On Wed, 21 Dec 2005, Johannes Wiedersich wrote:
Wrong. I was in Milano (Italy) a few month ago, and I wanted to do exactly
that. The person at the desk looked at me as if I were a Martien when I ask
italians just passed a law that all isp and internet cafe etc are required
to ask for ID
On Thu, 15 Dec 2005, kevin bailey wrote:
Alvin Oga wrote:
On Thu, 15 Dec 2005, kevin bailey wrote:
was recently rootkitted on a debian machine because i'd left an obscure
service running.
if you know how they got in .. i assume oyu have since fixed it
my guess
On Thu, 15 Dec 2005, kevin bailey wrote:
was recently rootkitted on a debian machine because i'd left an obscure
service running.
if you know how they got in .. i assume oyu have since fixed it
if you do not know how they got in ...
- time to change security policy big time to
hi ya thomas
On Wed, 30 Nov 2005, Thomas Hochstein wrote:
Alvin Oga schrieb:
- fresh installs means you have to configure everything
again from nothing .. maybe 1hr ..maybe 1 day .. maybe 1 week
No, you don't; you can just review the configuration file(s) manually
or check
hi ya kevin
On Tue, 29 Nov 2005, kevin bailey wrote:
i have tried out lots of different things on this server and have made the
mistake of leaving unnecessary services running.
everybody does that, one forgets to undo the experiment environment
and restore back to secure mode
in this case
hi ya alex
- lots of options .. too too too many ...
but bottom line ... you have to do the work .. not the
outside white-hat you're looking for
On Wed, 2 Nov 2005, alex black wrote:
Not much, frankly. The idea here is to have someone that is not
malicious, but is skilled, to attempt
On Tue, 1 Nov 2005, Harry wrote:
Perhaps the following questions should be asked first
1. How do we know know Mr Black is who he says he is?
2. How can we confirm the machine details he supplies
are actually details of a machine that he owns?
... all valid points ..
- a face to face
hi ya alex
On Mon, 31 Oct 2005, alex black wrote:
i'm gonna skip the offlist part and raise some questions/comments
just because it's a fun topic to cover and see other folks comments
and philosophy
- there will never be one solution for 2-3 people but will
be all different
On Mon, 29 Aug 2005, Paul Gear wrote:
if it's important... they will post dsa ??
There certainly have been exceptions to that rule. The maintainer of
there will always be exceptions ...
shorewall has been trying for weeks to get a DSA issued about a
vulnerability, and it seems we have
On Mon, 29 Aug 2005, Paul Gear wrote:
... [ prev procss/proceedure snipped ]
What makes you think that this didn't occur?
sounds like a normal thing .. good
joey and crew can't possibly examine, review, fix, verify all bugs
no matter how good of an expert security coder they were
My
On Sun, 28 Aug 2005, Florian Weimer wrote:
AFAIK, you can only blame the security team for lack of communication.
nah ... they're doing fine .. to the extent is needed ??
if it's important... they will post dsa ??
They were ready to upload the packages, but the infrastructure to
process
On Thu, 25 Aug 2005, Jan Luehr wrote:
Again the debian security infrastructure has proofed to be accident
sensitive.
This night, power supply broke down,
taking security.debian.org being
responsible for delivering updates offline. The power cut off happend in the
data center rack the
On Sat, 20 Aug 2005, Daniel Sterling wrote:
The latest upgrades to sarge's firefox have addressed (successfully?) several
security vulnerabilities. I submit that the work done to create these new
packages has been wasted effort, for at least two reasons.
that is just one package out of
On Wed, 29 Jun 2005, Micah Anderson wrote:
Alvin Oga schrieb am Tuesday, den 28. June 2005:
You sent an email where about what and got no response? I did not see
your offer to help come across the mailing list (if it is there, can
you point out the URL to the message?)...
i think you can
On Wed, 29 Jun 2005, Micah Anderson wrote:
i think you can search thru the debian security archives just as
easily as i can or in fact even more easily since yu have a debian acct ??
