On Thu, 22 Feb 2001 12:59:06 Jean-Francois JOLY wrote:
| Hello Everybody,
|
| I've ran Nessus against some servers and it reports me that
| sendmail
| is vulnerable to a Syn Flood. I've grabbed utilities to test the
| vulnerabilitie and haven't succeed to reproduce the
At 13:16 22.2.2001, Berend De Schouwer wrote:
event a DoS, from
their description, if they are implemented correctly. At least,
they'll offer as much protection as inetd can. I've used them
before when a mail script when crazy and caused too many
connections.
Anyway, Debian Potato ships with
Hello! Steve here,
Well I am one of the family now! My server is Debian 2.2r2. A benign hacker
got me. All he seemed to do was overwrite my root index.html page and
notify the "hackers watchdog" group to take responsibility for the act!
I have some security questions:
1. How secure is it
On Wed, Feb 21, 2001 at 01:26:02PM +, Jacob Meuser wrote:
You could install the Cygwin package for windows. It has ssh-2.3.0
and sftp I believe.
Look for any of the following on google --
* putty: a 200K single exe file for windows. Does ssh, telnet, xterm
emulation, but no port
Microsoft says the same about Windows 2000
Linux fans say the same about Linux
OpenBSD folks say the same about OpenBSD
...
Security relies on the good quality of the system and, more important, the
software you use but, in my opinion, is at the same level than the engineer in
charge of the
On Thu, Feb 22, 2001 at 10:58:27AM -0500, Steve Rudd wrote:
I have been told by a "Mac-head" that the Mac is the most secure server and
that it is significantly more secure than any unix system, including Linux.
Any comments
It all depends on the admin. Given good tools to work with, the
I ssh from my Windows 2000 machine at work to my Debian machine at home.
You just need the proper client. There are free ones out there for Windows.
From: Adam Spickler [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: Re: how secure is mail and ftp and netscape/IE???
Date: Wed, 21 Feb 2001
I have been told by a "Mac-head" that the Mac is the most secure server and
that it is significantly more secure than any unix system, including Linux.
MacOS up through 9.x is arguably more secure *out of the box* for the same
reason that Windows9x is secure *out of the box* -- there's no
Matthew Sherborne [EMAIL PROTECTED] writes:
Are there any gpl or similar anti-virus programs for linux ?
Any reccomendations ?
I have patch for qmail-local which will use AVPdaemon from Kaspersky (their
'AVP for qmail' sucks), if anyone is interested, but you have to buy a
license (it's not
Hi!
I tore down my redhat box and installed debian about 3 days ago. I decided
to use separate users and passwd for each telnet and email.
User#1: standard unsecure telnet cuteftp and Eudora.
User#1 has no shell access and is restricted to public "html" files
directories.
User#2: CRTssh
I've used macs as servers for fairly large numbers of people working for a
school district (k12 districts aren't into *nixes much yet, at least mine
wasn't...). It ran webstar (httpd), eims (mail), quickdns pro, and
netpresenz (ftpd). In my estimation, the security advantage definitely
goes to
We are currently running woody on a production machine (yes, I am not that
happy about that decision). Woody does not get potato's security updates,
and does not get new unstable security fixes in a timely fashion. This
leaves woody vulnerable to certain kinds of problems, particularly
You could just recompile it yourself. I don't even use any of the Debian
SSH packages anymore, they are mostly out-of-date anyway. The current
SSH2 in woody is 2.0.13, for example. I just download the source and
compile it myself for those kind of things.
There's another good point to that:
On Thu, 22 Feb 2001, Micah Anderson wrote:
Potato has a fix at
http://www.debian.org/security/2001/dsa-027
So how do we fix this on a woody machine?
You could build it from the source pkg's.
put some deb-src lines in y'r /etc/apt/sources.list
apt-get (-b) source
btw. howdo these
from the secret journal of Aaron Dewell ([EMAIL PROTECTED]):
You could just recompile it yourself. I don't even use any of the Debian
SSH packages anymore, they are mostly out-of-date anyway. The current
SSH2 in woody is 2.0.13, for example. I just download the source and
compile it
On Thu, Feb 22, 2001 at 11:10:39AM -0800, Micah Anderson wrote:
We are currently running woody on a production machine (yes, I am not that
happy about that decision). Woody does not get potato's security updates,
and does not get new unstable security fixes in a timely fashion. This
leaves
Hi,
I'm running woody but I have security.debian.org stable in my
apt sources.list file:
deb http://ftp.debian.org/debian woody main contrib non-free
deb http://non-us.debian.org woody/non-US main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
I installed ssh 2.3.0p1-1.11 from unstable on my woody
machines at home.
