Are you sure that they portscanned you and not someone faking that IP?
according to arin:
OrgName:Distributed Network Technical Support
OrgID: DNTS
NetRange: 198.175.98.0 - 198.175.98.255
CIDR: 198.175.98.0/24
NetName:INTEL-IT35
NetHandle: NET-198-175-98-0-1
Parent:
Are you sure that they portscanned you and not someone faking that IP?
according to arin:
OrgName:Distributed Network Technical Support
OrgID: DNTS
NetRange: 198.175.98.0 - 198.175.98.255
CIDR: 198.175.98.0/24
NetName:INTEL-IT35
NetHandle: NET-198-175-98-0-1
Parent:
Well, as I understand it, the trojan run only when you compile the code
... it's not in the sshd program. So, you can only have it if you compiled
the code yourself. If so, you can just check the md5 sums from the
advisory.
-rishi
On Mon, 5 Aug 2002, Halil Demirezen wrote:
Hi
Does mod_ssl support the new apache yet?
-rishi
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
I think the Banner tag is meant for text files. I assume you're trying to
display some information that changes every so often. I see two ways of
doing this:
1) set up a cron job to run every so often and update the file and set the
Banner tag to the file.
2) configure sshd to run with
I think the Banner tag is meant for text files. I assume you're trying to
display some information that changes every so often. I see two ways of
doing this:
1) set up a cron job to run every so often and update the file and set the
Banner tag to the file.
2) configure sshd to run with
I looked into shorewall. It doesn't support ipchains, but seawall does.
Would you suggest updating to iptables or using seawall?
Do you think that Linux 2.4.x is stable yet? If so, which version?
I believe that ipchains can do the job and that linux 2.2.20 is stable. I
don't have experience in
Does anyone have a set of ipchains rules for a DMZ that doesn't have
routable IPs and an internal network that doesn't have routable IPs?
I looked on the IPCHAINS HOWTO page, but they don't have a script for
this. I haven't seen anything with google either.
I'm looking for something like this:
I looked into shorewall. It doesn't support ipchains, but seawall does.
Would you suggest updating to iptables or using seawall?
Do you think that Linux 2.4.x is stable yet? If so, which version?
I believe that ipchains can do the job and that linux 2.2.20 is stable. I
don't have experience in
Sounds like you have some cron jobs running every five minutes. Check your
/etc/crontab, /etc/cron.d, /etc/crond.daily. See if you can find the jobs
that's running every five minutes. If someone was trying to login, it
would say which tty they were logging in from, or it would have associated
Sounds like you have some cron jobs running every five minutes. Check your
/etc/crontab, /etc/cron.d, /etc/crond.daily. See if you can find the jobs
that's running every five minutes. If someone was trying to login, it
would say which tty they were logging in from, or it would have associated
sshd
(we are also not releasing *too* many of these yet, when we do the Ghost
licensing fees might be higher than is justified).
when Ghost is prohibitive, consider using dd, the standard unix disk
dump tool.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble?
Anne Carasik [EMAIL PROTECTED] wrote on 13/05/2002 (17:55) :
Security issues? Can you be more specific?
There aren't any security issues (yet) with the SSH 2.0 protocol.
From what I know, there aren't any issues using mindterm for 2.0
either :)
But the Mindterm package in Debian
Anne Carasik [EMAIL PROTECTED] wrote on 13/05/2002 (17:55) :
Security issues? Can you be more specific?
There aren't any security issues (yet) with the SSH 2.0 protocol.
From what I know, there aren't any issues using mindterm for 2.0
either :)
But the Mindterm package in Debian
are you running portmapper? If so, you need to look if these ports are
mapped to specific things via rpcinfo. Also, you can use lsof for solaris.
On Sun, 12 May 2002, dave toh wrote:
Hi,
A firewall had detected that one of my machine (solaris 2.6) is broadcasting
port 32703/32705/32706
are you running portmapper? If so, you need to look if these ports are
mapped to specific things via rpcinfo. Also, you can use lsof for solaris.
On Sun, 12 May 2002, dave toh wrote:
Hi,
A firewall had detected that one of my machine (solaris 2.6) is broadcasting
port 32703/32705/32706 every
You need to open port 53 for tcp and udp. Another way you can look at it
is to log all packets you DENY (or REJECT) and see what your DNS is trying
to do.
-rishi
On Mon, 6 May 2002, Gary MacDougall wrote:
Damn!! I hit send before editing this message. Sorry!
Please read this
My imagine:
1. Apache with PHP, and some cgi could be enabled (perl, etc.)
2. FTP for each Apache web
Use ssh and scp or sftp instead.
3. Some e-mails for each web (better with webmail+antivir)
IMAP or POP3 over SSL ...
