kernel Exploit ?
Not sure if this is real. He's using a hushmail account to post to the lists which is somewhat suspicious. He claims to have attached the binary but no one seems to have a copy of it. Some co-workers and other people have asked for a copy of it without success. I woudln't be too surprised if this is another PHC attempt for more attention. On Thursday 17 October 2002 11:31 am, Dragan Cvetkovic wrote: Stephan Schmieder [EMAIL PROTECTED] writes: Hello, I`ve just read an article at linuxsecurity.com regrading the ABfrag exploit. http://www.linuxsecurity.com/articles/intrusion_detection_article-5933.ht ml Does anyone know something about that one? I find this part both intersting and ironic: ABfrag - Linux Kernel ( = 2.4.20pre20 ) Remote Syncing exploit Found and coded by Ac1db1tch3z - t3kn10n, n0n3 and t3kn0h03. WARNING: Unlicensed usage and/or distribution of this program carries heavy fines and penalties under American, British, European and International copyright law. Should you find this program on any compromised system we urge you to delete this binary rather than attempt distribution or analysis. Such actions would be both unlawful and unwise. Can you be charged for reverse engineering exploits found on your system? Bye, Dragan -- -- Orlando Padilla http://www.g0thead.com/xbud.asc 'A woman drove me to drink and I didn't even have the courtesy to thank her' -wa --
Re: a nessus developpers joke?
Do you really depend and/or expect to stay secure on a 'stable' release of '_a_' software? The developer[s] were nice enough to release the software free, whether it sucks or not you should be greatful, unless of course you can code something better.. And call each and every update a stable release so that they can be released along with stable operating systems. untill then stfu, learn to compile updated software or don't bitch. -x ps. I dont mean to sound like an asshole (kind of ironic considering the tone of my email but shit!) , but he sounded like an asshole for assuming and implying nessus sucked .. it is a matter of opinion but state something reasonable to backup it up at least. On Sunday 13 October 2002 08:45 am, WebMaster wrote: Isn't the nessus in Debian quite old ? I think, there were newer nessus packages at the following sources: -- deb http://www.srce.hr/~joy/nessus1.2/ ./ deb-src http://www.srce.hr/~joy/nessus1.2/ ./ i ll install this version it s sure the woody version is a bogus version :-P isn t it strange for a stable release...? i ve done a nmap -sU on those ports (trinoo) from the 2 fresh hosts, they re closed and of course a nmap -sS on port 22 give us a opened port. thanks Martin ;-) Ivan Rambeau FranceOnLine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: a nessus developpers joke?
Do you really depend and/or expect to stay secure on a 'stable' release of '_a_' software? The developer[s] were nice enough to release the software free, whether it sucks or not you should be greatful, unless of course you can code something better.. And call each and every update a stable release so that they can be released along with stable operating systems. untill then stfu, learn to compile updated software or don't bitch. -x ps. I dont mean to sound like an asshole (kind of ironic considering the tone of my email but shit!) , but he sounded like an asshole for assuming and implying nessus sucked .. it is a matter of opinion but state something reasonable to backup it up at least. On Sunday 13 October 2002 08:45 am, WebMaster wrote: Isn't the nessus in Debian quite old ? I think, there were newer nessus packages at the following sources: -- deb http://www.srce.hr/~joy/nessus1.2/ ./ deb-src http://www.srce.hr/~joy/nessus1.2/ ./ i ll install this version it s sure the woody version is a bogus version :-P isn t it strange for a stable release...? i ve done a nmap -sU on those ports (trinoo) from the 2 fresh hosts, they re closed and of course a nmap -sS on port 22 give us a opened port. thanks Martin ;-) Ivan Rambeau FranceOnLine
Re: linux random capabilities ...