Did you read the email that I referenced? It doesn't sound like you
did.
this is precisely why
hi ya micah
- thanx for trying ... lets see what happens
On Wed, 29 Jun 2005, Micah Anderson wrote:
Alvin Oga schrieb am Wednesday, den 29. June 2005:
On Wed, 29 Jun 2005, Micah Anderson wrote:
...
Did you read the email that I referenced? It doesn't sound like you
did
hi ya
On Tue, 28 Jun 2005, Javier [iso-8859-1] Fernández-Sanguino Peña wrote:
lots of people have their own requiremetns for security ...
instead of adding to the security team's tasks, and instead of writting
emails, why don't we spend the time to write some scripts to do
what we're expecting
On Tue, 28 Jun 2005, Alvin Oga wrote:
On Tue, 28 Jun 2005, martin f krafft wrote:
thanks for the proposal. why did you write it and not just get on
with those scripts already?
idea
if somebody at debian.org can create yaml, say [EMAIL PROTECTED],
than the rest of us moaners, complainers
On Tue, 28 Jun 2005, martin f krafft wrote:
Just use this list.
i think the point of this list is its not moving fast
enough for some folks wanting security updates
the machine can be called sec-test.debian.org so that we have
a way to test another security update/process/procedures out
On Tue, 28 Jun 2005, Micah Anderson wrote:
Alvin Oga schrieb am Tuesday, den 28. June 2005:
If you are interested in testing security, then there is a group
working on this project. Here is some information about the history of
the team, and if you read through the message
On Thu, 16 Jun 2005, Kevin Brown wrote:
can u tell me how do i track somebody's ip that's trying to hack me
assuming it is: trying to hack vs a successful breakin:
- what would be the point to find out ??
- why do you care who is trying ??
- more importantly...
-
On Sat, 4 Jun 2005, justme wrote:
Grub or Lilo it don't matter they don't start when I reboot after
installation.
When I reboot with Grub is stands still: GRUB_ (underscore blinking)
and don't start (have to reboot and reboot)
grub didn't install properly
The same with Lilo It stands
On Mon, 9 May 2005, Raph segal wrote:
I dont know what to do to patch and secure my system. Can I get some
advice or maybe someone who can help me?
humm .. welcome to the internet ..
- in one line: if nothing else, patch your servers regularly
and hope there is no bugg vs letting a
On Thu, 31 Mar 2005, Brad Sims wrote:
`less /var/log/auth.log|grep Failed|wc -l` shows 185 attempts to compromise
my machine since March 27th...
/etc/hosts.deny reads: ALL: ALL
good
/etc/hosts.allow reads:
sshd: $WORK_IP1
sshd: $WORK_IP2
good
but make sure ssh is compiled with
On Wed, 30 Mar 2005, Malcolm Ferguson wrote:
David Pastern wrote:
...
The only way to fix a problem is for everyone to discuss it, and that
means the users and not just the developers.
I completely agree that this needs to be discussed, but is a Debian
security list the right
hi ya javier
On Tue, 29 Mar 2005, Javier [iso-8859-1] Fernández-Sanguino Peña wrote:
On Mon, Mar 28, 2005 at 12:37:46PM -0800, Alvin Oga wrote:
When I logged on I discovered two outgoing connections to port ircd on
the foreign hosts, and some thing listening on port 48744 TCP
On Mon, 28 Mar 2005, Noah Meyerhans wrote:
yup .. :-)
It should be noted that it is entirely possible, even on today's
internet, to run a large network completely exposed to the internet. It
always makes me sad when I hear people talking as though you simply
*must* have a firewall, or
hi ya malcolm
On Mon, 28 Mar 2005, Malcolm Ferguson wrote:
Machine was running Debian 3.0 and was behind a NAT box with ports
forwarded for SMTP, HTTP and SSH. It hadn't been rebooted for 430
days. I was using a 2.4 kernel with MPPE builtin.
which particular 2.4 kernel ??
