Re: The same debian - different packages

In article <[EMAIL PROTECTED]> you wrote: >> number. Another thing where package build-stamps may help to generate a report. > > Then just download the package file manually My point was refering to the fact that one needs a tool to find those problems, I know how to fix them :) Greetings Bernd

Re: question about proxy firewall

In article <[EMAIL PROTECTED]> you wrote: > The point of a protocol-proxy is that you want to provide services to > the outside world, but you don't trust your server software to be robust > against protocol-level attacks (buffer overflows, primarily). It is also the other way around. Clients whic

Re: The same debian - different packages

On Thu, Sep 25, 2003 at 03:04:40PM +0700, Jean Christophe ANDR? wrote: > Anybody could give a hint on the right way to clean an entry from > "/var/lib/dpkg/status"? I've not investigated so "far" until now... :) > Is this using "dselect update" or thing like this? (I never use dselect) Is that wh

Re: Verisign again...

On Fri, Sep 26, 2003 at 12:50:13AM +0200, Michelle Konzack wrote: > Hello, > > for some seconds I have tried to access the following Link: > > http://www.uni-bilefeld.de/~gsauthoff/mailfilterrc > > and was on Verisign.com. So Verising catch not only .com and .net, > but de and fr too !!!

Verisign again...

Hello, for some seconds I have tried to access the following Link: http://www.uni-bilefeld.de/~gsauthoff/mailfilterrc and was on Verisign.com. So Verising catch not only .com and .net, but de and fr too !!! The right Link is http://www.uni-bielefeld.de/~gsauthoff/mailfilterrc

Re: services installed and running "out of the box"

On Thu, Sep 25, 2003 at 11:12:28AM +1200, Steve Wray wrote: > > At high security levels, any new services that get installed (from RPMs) > are only allowed from localhost or even, IIRC, services may not even > be started by default, neither post-install nor on reboot: you have to > set them up man

Re: The same debian - different packages

Am 2003-09-24 09:14:52, schrieb Yogesh Sharma: >As far as my understanding goes, ssh was patched recently for security >fixes, so it should be coming from security.debian.org not us.debian.org. >Now security.debian.org is not at all mirrored for security reason than >how he has 2 different versio

[SOLVED ?] Re: Versign has hijacked www.xmms.org

Am 2003-09-23 02:08:29, schrieb Michelle Konzack: >Hello All, > >I was surfing the Website for new skins and >at one klick... > >...xmms was hijacked !!! > >No access on xmms posibel. Can anyone confirm this please... >Please Cc: me. > >Three other .org Domains (my own) are

Re: question about proxy firewall

In article <[EMAIL PROTECTED]> you wrote: > The point of a protocol-proxy is that you want to provide services to > the outside world, but you don't trust your server software to be robust > against protocol-level attacks (buffer overflows, primarily). It is also the other way around. Clients whic

Re: The same debian - different packages

On Thu, Sep 25, 2003 at 03:04:40PM +0700, Jean Christophe ANDR? wrote: > Anybody could give a hint on the right way to clean an entry from > "/var/lib/dpkg/status"? I've not investigated so "far" until now... :) > Is this using "dselect update" or thing like this? (I never use dselect) Is that wh

Re: Verisign again...

On Fri, Sep 26, 2003 at 12:50:13AM +0200, Michelle Konzack wrote: > Hello, > > for some seconds I have tried to access the following Link: > > http://www.uni-bilefeld.de/~gsauthoff/mailfilterrc > > and was on Verisign.com. So Verising catch not only .com and .net, > but de and fr too !!!

Re: question about proxy firewall

Javier Fernández-Sanguino Peña wrote: > Also, Checkpoint is not a proxy firewall (but it is starting to become > like one with this new 'Application Intelligence' stuff) well, as I said I know very little about that, but someone told me that some commercial firewalls work at the application level (

Verisign again...

