H323 Gateways

Hi, does anyone know if its possible to setup this: Clients - NAT - Internet - NAT - Clients with iptelephony without opening your NAT servers to the world. Any software suggestions / tricks / ideas? (sorry about that, just reinstalled and forgot that outlook uses HTML as default) -- Daniel --

H323 Gateways

Hi, does anyone know if its possible to setup this:   Clients - NAT - Internet - NAT - Clients with iptelephony without opening your NAT servers to the world. Any software suggestions / tricks / ideas?     -- Daniel

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, Apr 01, 2003 at 09:43:38PM +0200, Dariush Pietrzak wrote: > > One reason is security: > > it's relatively easy for an intruder to install a kernel module based > > rootkit, and then hide her processes, files or connections. > isn't it security-by-obscurity? No, that's stretching the defini

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, Apr 01, 2003 at 01:57:10PM -0500, Phillip Hofmeister wrote: > Assuming an intruder made his way in with root privs couldn't he also > modify /dev/kmem or directly access the kernel memory by some other > means? I beleive this topic has also been discussed in the past (dig > deep into the a

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, Apr 01, 2003 at 01:57:10PM -0500, Phillip Hofmeister wrote: > Assuming an intruder made his way in with root privs couldn't he also > modify /dev/kmem or directly access the kernel memory by some other > means? I beleive this topic has also been discussed in the past (dig > deep into the a

Re: smtp auth

"Arnold J. Fischer" <[EMAIL PROTECTED]> writes: > I'm trying to set up my dial-up system for mail relaying via mx.freenet.de > and they are using smtp-auth to accept every mail from someone who has an > email-account on their system. I read a couple of articles about the > configuration of post

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, 01 Apr 2003 13:57:10 EST, Phillip Hofmeister writes: >Assuming an intruder made his way in with root privs couldn't he also >modify /dev/kmem or directly access the kernel memory by some other >means? I beleive this topic has also been discussed in the past (dig >deep into the archives) an

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

* Dariush Pietrzak ([EMAIL PROTECTED]) wrote: > > One reason is security: > > it's relatively easy for an intruder to install a kernel module based > > rootkit, and then hide her processes, files or connections. > isn't it security-by-obscurity? > Determined hacker can still relatively easily inser

anti-ptrace

Has anyone else beside me tried this anti-ptrace script? I downloaded it from packetstormsecurity.com and ran and loaded the module and it works like a charm. If anyone tries to use ptrace besides root it echo's that event to the root terminal, and denies it. Well here is a copy of the script

Re: [despammed] smtp auth

Tuesday, April 1, 2003, 2:11:21 PM, debian-security@lists.debian.org (debian-security) wrote: Arnold> ok ad first I'm not really sure, if this ist exactly the right forum, but I'm Arnold> getting email from this list a long time and to be true I didn't found a Arnold> debian list for mailing

Re: smtp auth

"Arnold J. Fischer" <[EMAIL PROTECTED]> writes: > I'm trying to set up my dial-up system for mail relaying via mx.freenet.de > and they are using smtp-auth to accept every mail from someone who has an > email-account on their system. I read a couple of articles about the > configuration of post

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, 01 Apr 2003 13:57:10 EST, Phillip Hofmeister writes: >Assuming an intruder made his way in with root privs couldn't he also >modify /dev/kmem or directly access the kernel memory by some other >means? I beleive this topic has also been discussed in the past (dig >deep into the archives) an

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

> One reason is security: > it's relatively easy for an intruder to install a kernel module based > rootkit, and then hide her processes, files or connections. isn't it security-by-obscurity? Determined hacker can still relatively easily insert code into kernel (vide phreack magazine articles ) -

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

* Dariush Pietrzak ([EMAIL PROTECTED]) wrote: > > One reason is security: > > it's relatively easy for an intruder to install a kernel module based > > rootkit, and then hide her processes, files or connections. > isn't it security-by-obscurity? > Determined hacker can still relatively easily inser

smtp auth

goog morning everybody, ok ad first I'm not really sure, if this ist exactly the right forum, but I'm getting email from this list a long time and to be true I didn't found a debian list for mailing administrativa... I'm trying to set up my dial-up system for mail relaying via mx.freenet.de an

anti-ptrace

Has anyone else beside me tried this anti-ptrace script? I downloaded it from packetstormsecurity.com and ran and loaded the module and it works like a charm. If anyone tries to use ptrace besides root it echo's that event to the root terminal, and denies it. Well here is a copy of the script

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, 01 Apr 2003 at 07:49:29PM +0200, David Barroso wrote: > One reason is security: > it's relatively easy for an intruder to install a kernel module based > rootkit, and then hide her processes, files or connections. Ahh, yea. Assuming an intruder made his way in with root privs couldn't

Re: noboby with a shell !!