It works great.
Yes, but 2.4.0 is current.
NO, SSH 2.4.0 is SSH from SSH Communications. It is a commerical release. OpenSSH
and SSH are two different products - two completely different implementations of
On Thu, Feb 22, 2001 at 10:58:27AM -0500, Steve Rudd wrote:
I have been told by a "Mac-head" that the Mac is the most secure server and
that it is significantly more secure than any unix system, including Linux.
with MacOS everything runs as root since there is no security, no
UIDs, no
On Thu, Feb 22, 2001 at 03:09:36PM -0900, Ethan Benson wrote:
several years ago there was a silly `Crack a Mac' contest and someone
managed to exploit a cgi script and deface the web site served by the
Mac. in most cases such an attack would never allow site defacment on
unix since the site
On Thu, Feb 22, 2001 at 06:03:53PM -0700, Ray Percival wrote:
To solve this issue with Woody I just leave the line for the
stable security updates in my sources file. I get the security
updates before they are in Woody. Is there any reason this would
not be a good idea?
Yeah. It doesn't
On Thu, 22 Feb 2001 13:43:55 -0500, Steve Rudd mumbled disconsolately:
Why I could even post them on my root page and taunt
hackers to try and break in with them! I could even offer a 1000 prize for
anyone who can crack and hack their way in!
"Pride goeth before destruction, and an
Hello Everybody,
I've ran Nessus against some servers and it reports me that sendmail
is vulnerable to a Syn Flood. I've grabbed utilities to test the
vulnerabilitie and haven't succeed to reproduce the problem.
I've found no information about this vulnerabilitie.
Do
On Thu, 22 Feb 2001 12:59:06 Jean-Francois JOLY wrote:
| Hello Everybody,
|
| I've ran Nessus against some servers and it reports me that
| sendmail
| is vulnerable to a Syn Flood. I've grabbed utilities to test the
| vulnerabilitie and haven't succeed to reproduce the problem.
On Thu, 22 Feb 2001 13:27:07 Antti Tolamo wrote:
| At 13:16 22.2.2001, Berend De Schouwer wrote:
|
|
| event a DoS, from
| their description, if they are implemented correctly. At least,
| they'll offer as much protection as inetd can. I've used them
| before when a mail script when crazy and
Hello Berend,
You're right, it's a good question but:
It *is* Sendmail ;-)
I will try the features you told me, what do you think of this
setting, there is 150 PCs behind a 128k leased line.
O RefuseLA=15
O MaxDaemonChildren=30
O ConnectionRateThrottle=2
I wonder if
On Wed, Feb 21, 2001 at 01:26:02PM +, Jacob Meuser wrote:
You could install the Cygwin package for windows. It has ssh-2.3.0
and sftp I believe.
Look for any of the following on google --
* putty: a 200K single exe file for windows. Does ssh, telnet, xterm
emulation, but no port
I have been told by a Mac-head that the Mac is the most secure server and
that it is significantly more secure than any unix system, including Linux.
Any comments
Microsoft says the same about Windows 2000
Linux fans say the same about Linux
OpenBSD folks say the same about OpenBSD
...
Security relies on the good quality of the system and, more important, the
software you use but, in my opinion, is at the same level than the engineer in
charge of the
On Thu, Feb 22, 2001 at 10:58:27AM -0500, Steve Rudd wrote:
I have been told by a Mac-head that the Mac is the most secure server and
that it is significantly more secure than any unix system, including Linux.
Any comments
It all depends on the admin. Given good tools to work with, the
I ssh from my Windows 2000 machine at work to my Debian machine at home.
You just need the proper client. There are free ones out there for Windows.
From: Adam Spickler [EMAIL PROTECTED]
To: debian-security@lists.debian.org
Subject: Re: how secure is mail and ftp and netscape/IE???
Date:
well, considering that mac has cornered .0001% of the network
operating system market, there may be some truth to that statement.
after all, the most secure os is one that no one uses, right?
some one else, replied stating that a systems level of security is
generally at the
On Thu, Feb 22, 2001 at 10:58:27AM -0500, Steve Rudd wrote:
I have been told by a Mac-head that the Mac is the most secure server and
that it is significantly more secure than any unix system, including Linux.
Believe it or not the U.S. military made such a claim about 18 months or
so back.
On Thu, 22 Feb 2001, Noah L. Meyerhans wrote:
The thing is, any box on the network is going to be insecure, and the
I second(third?) that.
The best way to reduce the security risk to zero on ANY system is to:
1. Unplug ethernet
2. Unplug power cord
3. Lock system in
I have been told by a Mac-head that the Mac is the most secure server and
that it is significantly more secure than any unix system, including Linux.