Hello, for some seconds I have tried to access the following Link: http://www.uni-bilefeld.de/~gsauthoff/mailfilterrc and was on Verisign.com. So Verising catch not only .com and .net, but de and fr too !!! The right Link is http://www.uni-bielefeld.de/~gsauthoff/mailfilterrc

Re: services installed and running "out of the box"

On Thu, Sep 25, 2003 at 11:12:28AM +1200, Steve Wray wrote: > > At high security levels, any new services that get installed (from RPMs) > are only allowed from localhost or even, IIRC, services may not even > be started by default, neither post-install nor on reboot: you have to > set them up man

Re: The same debian - different packages

Am 2003-09-24 09:14:52, schrieb Yogesh Sharma: >As far as my understanding goes, ssh was patched recently for security >fixes, so it should be coming from security.debian.org not us.debian.org. >Now security.debian.org is not at all mirrored for security reason than >how he has 2 different versio

[SOLVED ?] Re: Versign has hijacked www.xmms.org

Am 2003-09-23 02:08:29, schrieb Michelle Konzack: >Hello All, > >I was surfing the Website for new skins and >at one klick... > >...xmms was hijacked !!! > >No access on xmms posibel. Can anyone confirm this please... >Please Cc: me. > >Three other .org Domains (my own) are

Re: question about proxy firewall

Javier Fernández-Sanguino Peña wrote: > Also, Checkpoint is not a proxy firewall (but it is starting to become > like one with this new 'Application Intelligence' stuff) well, as I said I know very little about that, but someone told me that some commercial firewalls work at the application level (

Re: question about proxy firewall

On Fri, Sep 26, 2003 at 08:09:14PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote: > Just FYI, TIS was the company founded by Marcus Ranum which provided the > firewall toolkit (see www.fwtk.org). The FWTK was the basis for the first > commercial firewall: Gauntlet [1]. FWTK is not "free" in any sens

Re: services installed and running "out of the box"

On Fri, Sep 26, 2003 at 09:37:22PM +0200, Marcin Owsiany wrote: > On Fri, Sep 26, 2003 at 02:06:01PM -0400, Matt Zimmerman wrote: > > He wants the service, he just wants it only for local use. That is not > > something that should be handled at the package level. > > Why not? The boot-floppies a

Re: The same debian - different packages

[EMAIL PROTECTED] écrivait : > openssh (1:3.4p1-2) unstable; urgency=high > * Get a security-fixed version into unstable > * Also tidy README.Debian up a little > -- Matthew Vernon <[EMAIL PROTECTED]> Fri, 28 Jun 2002 17:20:59 +0100 Ok, Google "says" there was such a version, but it was from

Re: services installed and running "out of the box"

On Fri, Sep 26, 2003 at 02:06:01PM -0400, Matt Zimmerman wrote: > He wants the service, he just wants it only for local use. That is not > something that should be handled at the package level. Why not? The boot-floppies already set the locale for the whole system. I think it would be nice if the

Re: question about proxy firewall

On Fri, Sep 26, 2003 at 08:09:14PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote: > Just FYI, TIS was the company founded by Marcus Ranum which provided the > firewall toolkit (see www.fwtk.org). The FWTK was the basis for the first > commercial firewall: Gauntlet [1]. FWTK is not "free" in any sens

Re: services installed and running "out of the box"

On Fri, Sep 26, 2003 at 09:37:22PM +0200, Marcin Owsiany wrote: > On Fri, Sep 26, 2003 at 02:06:01PM -0400, Matt Zimmerman wrote: > > He wants the service, he just wants it only for local use. That is not > > something that should be handled at the package level. > > Why not? The boot-floppies a

Re: The same debian - different packages

[EMAIL PROTECTED] écrivait : > openssh (1:3.4p1-2) unstable; urgency=high > * Get a security-fixed version into unstable > * Also tidy README.Debian up a little > -- Matthew Vernon <[EMAIL PROTECTED]> Fri, 28 Jun 2002 17:20:59 +0100 Ok, Google "says" there was such a version, but it was from

Re: The same debian - different packages

On Thu, Sep 25, 2003 at 08:47:22AM +, [EMAIL PROTECTED] wrote: > serverB:~# apt-cache policy ssh > ssh: > Installed: 1:3.4p1-2 > Candidate: 1:3.4p1-2 > Version Table: > *** 1:3.4p1-2 0 > 100 /var/lib/dpkg/status > 1:3.4p1-1.woody.3 0 > 500 http://security.debian.org

Re: services installed and running "out of the box"

In article <[EMAIL PROTECTED]> you wrote: > Until installing a package has the side effect of installing a network > service. Having a default-deny-incoming firewall or some such would go a > long way toward preventing accidental vulnerability exposure. On the other hand this pretty much sounds li

Re: FTP in general (Re: Watch out! vsftpd anonymous access always enabled!)