On Mon, 31 Mar 2003 at 08:07:05PM +0100, Dale Amon wrote: > I have heard it so argued and remain to be convinced. > I have a cfengine script that overwrites the work of > debian packages in passwd within minutes of an upgrade. > All non-real users get /dev/false for a shell on my > systems. If it

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

Hi, David Barroso wrote: > > * Marcin Owsiany ([EMAIL PROTECTED]) wrote: > > On Tue, Apr 01, 2003 at 02:30:17PM +0100, Dale Amon wrote: > > > On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser > > > wrote: > > > > In a server enviroment, where there no need to load modules at r

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

> One reason is security: > it's relatively easy for an intruder to install a kernel module based > rootkit, and then hide her processes, files or connections. isn't it security-by-obscurity? Determined hacker can still relatively easily insert code into kernel (vide phreack magazine articles ) -

Re: [d-security] Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, Apr 01, 2003 at 05:46:46PM +0100, David Ramsden wrote: > I've made sure no no-ptrace module is loaded and I'm sure the kernel hasn't > been patched. I can "echo '/sbin/modprobe' > /proc/sys/kernel/modprobe" and > try the above and I'll get a root prompt first time. Ok, I have to admit, th

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

* Marcin Owsiany ([EMAIL PROTECTED]) wrote: > On Tue, Apr 01, 2003 at 02:30:17PM +0100, Dale Amon wrote: > > On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser wrote: > > > In a server enviroment, where there no need to load modules at run-time, > > > could be a "usable workaorund

smtp auth

goog morning everybody, ok ad first I'm not really sure, if this ist exactly the right forum, but I'm getting email from this list a long time and to be true I didn't found a debian list for mailing administrativa... I'm trying to set up my dial-up system for mail relaying via mx.freenet.de an

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, 01 Apr 2003 at 07:49:29PM +0200, David Barroso wrote: > One reason is security: > it's relatively easy for an intruder to install a kernel module based > rootkit, and then hide her processes, files or connections. Ahh, yea. Assuming an intruder made his way in with root privs couldn't

Re: noboby with a shell !!

On Mon, 31 Mar 2003 at 08:07:05PM +0100, Dale Amon wrote: > I have heard it so argued and remain to be convinced. > I have a cfengine script that overwrites the work of > debian packages in passwd within minutes of an upgrade. > All non-real users get /dev/false for a shell on my > systems. If it

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, Apr 01, 2003 at 02:30:17PM +0100, Dale Amon wrote: > On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser wrote: > > In a server enviroment, where there no need to load modules at run-time, > > could be a "usable workaorund", but, in a workstation machine, i don't > > think

Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

- Original Message - From: "Christian Hammers" <[EMAIL PROTECTED]> To: "David Ramsden" <[EMAIL PROTECTED]> Cc: Sent: Tuesday, April 01, 2003 4:48 PM Subject: Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels] [snip] > > Can it be that you ha

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

Hi, David Barroso wrote: > > * Marcin Owsiany ([EMAIL PROTECTED]) wrote: > > On Tue, Apr 01, 2003 at 02:30:17PM +0100, Dale Amon wrote: > > > On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser wrote: > > > > In a server enviroment, where there no need to load modules at run-time

Re: [d-security] Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, Apr 01, 2003 at 05:46:46PM +0100, David Ramsden wrote: > I've made sure no no-ptrace module is loaded and I'm sure the kernel hasn't > been patched. I can "echo '/sbin/modprobe' > /proc/sys/kernel/modprobe" and > try the above and I'll get a root prompt first time. Ok, I have to admit, th

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

* Marcin Owsiany ([EMAIL PROTECTED]) wrote: > On Tue, Apr 01, 2003 at 02:30:17PM +0100, Dale Amon wrote: > > On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser wrote: > > > In a server enviroment, where there no need to load modules at run-time, > > > could be a "usable workaorund

Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, Apr 01, 2003 at 02:40:44PM +0100, David Ramsden wrote: > > > echo unexisting_binary > /proc/sys/kernel/modprobe > > > Can we trust this solution ? > > NO, it does not prevent the exploit. > > > > It does prevent the km3.c example exploit but not e.g. > > http://isec.pl/cliph/isec-ptrace

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, Apr 01, 2003 at 02:30:17PM +0100, Dale Amon wrote: > On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser wrote: > > In a server enviroment, where there no need to load modules at run-time, > > could be a "usable workaorund", but, in a workstation machine, i don't > > think

Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

- Original Message - From: "Christian Hammers" <[EMAIL PROTECTED]> To: "David Ramsden" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, April 01, 2003 4:48 PM Subject: Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels] [snip] > > Ca

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser wrote: > In a server enviroment, where there no need to load modules at run-time, > could be a "usable workaorund", but, in a workstation machine, i don't > think thats a great idea. In a server environment it is preferable not t