Early on
hi ya malcolm
On Mon, 28 Mar 2005, Malcolm Ferguson wrote:
A very good lesson for me.
and for everybody reading the lists :-), we're sorry you were
volunteered for the task today :-)
I'm curious though about your statements telling me that everything I
have is old and that I should be
On Wed, 2 Mar 2005, David Mandelberg wrote:
Alvin Oga wrote:
no more telnet, no more pop3, no more wireless, no more
anything that is insecure
Those are not insecure: using them unwisely is. Telnet over a VPN is just as
secure as ssh with password authentication. The same goes
On Wed, 2 Mar 2005, s. keeling wrote:
Incoming from Alvin Oga:
On Wed, 2 Mar 2005, David Mandelberg wrote:
s. keeling wrote:
Isn't it generally accepted that black hats who get local access (ie.,
a user login account) is _much_ worse than black hats who've been kept
On Wed, 2 Mar 2005, David Mandelberg wrote:
s. keeling wrote:
Isn't it generally accepted that black hats who get local access (ie.,
a user login account) is _much_ worse than black hats who've been kept
anybody and everybody has local access with or without permission
out? Assuming
On Sat, 19 Feb 2005 [EMAIL PROTECTED] wrote:
On Fri, Feb 18, 2005 at 08:11:28AM -0500, Michael Stone wrote:
On Fri, Feb 18, 2005 at 05:07:40PM +1100, [EMAIL PROTECTED] wrote:
I like using non-modular kernels to prevent LKMs
Of course, running a non-modular kernel doesn't prevent
On Mon, 7 Feb 2005, Matthew Palmer wrote:
On Sun, Feb 06, 2005 at 10:52:50PM -0800, Alvin Oga wrote:
it's best when you can call the fbi (on the phone) and say, they're
back, trace um NOW
Obviously you've never done this.
and obviously you seem too lazy to catch the cracker ??
don't
hi ya matt
On Mon, 7 Feb 2005, Matthew Palmer wrote:
Three step program for you, bub.
1) Place your feet on your shoulders;
2) Push hard;
3) Take your first breath of arse-free air in a long time.
sounds like you should do the same ... or more like too late for you
I have reported
On Mon, 7 Feb 2005, Bernd Eckenfels wrote:
In article [EMAIL PROTECTED] you wrote:
- works great across the usa, even if the cracked
box they came from was offshore, they can trace it
back to somebody's bedroom or colo
is that first hand knowledge or just some
hi ya
On Mon, 7 Feb 2005, James Renken wrote:
..
The summary in legal terms: contributory negligence is not a defense to an
intentional (or reckless) tort. The first major case I found with an
offhand search is:
Schellhouse v. Norfolk W. Ry. Co., 575 N.E.2d 453, 456 (Ohio 1991)
On Mon, 7 Feb 2005, Geoff Crompton wrote:
You were rooted, you should reinstall. It's not worth risking that he
left something that you didn't find.
my opinion
reinstalling is the equivalent of a script kiddie and probably lower
in skill level of the script kiddie
/opinion
see below for
On Mon, 7 Feb 2005, Bernd Eckenfels wrote:
In article [EMAIL PROTECTED] you wrote:
you can reinstall AFTER you can answer all the above questions
or give up and give the point ot the script kiddie cracker
No, you make an image, reinstall, and if you have time (ie. you normally
dont)
On Sun, 6 Feb 2005, Scott Edwards wrote:
You'll want to evaluate the time and resources you'll consume, and to
what end. Even in high profile cases, you have to do even more work
to collect the damages awarded. It's like a triple whammy:
1. Your box gets compromised
2. You sue them
3.
On Fri, 4 Feb 2005, Felipe Massia Pereira wrote:
Hi list,
I'd like to know more about security procedures for mirrors, mainly how
to check the repository for malicious corruption, and if there is a
channel which could be used to notify users who download from my mirror.
check the md5
On Tue, 18 Jan 2005, David Mandelberg wrote:
Save to your GNOME/KDE desktop (like many newbies do) and double click the
new
icon. .desktop files (currently) don't need the x bit set to work, so no
chmod'ing is necessary.
that'd be dumb of the user
This one is pretty harmless (it just
On Sat, 15 Jan 2005, hanasaki wrote:
so what do you recommend for security?
also what about rsbac? where does this fit in?
how much time do you want to spend to harden the kernel ?
http://Linux-Sec.net/Kernel
openwall, libsafe, lids, etc ..
...