In article <[EMAIL PROTECTED]> you wrote: > I should have defined my terms: When I said ftp transfers are more > reliable than are ftp ones (in my experience), I meant that, once > started, they are much less prone to dying. That is observed fact. This depends totally on the client and proxy and

Re: question about proxy firewall

On Thu, Sep 25, 2003 at 04:02:01PM +0300, Haim Ashkenazi wrote: > Hi > > I've read an article about FreeBSD which made me read some parts of the > FreeBSD docuemtations. in the firewall section there is a short description > about proxy firewalls. I've made some more searching and found a "free"

Re: services installed and running "out of the box"

On Fri, Sep 26, 2003 at 02:06:01PM -0400, Matt Zimmerman wrote: > He wants the service, he just wants it only for local use. That is not > something that should be handled at the package level. Why not? The boot-floppies already set the locale for the whole system. I think it would be nice if the

Re: services installed and running "out of the box"

On Fri, Sep 26, 2003 at 05:52:54PM +0100, Dale Amon wrote: > On Fri, Sep 26, 2003 at 10:44:21AM -0400, Matt Zimmerman wrote: > > On Fri, Sep 26, 2003 at 02:52:27PM +0100, David Wright wrote: > > > Where does one go from here? > > > > If you only want the web server for reading documentation, reco

Re: The same debian - different packages

On Thu, Sep 25, 2003 at 08:47:22AM +, [EMAIL PROTECTED] wrote: > serverB:~# apt-cache policy ssh > ssh: > Installed: 1:3.4p1-2 > Candidate: 1:3.4p1-2 > Version Table: > *** 1:3.4p1-2 0 > 100 /var/lib/dpkg/status > 1:3.4p1-1.woody.3 0 > 500 http://security.debian.org

Re: services installed and running "out of the box"

In article <[EMAIL PROTECTED]> you wrote: > Until installing a package has the side effect of installing a network > service. Having a default-deny-incoming firewall or some such would go a > long way toward preventing accidental vulnerability exposure. On the other hand this pretty much sounds li

Re: services installed and running "out of the box"

On Fri, Sep 26, 2003 at 10:44:21AM -0400, Matt Zimmerman wrote: > On Fri, Sep 26, 2003 at 02:52:27PM +0100, David Wright wrote: > > Where does one go from here? > > If you only want the web server for reading documentation, reconfigure the > web server to only listen on localhost. Precisely. One

Re: FTP in general (Re: Watch out! vsftpd anonymous access always enabled!)

In article <[EMAIL PROTECTED]> you wrote: > I should have defined my terms: When I said ftp transfers are more > reliable than are ftp ones (in my experience), I meant that, once > started, they are much less prone to dying. That is observed fact. This depends totally on the client and proxy and

Re: question about proxy firewall

On Thu, Sep 25, 2003 at 04:02:01PM +0300, Haim Ashkenazi wrote: > Hi > > I've read an article about FreeBSD which made me read some parts of the > FreeBSD docuemtations. in the firewall section there is a short description > about proxy firewalls. I've made some more searching and found a "free"

Re: services installed and running "out of the box"

On Fri, Sep 26, 2003 at 05:52:54PM +0100, Dale Amon wrote: > On Fri, Sep 26, 2003 at 10:44:21AM -0400, Matt Zimmerman wrote: > > On Fri, Sep 26, 2003 at 02:52:27PM +0100, David Wright wrote: > > > Where does one go from here? > > > > If you only want the web server for reading documentation, reco

Re: services installed and running "out of the box"

On Fri, Sep 26, 2003 at 10:44:21AM -0400, Matt Zimmerman wrote: > On Fri, Sep 26, 2003 at 02:52:27PM +0100, David Wright wrote: > > Where does one go from here? > > If you only want the web server for reading documentation, reconfigure the > web server to only listen on localhost. Precisely. One

Re: The same debian - different packages

On Wed, Sep 24, 2003 at 07:44:16PM +0200, Bernd Eckenfels wrote: > looks like somebody installed ssh some (long) time ago from testing or > unstable on server b. This is a problem, since it is the higher version > number. Another thing where package build-stamps may help to generate a > report. T

Re: services installed and running "out of the box"