4. Primary DNS server for each web
Only one DNS server serves
see the SSH_CLIENT environment variable.
(set | grep SSH) for bash (w/o the parenthesis)
(setenv | grep SSH) for tcsh and csh (w/o the parenthesis)
Also, look into getting an account with dyndns so you will have a static
FQDN but a dynamic IP that can be looked up.
see the SSH_CLIENT environment variable.
(set | grep SSH) for bash (w/o the parenthesis)
(setenv | grep SSH) for tcsh and csh (w/o the parenthesis)
Also, look into getting an account with dyndns so you will have a static
FQDN but a dynamic IP that can be looked up.
It seems to accomplish the example you posed, you need 2 external IPs.
Say they were 1.1.1.1 and 1.1.1.2 for example. Then in DNS you could do:
ftp1 - 1.1.1.1
ftp2 - 1.1.1.2
www1 - 1.1.1.1
www2 - 1.1.1.2
And on your firewall do:
1.1.1.1 port 21 - 192.168.0.10
1.1.1.2 port 21 - 192.168.0.50
It seems to accomplish the example you posed, you need 2 external IPs.
Say they were 1.1.1.1 and 1.1.1.2 for example. Then in DNS you could do:
ftp1 - 1.1.1.1
ftp2 - 1.1.1.2
www1 - 1.1.1.1
www2 - 1.1.1.2
And on your firewall do:
1.1.1.1 port 21 - 192.168.0.10
1.1.1.2 port 21 - 192.168.0.50
I'm not sure which are secure. However, if you plan to use any of them, I
suggest using tcp-wrappers (tcpd) via inetd (or xinetd). Then edit your
hosts.allow file and explicitly allow only certain machines to access your
box.
Also, consider running whichever finger daemon as a separate user
I'm not sure which are secure. However, if you plan to use any of them, I
suggest using tcp-wrappers (tcpd) via inetd (or xinetd). Then edit your
hosts.allow file and explicitly allow only certain machines to access your
box.
Also, consider running whichever finger daemon as a separate user (i.e.
On another server, which I have squid running and want running, I keep
getting accesses from http://service.bfast.com/bfast/serve and someone
seems to be accessing web pages late at night when everyone has gone
home. Trouble is, the IP addresses that access squid don't have host
names (ie.
Another way to do it is setup an automatic proxy script that tells the
browser which port on the squid box to go to. Then you can periodically
change the port. (Or you can just change to an obscure port and hope less
people find it).
-rishi
On Tue, 4 Dec 2001, Chris Harrison
How are you creating a new user directory? are you mkdir'ing directly or
using a program like useradd? If you are mkdir'ing, change your umask (be
aware, this changes the umask of ALL of your newly created files. If
you are using useradd, look into the -D option. If you are using some
other
How about Cntrl-Alt-Del? That shuts down a debian box without even logging
in. As far as accountablity ... you could do it the old fashioned way and
have a sign in sheet ... one stupid policy deserves another.
-rishi
On 28 Nov 2001, Olaf Meeuwissen wrote:
Blake Barnett [EMAIL
Set the shell for the user in /etc/passwd to a script that chroots and
then spawns a shell.
-rishi
On Fri, 26 Oct 2001, Javier [iso-8859-1] Fernández-Sanguino Peña wrote:
I have been asked for this and I was trying to figure out how to do it
(would document it later on in the
I think the only way to accomplish a chroot IS to include all the files in
the jail that the user needs.
-rishi
On 26 Oct 2001, Paul Fleischer wrote:
On Fri, 2001-10-26 at 15:51, Rishi L Khan wrote:
Set the shell for the user in /etc/passwd to a script that chroots
Set the shell for the user in /etc/passwd to a script that chroots and
then spawns a shell.
-rishi
On Fri, 26 Oct 2001, Javier [iso-8859-1] Fern?ndez-Sanguino Pe?a wrote:
I have been asked for this and I was trying to figure out how to do it
(would document it later on in the
I think the only way to accomplish a chroot IS to include all the files in
the jail that the user needs.
-rishi
On 26 Oct 2001, Paul Fleischer wrote:
On Fri, 2001-10-26 at 15:51, Rishi L Khan wrote:
Set the shell for the user in /etc/passwd to a script that chroots
You can setup logcheck and cron to check every minute for suspcious log
entries (as you define them) and have them emailed to you. Additionally,
you can edit the logcheck.sh file and have it notify you anyway you like.
-rishi
On 15 Sep 2001, Russell Speed wrote:
Thanks, I will
consider using tripwire on your computers in the future. This way you can
create a database of md5sums of all important programs and store them on a
disk in your drawer. Then you'll know what was hacked and what wasn't.
