Re: Which ssh should I have?
It seems that this discussion has been due to an over-zealous sysadmin. If one will check the Nessus documentation (mailing lists), such false positives have been throughly debated. Many of the scan scripts (nasl plugins) only check version numbers. Owing to this paradigm, nessus outputs warnings in the log file concerning such false indicators. I have recently run the latest experimental (cvs) release of Nessus against Potato. A security-hole is indicated along with a **Warning** of a possible false positive. The only way to fix the false positive problem would be to have Nessus actually crack the target. This idea is greatly frowned upon! Bottom line is that Potato ssh is secure relative to the CRC 32 compensation attack. You might inform your sysadmin to check the Nessus mailing list archive or subscribe to it. Albeit, VERY nicely though! :p -Walter [EMAIL PROTECTED] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
* Sebastiaan ([EMAIL PROTECTED]) [011109 14:44]: High, On Fri, 9 Nov 2001, Ed Street wrote: Hey, Is there *anything* we can do about all this Spam that's getting on this list? Yes. We can silently ignore them rather than turn each one into a lengthy off-topic thread. hypocritically, -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M' msg04134/pgp0.pgp Description: PGP signature
Re: log iptables
* Davy Gigan ([EMAIL PROTECTED]) [011108 11:50]: Osvaldo Mundim Junior writes: Hi, does anybody knowns what are TOS,PREC,TTL and RES of iptables`s log?? These are fields in IP packets : TOS stands for Type Of Service PREC stands for precedence These one may be usefull to determine priority for packets, but i think they're not very used for the moment. TTL stands for Time To Live Which is a little bit more used by traceroute by example or for network load tests. RES may stands for Reset flag used to ... reset a connection, but i'm note sure since this flag is often named RST flag, but thats the way i would understand it. No, RES refers to reserved bits. the more familiar tcp flags are listed next: URG, ACK, PSH, RST, SYN, FIN AFAIK, only the 2 LSBs of RES are actually used today: for ECN. They are the CWR and ECNE bits. You can read all about it at http://www.google.com/search?q=rfc+ecnbtnI=1 (probably.) good times, -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M' msg04135/pgp0.pgp Description: PGP signature
Re: Debconf and noexec on /tmp
On Thursday, November 8, 2001, at 08:08 , Wichert Akkerman wrote: Previously Ethan Benson wrote: sorry i don't leave known security holes wide open on my boxes. only an idiot does that. If you think your box does not have currently unknown holes you are naive :) Unless its unplugged. But even then they could always come over and kick it. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: question about something, but don't know if it exists...
On Thursday, November 8, 2001, at 06:07 , martin f krafft wrote: * Bryan Andersen [EMAIL PROTECTED] [2001.11.06 05:23:05-0600]: Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. which is not secure due to arp flooding. Yes it is if you use managed switches, and lock each port down by MAC address. Though that is a pain in the ass to do. It might work, though, if you only need a few secure workstations, e.g., teachers entering grades. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
Yes, we can send a bill -Original Message- From: Ed Street [EMAIL PROTECTED] Date: Fri, 9 Nov 2001 08:09:54 -0500 Subject: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!! Hey, Is there *anything* we can do about all this Spam that's getting on this list? Ed -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: Hard Disk Organization
On Fri, Nov 09, 2001 at 04:37:00PM +0800, Marcel Welschbillig wrote: I use a nifty program called mirrordir at home, i have thousands of MP3's DIVX movies, programs documents 40Gig worth. I run mirror dir at midnight every night and it keeps a mirror of the working drive. The great thing is it only copies new stuff and is very efficient, also if a file gets deleted accidentally it is not lost and can be retrieved if it is done before midnight. Disk mirroring is good but i like the delay factor using mirrordir. You can use cp -au to make a recursive backup, copying only files that were updated. You have to go an clean out old stuff every now and then, because it doesn't do anything about deleting stuff from the destination that has been removed from the source. rsync could do that. That way, you don't have to worry about noticing that stuff is gone in time to save it. Of course, that will eat up disk space really fast if you rename big files or move them to different directories, etc. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces! -- Plautus, 200 BCE -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