On Fri, Sep 26, 2003 at 02:52:27PM +0100, David Wright wrote: > Quoting Matt Zimmerman ([EMAIL PROTECTED]): > > > It can be damnably difficult to dump the web server... I've ended > > > up downloading dhttpd and then removing links or changing the > > > init.d/dhttpd file name. > > > > What is so

Re: services installed and running "out of the box"

David Wright <[EMAIL PROTECTED]> writes: > Quoting Matt Zimmerman ([EMAIL PROTECTED]): >> On Wed, Sep 24, 2003 at 09:54:05PM +0100, Dale Amon wrote: >> > On Wed, Sep 24, 2003 at 03:59:28PM -0400, Noah L. Meyerhans wrote: >> > > For starters, I think portmap, rpc.statd, and inetd should not run by

Re: services installed and running "out of the box"

Quoting Matt Zimmerman ([EMAIL PROTECTED]): > On Wed, Sep 24, 2003 at 09:54:05PM +0100, Dale Amon wrote: > > > On Wed, Sep 24, 2003 at 03:59:28PM -0400, Noah L. Meyerhans wrote: > > > For starters, I think portmap, rpc.statd, and inetd should not run by > > > default. Not running a mail server (o

Re: The same debian - different packages

On Wed, Sep 24, 2003 at 07:44:16PM +0200, Bernd Eckenfels wrote: > looks like somebody installed ssh some (long) time ago from testing or > unstable on server b. This is a problem, since it is the higher version > number. Another thing where package build-stamps may help to generate a report. Then

Re: services installed and running "out of the box"

On Fri, Sep 26, 2003 at 02:52:27PM +0100, David Wright wrote: > Quoting Matt Zimmerman ([EMAIL PROTECTED]): > > > It can be damnably difficult to dump the web server... I've ended > > > up downloading dhttpd and then removing links or changing the > > > init.d/dhttpd file name. > > > > What is so

Re: services installed and running "out of the box"

David Wright <[EMAIL PROTECTED]> writes: > Quoting Matt Zimmerman ([EMAIL PROTECTED]): >> On Wed, Sep 24, 2003 at 09:54:05PM +0100, Dale Amon wrote: >> > On Wed, Sep 24, 2003 at 03:59:28PM -0400, Noah L. Meyerhans wrote: >> > > For starters, I think portmap, rpc.statd, and inetd should not run by

Re: services installed and running "out of the box"

On Fri, Sep 26, 2003 at 04:29:45AM -0300, Peter Cordes wrote: > On Fri, Sep 26, 2003 at 12:51:35AM -0400, Matt Zimmerman wrote: > > What is so difficult? No web server is installed by default. If you don't > > want one, don't install one. > > Dependencies. I've had the same annoying experienc

Re: services installed and running "out of the box"

Quoting Matt Zimmerman ([EMAIL PROTECTED]): > On Wed, Sep 24, 2003 at 09:54:05PM +0100, Dale Amon wrote: > > > On Wed, Sep 24, 2003 at 03:59:28PM -0400, Noah L. Meyerhans wrote: > > > For starters, I think portmap, rpc.statd, and inetd should not run by > > > default. Not running a mail server (o

Re: services installed and running "out of the box"

On Fri, Sep 26, 2003 at 04:29:45AM -0300, Peter Cordes wrote: > On Fri, Sep 26, 2003 at 12:51:35AM -0400, Matt Zimmerman wrote: > > What is so difficult? No web server is installed by default. If you don't > > want one, don't install one. > > Dependencies. I've had the same annoying experienc

lids config

Hello I am intending to use lids with a server I will be soon setting up and was wondering if anyone would be so very kind as to send me sample files for lids.cap and lids.conf (or any scripts that generate the lids.conf file). I was really hoping to save some time, though I understand that there

Re: The same debian - different packages

In article <[EMAIL PROTECTED]> you wrote: > +++-==-==- > ii ssh3.4p1-1.woody.3Secure rlogin/rsh/rcp replacement > (OpenSSH) > ii ssh3.4p1-2Secure rlogin/rsh/rcp re

Re: services installed and running "out of the box"

On Thu, Sep 25, 2003 at 06:05:13PM -0400, Michael Stone wrote: > That's been the policy, but's it's stupid nowadays. It's too easy to > pull in an unexpected service when installing something with all the > tasks and dependency chains. There needs to be a mode where a user can > say, "I don't want

lids config

Hello I am intending to use lids with a server I will be soon setting up and was wondering if anyone would be so very kind as to send me sample files for lids.cap and lids.conf (or any scripts that generate the lids.conf file). I was really hoping to save some time, though I understand that there