That seems the default
hi ya
i was playing over the weekend ..
looking at various sniffer detectors to see what it finds
#
# Problem was to find any/all sniffers on the local subnet
# from the playing i did, they'd still remain hidden while sniffing
#
i was running some sniffers of various flavors on various
hi ya
On Thu, 28 Oct 2004, Kim wrote:
I am sorry if I have misunderstood anything but whatever is needed to
satisfy yourself Since this is a personal matter isn't there chances that a
person may miss important issues? I rather surgest a clear program of checks
that at least must be done in
hi ya newton
On Wed, 23 Jun 2004, Ip2Tel - Newton Medina wrote:
Thank you
are you looking for general info or security info on sip/h323
http://linux-voip.net/Testing/
have fun
alvin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact
hi ya
On Wed, 16 Jun 2004, TiM wrote:
Look at installing mod_security, http://modsecurity.org
Install some rules for it to harden your webserver, see if anything is
flagged in the security log.
other web server testing tools
http://www.linux-sec.net/Web/#Testing
c ya
alvin
hi ya
On Wed, 16 Jun 2004, TiM wrote:
Look at installing mod_security, http://modsecurity.org
Install some rules for it to harden your webserver, see if anything is
flagged in the security log.
other web server testing tools
http://www.linux-sec.net/Web/#Testing
c ya
alvin
hi ya jaroslaw
On Thu, 10 Jun 2004, Jaroslaw Tabor wrote:
In mean time, I've found additional way for spam filtering, but it
requires some development. The basic idea is simple and already in use:
We are allowing all emails from whitelits.
already done ... most MTA support a whitelist and
hi ya
On Fri, 4 Jun 2004, Michael Stone wrote:
On Fri, Jun 04, 2004 at 05:26:07PM -0700, Rick Moen wrote:
You mean like having extra meanings of the term vaporware, ones that
you alone are aware of? OK.
vaporware is good and bad ...
good, because if its features gets implemented right and
hi ya
On Fri, 4 Jun 2004, Michael Stone wrote:
On Fri, Jun 04, 2004 at 05:26:07PM -0700, Rick Moen wrote:
You mean like having extra meanings of the term vaporware, ones that
you alone are aware of? OK.
vaporware is good and bad ...
good, because if its features gets implemented right and
hiya david
On Thu, 3 Jun 2004, David Stanaway wrote:
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from host-69-145-228-124.client.bresnan.net (unknown
[69.145.228.124]) by david.dialmex.net (Postfix) with SMTP id
CF733146132E
for [EMAIL
On Thu, 3 Jun 2004, s. keeling wrote:
why is your spam filter allowing 3 basic spam signs thru ??
- email to undisclosed-recipients should be bounced
- email from non-existent hosts should be bounced
host-69-145-228-124.client.bresnan.net
- email from [EMAIL
hi ya s.
On Thu, 3 Jun 2004, s. keeling wrote:
If I can't, what does my ISP have to do to implement this?
ISP will probably NOT provide spam filtering, becuase of legal issues
My ISP does provide spam filtering; spamassassin marks crap on the
mailhost and procmail moves it to my
On Thu, 3 Jun 2004, Kjetil Kjernsmo wrote:
On torsdag 3. juni 2004, 20:53, Alvin Oga wrote:
you have to post process your emails
after you already received it.
...and then it is a bit late to bounce, isn't it...?
i typically dont need to post process... i never got the spam
post
On Thu, 3 Jun 2004, s. keeling wrote:
I actually meant the typical worst practices for which spammers are
so well known. Spammers use these things to avoid detection. Average
maybe we should reject misspelled email subject lines :-)
users do them without even realizing it. For instance,
hi ya blu
On Thu, 3 Jun 2004, Blu wrote:
I agree, but it was suggested that any mail server should reject spam at
SMTP time, and not bounce it at all.
yupp ... best to do at smtp time
If my relay server (not open, but
relay for customers) has no means to verify recipients, what to do when
hiya david
On Thu, 3 Jun 2004, David Stanaway wrote:
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
Received: from host-69-145-228-124.client.bresnan.net (unknown
[69.145.228.124]) by david.dialmex.net (Postfix) with SMTP id
CF733146132E
for [EMAIL
On Thu, 3 Jun 2004, s. keeling wrote:
why is your spam filter allowing 3 basic spam signs thru ??