Re: [d-security] Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, Apr 01, 2003 at 02:40:44PM +0100, David Ramsden wrote: > > > echo unexisting_binary > /proc/sys/kernel/modprobe > > > Can we trust this solution ? > > NO, it does not prevent the exploit. > > > > It does prevent the km3.c example exploit but not e.g. > > http://isec.pl/cliph/isec-ptrace

Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

- Original Message - From: "Christian Hammers" <[EMAIL PROTECTED]> To: "Marc Demlenne" <[EMAIL PROTECTED]> Cc: "DouRiX" <[EMAIL PROTECTED]>; "Lutz Kittler" <[EMAIL PROTECTED]>; Sent: Tuesday, April 01, 2003 2:04 PM Subject: Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 an

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On martedì 01 aprile 2003, alle 14:20, DouRiX wrote: > but isn't there a trick to surpass the bug while waiting for debian > updates ? Actually, yes. But i'm not really sure if it's a "good" workaorund. Anyway: if you disable automatic loading module (a kernel feature), you may ignore this vuln

Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, Apr 01, 2003 at 02:06:12PM +0200, Marc Demlenne wrote: > > but isn't there a trick to surpass the bug while waiting for debian > > updates ? > > What's the real effect of modifying /proc/sys/kernel/modprobe by, e.g. > echo unexisting_binary > /proc/sys/kernel/modprobe > > Can we trust

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, Apr 01, 2003 at 03:36:15PM +0200, Maurizio Lemmo - Tannoiser wrote: > In a server enviroment, where there no need to load modules at run-time, > could be a "usable workaorund", but, in a workstation machine, i don't > think thats a great idea. In a server environment it is preferable not t

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

* Quoting Marc Demlenne ([EMAIL PROTECTED]): > echo unexisting_binary > /proc/sys/kernel/modprobe > > Can we trust this solution ? > What's the effect ? You can't dynamically load and unload modules anymore. If you load all the modules you need before doing it, you're fine. > It seems to work

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

> > but isn't there a trick to surpass the bug while waiting for debian > updates ? > > or won't be there a 2.4.18 update ? :) > You can disable autoloading for kernel modules: echo "x" > /proc/sys/kernel/modprobe . lutz

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

> but isn't there a trick to surpass the bug while waiting for debian > updates ? What's the real effect of modifying /proc/sys/kernel/modprobe by, e.g. echo unexisting_binary > /proc/sys/kernel/modprobe Can we trust this solution ? What's the effect ? It seems to work fine, and to block t

Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

- Original Message - From: "Christian Hammers" <[EMAIL PROTECTED]> To: "Marc Demlenne" <[EMAIL PROTECTED]> Cc: "DouRiX" <[EMAIL PROTECTED]>; "Lutz Kittler" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, April 01, 2003 2:04 PM Subject: Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vuln

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On martedì 01 aprile 2003, alle 14:20, DouRiX wrote: > but isn't there a trick to surpass the bug while waiting for debian > updates ? Actually, yes. But i'm not really sure if it's a "good" workaorund. Anyway: if you disable automatic loading module (a kernel feature), you may ignore this vuln

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

Maurizio Lemmo - Tannoiser wrote: On lunedì 31 marzo 2003, alle 16:02, DouRiX wrote: Does someone know where is debian about this issue ? i've noticed that there kernel 2.4.20 with ptrace patch included, in proposed-update. For my puorpose, i've backported

Re: [d-security] Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

On Tue, Apr 01, 2003 at 02:06:12PM +0200, Marc Demlenne wrote: > > but isn't there a trick to surpass the bug while waiting for debian > > updates ? > > What's the real effect of modifying /proc/sys/kernel/modprobe by, e.g. > echo unexisting_binary > /proc/sys/kernel/modprobe > > Can we trust

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

* Quoting Marc Demlenne ([EMAIL PROTECTED]): > echo unexisting_binary > /proc/sys/kernel/modprobe > > Can we trust this solution ? > What's the effect ? You can't dynamically load and unload modules anymore. If you load all the modules you need before doing it, you're fine. > It seems to work

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

> > but isn't there a trick to surpass the bug while waiting for debian > updates ? > > or won't be there a 2.4.18 update ? :) > You can disable autoloading for kernel modules: echo "x" > /proc/sys/kernel/modprobe . lutz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "u

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

> but isn't there a trick to surpass the bug while waiting for debian > updates ? What's the real effect of modifying /proc/sys/kernel/modprobe by, e.g. echo unexisting_binary > /proc/sys/kernel/modprobe Can we trust this solution ? What's the effect ? It seems to work fine, and to block t

Re: [Fwd: Re: LWN: Ptrace vulnerability in 2.2 and 2.4 kernels]

Maurizio Lemmo - Tannoiser wrote: On lunedì 31 marzo 2003, alle 16:02, DouRiX wrote: Does someone know where is debian about this issue ? i've noticed that there kernel 2.4.20 with ptrace patch included, in proposed-update. For my puorpose, i've backported that