MacOS up through 9.x is arguably more secure *out of the box* for the same
reason that Windows9x is secure *out of the box* -- there's no
-Original Message-
From: Mike Renfro [mailto:[EMAIL PROTECTED] Behalf Of
Mike Renfro
Sent: Thursday, February 22, 2001 7:30 AM
To: debian-security@lists.debian.org
Subject: Re: how secure is mail and ftp and netscape/IE???
[...]
* ttssh: ssh extension for TeraTerm Pro.
Matthew Sherborne [EMAIL PROTECTED] writes:
Are there any gpl or similar anti-virus programs for linux ?
Any reccomendations ?
I have patch for qmail-local which will use AVPdaemon from Kaspersky (their
'AVP for qmail' sucks), if anyone is interested, but you have to buy a
license (it's not
Hi!
I tore down my redhat box and installed debian about 3 days ago. I decided
to use separate users and passwd for each telnet and email.
User#1: standard unsecure telnet cuteftp and Eudora.
User#1 has no shell access and is restricted to public html files
directories.
User#2: CRTssh
I've used macs as servers for fairly large numbers of people working for a
school district (k12 districts aren't into *nixes much yet, at least mine
wasn't...). It ran webstar (httpd), eims (mail), quickdns pro, and
netpresenz (ftpd). In my estimation, the security advantage definitely
goes to the
We are currently running woody on a production machine (yes, I am not that
happy about that decision). Woody does not get potato's security updates,
and does not get new unstable security fixes in a timely fashion. This
leaves woody vulnerable to certain kinds of problems, particularly
distressing
You could just recompile it yourself. I don't even use any of the Debian
SSH packages anymore, they are mostly out-of-date anyway. The current
SSH2 in woody is 2.0.13, for example. I just download the source and
compile it myself for those kind of things.
There's another good point to that:
On Thu, 22 Feb 2001, Micah Anderson wrote:
Potato has a fix at
http://www.debian.org/security/2001/dsa-027
So how do we fix this on a woody machine?
You could build it from the source pkg's.
put some deb-src lines in y'r /etc/apt/sources.list
apt-get (-b) source
btw. howdo these
from the secret journal of Aaron Dewell ([EMAIL PROTECTED]):
You could just recompile it yourself. I don't even use any of the Debian
SSH packages anymore, they are mostly out-of-date anyway. The current
SSH2 in woody is 2.0.13, for example. I just download the source and
compile it
I installed ssh 2.3.0p1-1.11 from unstable on my woody machines at home.
It works great.
Actually that's OpenSSH 2.3.0p1. I seriously wish the Debian team would stop
calling it SSH and label it properly.
OpenSSH is Free Software. The commercial release of SSH from SSH
Communications is
Hi,
I'm running woody but I have security.debian.org stable in my
apt sources.list file:
deb http://ftp.debian.org/debian woody main contrib non-free
deb http://non-us.debian.org woody/non-US main contrib non-free
deb http://security.debian.org stable/updates main contrib non-free
On Thu, 22 Feb 2001, Peter Cordes wrote:
On Thu, Feb 22, 2001 at 11:10:39AM -0800, Micah Anderson wrote:
We are currently running woody on a production machine (yes, I am not that
happy about that decision). Woody does not get potato's security updates,
and does not get new unstable
I installed ssh 2.3.0p1-1.11 from unstable on my woody
machines at home.
It works great.
Yes, but 2.4.0 is current.
NO, SSH 2.4.0 is SSH from SSH Communications. It is a commerical release.
OpenSSH and SSH are two different products - two completely different
implementations of
On Thu, Feb 22, 2001 at 10:58:27AM -0500, Steve Rudd wrote:
I have been told by a Mac-head that the Mac is the most secure server and
that it is significantly more secure than any unix system, including Linux.
with MacOS everything runs as root since there is no security, no
UIDs, no
On Thu, Feb 22, 2001 at 03:09:36PM -0900, Ethan Benson wrote:
several years ago there was a silly `Crack a Mac' contest and someone
managed to exploit a cgi script and deface the web site served by the
Mac. in most cases such an attack would never allow site defacment on
unix since the site
To solve this issue with Woody I just leave the line for the
stable security updates in my sources file. I get the security
updates before they are in Woody. Is there any reason this would
not be a good idea?
Ray
Random numbers are to computers what freewill is to human beings
--Robert A.
Tal Danzig wrote:
There are no mirrors of security.debian.org (or shouldn't be)
for security reasons.
This way the authenticity of security packages can be better controlled.
- Tal
What about local mirrors?
I can imagine a company with several hundred, or maybe thousands of debian
51 matches
Mail list logo