Re: question about proxy firewall

[EMAIL PROTECTED] wrote: > The point of a protocol-proxy is that you want to provide services to > the outside world, but you don't trust your server software to be robust > against protocol-level attacks (buffer overflows, primarily). Since one > of the points of Debian is to fix bugs in software,

Re: The same debian - different packages

In article <[EMAIL PROTECTED]> you wrote: > +++-==-==- > ii ssh3.4p1-1.woody.3Secure rlogin/rsh/rcp replacement (OpenSSH) > ii ssh3.4p1-2Secure rlogin/rsh/rcp repla

Re: services installed and running "out of the box"

On Thu, Sep 25, 2003 at 06:05:13PM -0400, Michael Stone wrote: > That's been the policy, but's it's stupid nowadays. It's too easy to > pull in an unexpected service when installing something with all the > tasks and dependency chains. There needs to be a mode where a user can > say, "I don't want

Re: The same debian - different packages

Hi, [EMAIL PROTECTED] écrivait : > ii ssh3.4p1-1.woody.3Secure rlogin/rsh/rcp replacement > (OpenSSH) Ok. It's on security.debian.org. > ii ssh3.4p1-2Secure rlogin/rsh/rcp replacement > (OpenSSH) I can't see this one on debian servers.

Re: question about proxy firewall

[EMAIL PROTECTED] wrote: > The point of a protocol-proxy is that you want to provide services to > the outside world, but you don't trust your server software to be robust > against protocol-level attacks (buffer overflows, primarily). Since one > of the points of Debian is to fix bugs in software,

Re: services installed and running "out of the box"

On Thu, Sep 25, 2003 at 07:33:00AM -0700, Adam Lydick wrote: > I like that idea, and it sounds fairly simple - packages just check > /etc/secure_level (or something similar) and do the "right thing". The > tricky part is convincing every package maintainer to adopt it ;) Well, Mandrake packages II

Re: services installed and running "out of the box"

On Fri, Sep 26, 2003 at 12:51:35AM -0400, Matt Zimmerman wrote: > On Wed, Sep 24, 2003 at 09:54:05PM +0100, Dale Amon wrote: > > It can be damnably difficult to dump the web server... I've ended > > up downloading dhttpd and then removing links or changing the > > init.d/dhttpd file name. > > What

Re: Watch out! vsftpd anonymous access always enabled!

Dariush Pietrzak wrote: On Mon, Sep 22, 2003 at 10:18:20PM +0200, Bernd Eckenfels wrote: FTP is a firewal nightmare, You think? Not only he thinks that way. It's an accepted fact within the InfoSec community. Firewalls are nightmare, and the only result of prefering http-only protocols

Re: The same debian - different packages

Hi, [EMAIL PROTECTED] écrivait : > ii ssh3.4p1-1.woody.3Secure rlogin/rsh/rcp replacement (OpenSSH) Ok. It's on security.debian.org. > ii ssh3.4p1-2Secure rlogin/rsh/rcp replacement (OpenSSH) I can't see this one on debian servers...! Ne

Re: services installed and running "out of the box"

On Thu, Sep 25, 2003 at 07:33:00AM -0700, Adam Lydick wrote: > I like that idea, and it sounds fairly simple - packages just check > /etc/secure_level (or something similar) and do the "right thing". The > tricky part is convincing every package maintainer to adopt it ;) Well, Mandrake packages II

Re: services installed and running "out of the box"

On Fri, Sep 26, 2003 at 12:51:35AM -0400, Matt Zimmerman wrote: > On Wed, Sep 24, 2003 at 09:54:05PM +0100, Dale Amon wrote: > > It can be damnably difficult to dump the web server... I've ended > > up downloading dhttpd and then removing links or changing the > > init.d/dhttpd file name. > > What

Re: services installed and running "out of the box"

On Thu, Sep 25, 2003 at 12:34:34PM +0200, Javier Fern?ndez-Sanguino Pe?a wrote: > The "base" installation is partially decided by the priority of the package > ('required', 'important', 'standard', 'optional', 'extra'). The > archive maintainers have the final word (that is the 'ftp.debian.org'