* Sebastiaan ([EMAIL PROTECTED]) [011109 14:44]: High, On Fri, 9 Nov 2001, Ed Street wrote: Hey, Is there *anything* we can do about all this Spam that's getting on this list? Yes. We can silently ignore them rather than turn each one into a lengthy off-topic thread. hypocritically, -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M' pgpobktfF2eCx.pgp Description: PGP signature
Re: log iptables
* Davy Gigan ([EMAIL PROTECTED]) [011108 11:50]: Osvaldo Mundim Junior writes: Hi, does anybody knowns what are TOS,PREC,TTL and RES of iptables`s log?? These are fields in IP packets : TOS stands for Type Of Service PREC stands for precedence These one may be usefull to determine priority for packets, but i think they're not very used for the moment. TTL stands for Time To Live Which is a little bit more used by traceroute by example or for network load tests. RES may stands for Reset flag used to ... reset a connection, but i'm note sure since this flag is often named RST flag, but thats the way i would understand it. No, RES refers to reserved bits. the more familiar tcp flags are listed next: URG, ACK, PSH, RST, SYN, FIN AFAIK, only the 2 LSBs of RES are actually used today: for ECN. They are the CWR and ECNE bits. You can read all about it at http://www.google.com/search?q=rfc+ecnbtnI=1 (probably.) good times, -- Vineet http://www.anti-dmca.org Unauthorized use of this .sig may constitute violation of US law. echo Qba\'g gernq ba zr\! |tr 'a-zA-Z' 'n-za-mN-ZA-M' pgpufqAZkWmYJ.pgp Description: PGP signature
Re: Debconf and noexec on /tmp
On Thursday, November 8, 2001, at 08:08 , Wichert Akkerman wrote: Previously Ethan Benson wrote: sorry i don't leave known security holes wide open on my boxes. only an idiot does that. If you think your box does not have currently unknown holes you are naive :) Unless its unplugged. But even then they could always come over and kick it.
Re: question about something, but don't know if it exists...
On Thursday, November 8, 2001, at 06:07 , martin f krafft wrote: * Bryan Andersen [EMAIL PROTECTED] [2001.11.06 05:23:05-0600]: Another possibility would be to have them replace the hubs with switches, this assumes you are using twisted pair, not thin net or thick net. which is not secure due to arp flooding. Yes it is if you use managed switches, and lock each port down by MAC address. Though that is a pain in the ass to do. It might work, though, if you only need a few ‘secure’ workstations, e.g., teachers entering grades.
Re: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!!
Yes, we can send a bill -Original Message- From: Ed Street [EMAIL PROTECTED] Date: Fri, 9 Nov 2001 08:09:54 -0500 Subject: SPAM was RE: INSURE GOOD RECEPTION! VITAL EMERGENCY STRATEGY!!! Hey, Is there *anything* we can do about all this Spam that's getting on this list? Ed
Re: Hard Disk Organization
On Fri, Nov 09, 2001 at 04:37:00PM +0800, Marcel Welschbillig wrote: I use a nifty program called mirrordir at home, i have thousands of MP3's DIVX movies, programs documents 40Gig worth. I run mirror dir at midnight every night and it keeps a mirror of the working drive. The great thing is it only copies new stuff and is very efficient, also if a file gets deleted accidentally it is not lost and can be retrieved if it is done before midnight. Disk mirroring is good but i like the delay factor using mirrordir. You can use cp -au to make a recursive backup, copying only files that were updated. You have to go an clean out old stuff every now and then, because it doesn't do anything about deleting stuff from the destination that has been removed from the source. rsync could do that. That way, you don't have to worry about noticing that stuff is gone in time to save it. Of course, that will eat up disk space really fast if you rename big files or move them to different directories, etc. -- #define X(x,y) x##y Peter Cordes ; e-mail: X([EMAIL PROTECTED] , ns.ca) The gods confound the man who first found out how to distinguish the hours! Confound him, too, who in this place set up a sundial, to cut and hack my day so wretchedly into small pieces! -- Plautus, 200 BCE
Re: Which ssh should I have?
It seems that this discussion has been due to an over-zealous sysadmin. If one will check the Nessus documentation (mailing lists), such false positives have been throughly debated. Many of the scan scripts (nasl plugins) only check version numbers. Owing to this paradigm, nessus outputs warnings in the log file concerning such false indicators. I have recently run the latest experimental (cvs) release of Nessus against Potato. A security-hole is indicated along with a **Warning** of a possible false positive. The only way to fix the false positive problem would be to have Nessus actually crack the target. This idea is greatly frowned upon! Bottom line is that Potato ssh is secure relative to the CRC 32 compensation attack. You might inform your sysadmin to check the Nessus mailing list archive or subscribe to it. Albeit, VERY nicely though! :p -Walter [EMAIL PROTECTED]