-rishi
On 15 Sep 2001, Momchil Velikov wrote:
Dimitri ==
You can setup logcheck and cron to check every minute for suspcious log
entries (as you define them) and have them emailed to you. Additionally,
you can edit the logcheck.sh file and have it notify you anyway you like.
-rishi
On 15 Sep 2001, Russell Speed wrote:
Thanks, I will
If you're not using sunrpc or lpd, I would turn them off. The way I do it
is turn off the services (/etc/init.d/portmap stop; /etc/init.d/lpd
stop) and then edit /etc/init.d/lpd and /etc/init.d/portmap and add a
line near the top that says exit 0 (w/o quotes) so that when you
restart, they don't
If you're not using sunrpc or lpd, I would turn them off. The way I do it
is turn off the services (/etc/init.d/portmap stop; /etc/init.d/lpd
stop) and then edit /etc/init.d/lpd and /etc/init.d/portmap and add a
line near the top that says exit 0 (w/o quotes) so that when you
restart, they don't
Maybe that's the same trick that got him on the list in the first place...
-rishi
On Sun, 2 Sep 2001, Wade Richards wrote:
Hi Everyone,
On Sat, 01 Sep 2001 22:36:44 MDT, John Galt writes:
Yeah, but when's the last time you heard from him? Methinks that he got
hit by a
Maybe that's the same trick that got him on the list in the first place...
-rishi
On Sun, 2 Sep 2001, Wade Richards wrote:
Hi Everyone,
On Sat, 01 Sep 2001 22:36:44 MDT, John Galt writes:
Yeah, but when's the last time you heard from him? Methinks that he got
hit by a
I think he's right ... Also, 169.254.x.x is indicative of a windows
machine that is looking for DHCP but doesn't get it. So, it's probably
NAT's outside of your network.
-rishi
On Sat, 31 Mar 2001, Aaron Dewell wrote:
I assume that is on the ethernet side facing the ISP? Or
I when you say "their account" do you mean they have an account on the
machine you're seeting up accounts for? Or is this machine some kind of
"public kiosk" where anyone can get on?
Allowing anyone to telnet in is a BAD idea. That means a script kiddie
from Belguim can telnet in. If you want to
I when you say their account do you mean they have an account on the
machine you're seeting up accounts for? Or is this machine some kind of
public kiosk where anyone can get on?
Allowing anyone to telnet in is a BAD idea. That means a script kiddie
from Belguim can telnet in. If you want to set
The way i'd do it is set the last field of the /etc/shadow (the shell
field) to /usr/bin/false.
-rishi
On Tue, 13 Mar 2001, Kenneth Pronovici wrote:
Hello -
I'm not sure exactly where to look for this information, so if I should
RTFM, just point me toward the right one.
I
The way i'd do it is set the last field of the /etc/shadow (the shell
field) to /usr/bin/false.
-rishi
On Tue, 13 Mar 2001, Kenneth Pronovici wrote:
Hello -
I'm not sure exactly where to look for this information, so if I should
RTFM, just point me toward the right one.
I
Maybe use tcp wrappers? That's how I'd do it.
-rishi
On Sat, 10 Mar 2001, Jamie Heilman wrote:
Piotr Tarnowski wrote:
If not can I limit allowed clients somehow ? (I noticed that DENY on
ipchains to others than my reference external server limits ntptrace
usage).
To
Maybe use tcp wrappers? That's how I'd do it.
-rishi
On Sat, 10 Mar 2001, Jamie Heilman wrote:
Piotr Tarnowski wrote:
If not can I limit allowed clients somehow ? (I noticed that DENY on
ipchains to others than my reference external server limits ntptrace
usage).
To
I use the iXplorer and putty. This does GUI scp, but it looks like GUI
ftp.
On Wed, 21 Feb 2001, Adam Spickler wrote:
What about if you are going from a Windows box to a *nix box. Is there any
way to do secure ftp transfers. Mail, for me is no problem. I ssh into my
machines and use Mutt
I use:
gtar cf . - | ssh target "gtar xvpB -"
-rishi
On Sat, 17 Feb 2001, Nathan E Norman wrote:
On Sat, Feb 17, 2001 at 06:21:04PM +0100, Carel Fellinger wrote:
On Sat, Feb 17, 2001 at 02:49:03PM +0100, Thor wrote:
...
Speak for cloning a single partition then i
I use:
gtar cf . - | ssh target gtar xvpB -
-rishi
On Sat, 17 Feb 2001, Nathan E Norman wrote:
On Sat, Feb 17, 2001 at 06:21:04PM +0100, Carel Fellinger wrote:
On Sat, Feb 17, 2001 at 02:49:03PM +0100, Thor wrote:
...
Speak for cloning a single partition then i suggest
49 matches
Mail list logo