- email to undisclosed-recipients should be bounced
- email from non-existent hosts should be bounced
host-69-145-228-124.client.bresnan.net
- email from [EMAIL
hi ya s.
On Thu, 3 Jun 2004, s. keeling wrote:
If I can't, what does my ISP have to do to implement this?
ISP will probably NOT provide spam filtering, becuase of legal issues
My ISP does provide spam filtering; spamassassin marks crap on the
mailhost and procmail moves it to my
On Thu, 3 Jun 2004, Kjetil Kjernsmo wrote:
On torsdag 3. juni 2004, 20:53, Alvin Oga wrote:
you have to post process your emails
after you already received it.
...and then it is a bit late to bounce, isn't it...?
i typically dont need to post process... i never got the spam
post
On Thu, 3 Jun 2004, s. keeling wrote:
I actually meant the typical worst practices for which spammers are
so well known. Spammers use these things to avoid detection. Average
maybe we should reject misspelled email subject lines :-)
users do them without even realizing it. For instance,
On Thu, 3 Jun 2004, Blu wrote:
On Thu, Jun 03, 2004 at 04:34:44PM -0700, Rick Moen wrote:
Do I win a prize,
yup :-)
or was that just a qualifying round, and the real
questions, that actually require thinking, will come later?
Are you suggesting then, that we should not relay mail at
hi ya blu
On Thu, 3 Jun 2004, Blu wrote:
I agree, but it was suggested that any mail server should reject spam at
SMTP time, and not bounce it at all.
yupp ... best to do at smtp time
If my relay server (not open, but
relay for customers) has no means to verify recipients, what to do when
On Wed, 7 Apr 2004, Micah Anderson wrote:
Hey all,
I am looking for some scanners which look for known vulnerabilities in
different web software.
for the best use of yoru and time and customer relations:
a) hire a security conscious server admin
- one admin should be able to
On Wed, 7 Apr 2004, Micah Anderson wrote:
Hey all,
I am looking for some scanners which look for known vulnerabilities in
different web software.
for the best use of yoru and time and customer relations:
a) hire a security conscious server admin
- one admin should be able to
hi ya noah
On Mon, 2 Feb 2004, Noah Meyerhans wrote:
On Mon, Feb 02, 2004 at 02:06:41PM -0800, Alvin Oga wrote:
'nmap' to those ports gives me:
PORT STATESERVICE
1524/tcp filtered ingreslock
31337/tcp filtered Elite
turn off those ports ... kill ingress
hi ya Johannes
if you ( a debian box?? ) have been hacked .. other hosts are equally
susceptable .. finding out what is going on is important
On Sun, 1 Feb 2004, Eric Nelson wrote:
Yep, it definately looks like you're hacked with those ports open unless
hummm... i'm not as sure .. so i'd
hi ya noah
On Mon, 2 Feb 2004, Noah Meyerhans wrote:
On Mon, Feb 02, 2004 at 02:06:41PM -0800, Alvin Oga wrote:
'nmap' to those ports gives me:
PORT STATESERVICE
1524/tcp filtered ingreslock
31337/tcp filtered Elite
turn off those ports ... kill ingress
hi ya noah
On Mon, 2 Feb 2004, Noah Meyerhans wrote:
On Mon, Feb 02, 2004 at 02:54:33PM -0800, Alvin Oga wrote:
If you run 'iptables -A INPUT -p tcp --dport 1524 -j REJECT' you'll get
this exact behavior, with nothing listening on these ports.
and am wondering, why explicitly reject
hi ya johannes
On Mon, 2 Feb 2004, Johannes Graumann wrote:
Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
At this point I believe to be able to attribute this to portsentry
running - '/etc/init.d/portsentry stop' makes it go away,
'/etc/init.d/portsentry start' makes it reappear
hi ya nick/jim
On Tue, 3 Feb 2004, Nick Boyce wrote:
On Mon, 2 Feb 2004 18:28:31 -0800 (PST), Alvin Oga wrote:
On Mon, 2 Feb 2004, Johannes Graumann wrote:
Checking 'bindshell'... INFECTED [PORTS: 1524 31337]
At this point I believe to be able to attribute this to portsentry
On Wed, 28 Jan 2004, Dale Amon wrote:
I've finally been annoyed enough by spammer hits on
my DNS that I've pulled out the BOG for the first time
in several years.