On Wednesday 31 July 2002 06:08, Adam Olsen wrote: Short answer: Linux mainly uses interrupt timings as an entropy source, from devices that are fairly unpredictable. Assuming those are secure, the entropy pool is protected by a SHA hash of it's state when something needs random bits. (afaik) a SHA hash has no know weaknesses, with the exception of brute force which is simply too big to attempt. untrue, consider the attack against Netscape's ssl implementation consider: Ian Goldberg and David Wagner, Randomness and the Netscape Browser, Dr.Dobbs Journal, January 1996, p.66 http://www.ddj.com/documents/s=965/ddj9601h/9601h.htm Long answer: read drivers/char/random.c from your nearest linux source tree. Finally, i read here and there some work on hardware random generation devices (based on radio activity readings, or diods based devices or whatever), is there anyone with some experience with those ? yeah, I dont' know much about it but an article exists on P4's with a PRNG on them.. If anyone can provide some more feedback on this I'd love to hear them out, I myself have not had time to read the article I'm about to link or do any research on this whatso ever. www.g0thead.com/papers/Cryptography/IntelRNG.pdf www.g0thead.com/ssl_notes.txt unfinished research on ssl - I apologize on any wrong information provided in this text as I said it's unfinished research and all comments/corrections/flames are welcome :) -- -- Orlando Padilla http://www.g0thead.com/xbud.asc 'A woman drove me to drink and I didn't even have the courtesy to thank her' -wa --
Re: Allow FTP in, but not shell login
If I'm not mistaking and If you only have telnet enabled you can simply '*' disable the account for the user[s] you want to restrict access to in /etc/passwd file. ie - user:*:::UserName,,,:/home/user:/bin/bash ^ which *should* still let users ftp in and deny telnet sessions... If have your users login via ssh then 'sshd_config' file must be edited to have something like : sshd_config--- snip DenyUsers guest1 guest2 guest3 etc... snip eof--- cheers, xbud - [EMAIL PROTECTED] [EMAIL PROTECTED] "I only drink to make other people interesting." - On Tue, 13 Mar 2001, Kenneth Pronovici wrote: Hello - I'm not sure exactly where to look for this information, so if I should RTFM, just point me toward the right one. I have a situation where I've volunteered to host a few webpages for some users. They're at a university and are having problems getting timely access to their organizational websites on their school's server. Anyway, I'm happy to be the host, but I want these people to be able to FTP in ONLY, without interactive access. I want to do this specifically for a set of users, not for all users on the machine. My feeling is that PAM supports this somehow, but I'm not sure where to start. Anyone have any suggestions? Thanks for the help. KEN -- Kenneth J. Pronovici [EMAIL PROTECTED] Personal Homepage: http://www.skyjammer.com/~pronovic/ "The phrase, 'Happy as a clam' has never really held much meaning for me." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Allow FTP in, but not shell login
If I'm not mistaking and If you only have telnet enabled you can simply '*' disable the account for the user[s] you want to restrict access to in /etc/passwd file. ie - user:*:::UserName,,,:/home/user:/bin/bash ^ which *should* still let users ftp in and deny telnet sessions... If have your users login via ssh then 'sshd_config' file must be edited to have something like : sshd_config--- snip DenyUsers guest1 guest2 guest3 etc... snip eof--- cheers, xbud - [EMAIL PROTECTED] [EMAIL PROTECTED] I only drink to make other people interesting. - On Tue, 13 Mar 2001, Kenneth Pronovici wrote: Hello - I'm not sure exactly where to look for this information, so if I should RTFM, just point me toward the right one. I have a situation where I've volunteered to host a few webpages for some users. They're at a university and are having problems getting timely access to their organizational websites on their school's server. Anyway, I'm happy to be the host, but I want these people to be able to FTP in ONLY, without interactive access. I want to do this specifically for a set of users, not for all users on the machine. My feeling is that PAM supports this somehow, but I'm not sure where to start. Anyone have any suggestions? Thanks for the help. KEN -- Kenneth J. Pronovici [EMAIL PROTECTED] Personal Homepage: http://www.skyjammer.com/~pronovic/ The phrase, 'Happy as a clam' has never really held much meaning for me. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: promiscuous eth0
Snort by default sets your interface card to promiscuous mode. You can verify this by looking at 'ifconfig' output. eth0 Link encap:Ethernet HWaddr 00:E0:7D:79:01:25 inet addr:XX.XX.XX.XX Bcast:255.255.255.255 Mask:255.255.254.0 UP BROADCAST RUNNING PROMISC MTU:1500 Metric:1 RX packets:1882801 errors:0 dropped:0 overruns:0 frame:0 TX packets:1704205 errors:8 dropped:0 overruns:0 carrier:16 collisions:7247 txqueuelen:100 Interrupt:10 Base address:0xe000 UP BROADCAST RUNNING ||[PROMISC]|| etc... If you don't want snort running in promisc mode you can set this with the -p option. Another way of verifying your interface is in promisc mode is to look at your /var/log/messages file for kernel message Mar 3 04:07:06 kid_natas kernel: device eth0 entered promiscuous mode Mar 3 04:07:15 kid_natas kernel: device eth0 left promiscuous mode cheers xbud [EMAIL PROTECTED] [EMAIL PROTECTED]
libwrap.h
I'm wanting to install OpenSSH with tcpwrappers but it seems to need a file called libwrap.h. I have tried freshmeat.net osdn.net sourceforge.net and a few other sites searching for a suite that might contain that header file. Anyone have an idea what package it comes with? tks -xbud I only drink to make other people interesting [EMAIL PROTECTED]
Re: libwrap.h
Did valentine's day piss you off and now you're making no sense to get your anger out? - xbud