What I'd like to accomplish is the following:
* allow-query for a specific list of addresses
to use the
On Wed, 24 Dec 2003, Jose Luis Domingo Lopez wrote:
On Wednesday, 24 December 2003, at 15:33:54 +0100,
outsider wrote:
But I have a dynamic IP. Every time I boot my system I get another
IP-address.
There is no end of viruses, worms, and people with too much free time
and too
On Wed, 24 Dec 2003, Jose Luis Domingo Lopez wrote:
On Wednesday, 24 December 2003, at 15:33:54 +0100,
outsider wrote:
But I have a dynamic IP. Every time I boot my system I get another
IP-address.
There is no end of viruses, worms, and people with too much free time
and too
On Fri, 5 Dec 2003, Thomas [iso-8859-1] Sjögren wrote:
On Fri, Dec 05, 2003 at 08:08:46AM +0100, Lupe Christoph wrote:
BUT! Does anybody have a patch for the do_brk vuln on any kernel-source
package = 2.4.20 as they are currently in the archives? I would like to
build a new kernel with
hi ya
On Tue, 25 Nov 2003, Michael Stone wrote:
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what
On 26 Nov 2003, Michel Verdier wrote:
[EMAIL PROTECTED] (John Keimel) a écrit :
We've still got many hours of Wednesday left and if the people in charge
of this are like many hackers I know, it'll be near the end of the day
before anything would be posted.
Which time zone ? :)
:-)
On Fri, 21 Nov 2003, Matthijs Mohlmann wrote:
ey,
Maybe some piece of advice. I run a server with the grsecurity patch on
the kernel maybe that's also an option to run on the debian server(s)
Maybe this is already on the server, when so, i've nothing said.
there are lots ( dozens ) of
On Thu, 27 Nov 2003, Russell Coker wrote:
On Thu, 27 Nov 2003 04:51, Matt Zimmerman [EMAIL PROTECTED] wrote:
Big money does not imply big security. Large corporations with lots of
money to spend on security are compromised all the time. Obviously, they
aren't as forthcoming about it as
hi ya
On Tue, 25 Nov 2003, Michael Stone wrote:
On Sun, Nov 23, 2003 at 01:09:27AM -0500, Jim Hubbard wrote:
After the Linux kernel server got hacked a few weeks ago, and now this
successful attack at Debian, my confidence is shaken. I hope we'll see full
disclosure about exactly what
On Thu, 27 Nov 2003, Russell Coker wrote:
On Thu, 27 Nov 2003 04:51, Matt Zimmerman [EMAIL PROTECTED] wrote:
Big money does not imply big security. Large corporations with lots of
money to spend on security are compromised all the time. Obviously, they
aren't as forthcoming about it as
On Tue, 1 Jul 2003, valerian wrote:
On Tue, Jul 01, 2003 at 02:36:37PM +0200, Javier Castillo Alcibar wrote:
Hi all,
I want to setup a new linux server in internet (apache, php, postfix,
mysql, dns...), and I would like to patch the standard kernel with some
security patches. but
On Wed, 2 Jul 2003, Preben Randhol wrote:
Alvin Oga [EMAIL PROTECTED] wrote on 02/07/2003 (12:46) :
rest of the kernel hardening patches
http://linux-sec.net/Harden/kernel.gwif.html
What about: http://www.nsa.gov/selinux/ ?
that's listed in the list of secure linux distros
On Tue, 1 Jul 2003, valerian wrote:
On Tue, Jul 01, 2003 at 02:36:37PM +0200, Javier Castillo Alcibar wrote:
Hi all,
I want to setup a new linux server in internet (apache, php, postfix,
mysql, dns...), and I would like to patch the standard kernel with some
security patches. but
On Wed, 2 Jul 2003, Preben Randhol wrote:
Alvin Oga [EMAIL PROTECTED] wrote on 02/07/2003 (12:46) :
rest of the kernel hardening patches
http://linux-sec.net/Harden/kernel.gwif.html
What about: http://www.nsa.gov/selinux/ ?
that's listed in the list of secure linux distros
hi ya
gazillion different solutions for secure topologies that
depends on time, and machines available, skillset and
what you're protecting against
c ya
alvin
-- you need backups ... :-)
-- disallow insecure services even behind the firewall
( telnet, ftp, pop3/imap, dhcp,
hi ya
gazillion different solutions for secure topologies that
depends on time, and machines available, skillset and
what you're protecting against
c ya
alvin
-- you need backups ... :-)
-- disallow insecure services even behind the firewall
( telnet, ftp, pop3/imap, dhcp,
rest of the secure distro or floppy-based distro for
firewall grade OS -- or a hardened debian box..
http://www.Linux-Sec.net/Distro/
- but fromt he loosk of security advisories from some
distro, its just like any other linux distro .. with
more or less
hi ya
On Sun, Jan 19, 2003 at 02:18:16PM +0100, Ivo Marino wrote:
I think using a cron-job like cron-apt for updating security related
packages automaticly on the servers not only could be a problem
considering the securtiy point of view but also this could corrupt a
server
hi ya
On Sun, Jan 19, 2003 at 02:18:16PM +0100, Ivo Marino wrote:
I think using a cron-job like cron-apt for updating security related
packages automaticly on the servers not only could be a problem
considering the securtiy point of view but also this could corrupt a
server
hi ya pain
On Wed, 18 Dec 2002 [EMAIL PROTECTED] wrote:
Hi,
The SmartFTP windows client support ftp over ssl and is free for personal,
educational or non-comercial use. Its available for download at :
http://www.smartftp.com/download/
very nice info at least... lets see over time what
hi ya abelmmg
On Wed, 18 Dec 2002, Rick Moen wrote:
Quoting Yahoo ([EMAIL PROTECTED]):
I am interesting to setup a ftp daemon with SSL option, which is an
useful option ??? and I need some ftp-ssl client for windows 2000, is
there anyone free ?
just wondering... why not offer https
hi ya rick
On Wed, 18 Dec 2002, Rick Moen wrote:
Quoting Alvin Oga ([EMAIL PROTECTED]):
otherwise secure windoze clients ...
( winscp and equivalent ...
http://www.linux-sec.net/SSH/client.gwif.html#SFTP
That's a listing of MS Windows SSH Clients, and includes
hi ya pain
On Wed, 18 Dec 2002 [EMAIL PROTECTED] wrote:
Hi,
The SmartFTP windows client support ftp over ssl and is free for personal,
educational or non-comercial use. Its available for download at :
http://www.smartftp.com/download/
very nice info at least... lets see over time what
hi ya Halil
On Mon, 16 Dec 2002, Rick Moen wrote:
Quoting Halil Demirezen ([EMAIL PROTECTED]):
By the way is there a URL for full qualified postfix MTA howto?
That will be so helpful.
some postfix stuff
http://www.linux-sec.net/Mail/#MTA
Under the assumption you're still
On Mon, 9 Dec 2002, martin f krafft wrote:
also sprach Albert Cervera Areny [EMAIL PROTECTED] [2002.12.06.2129 +0100]:
I think it would be a great idea to use this patch with debian too as soon as
gcc becomes the compiler by default. Protecting the entire system from this
kind of bugs
On Mon, 9 Dec 2002, martin f krafft wrote:
also sprach Albert Cervera Areny [EMAIL PROTECTED] [2002.12.06.2129 +0100]:
I think it would be a great idea to use this patch with debian too as soon
as
gcc becomes the compiler by default. Protecting the entire system from this
kind of
hi ya
the easy way ??
# vi /etc/mail/access
#
# leave the stuff already tehre
#
...
#
# all my bubbies??
[EMAIL PROTECTED] RELAY
#
#
# Addd simple spam blocking
#
hi ya
the easy way ??
# vi /etc/mail/access
#
# leave the stuff already tehre
#
...
#
# all my bubbies??
[EMAIL PROTECTED] RELAY
#
#
# Addd simple spam blocking
#
1 - 100 of 234 matches
Mail list logo
