On Tue, 8 Aug 2017, Dewayne Geraghty wrote:
>
>
Indeed, there are times when it's best to say nothing :)
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to
On Fri, 3 Feb 2017 00:53:31 +, heasley wrote:
> Wed, Feb 01, 2017 at 11:15:10AM +0100, Dag-Erling Smørgrav:
> > > i'm suggesting a port with a v1 client; that is built with all the other
> > > binary ports for abi changes and whatever else is reasonable. yes, i
> > > can build my own, but
On Thu, 6 Oct 2016 02:12:25 +, Jules Gilbert via freebsd-security wrote:
> But please help me. These attacks are limiting my work efforts.
A lot of people make the mistake of using cheap aluminium foil.
You have to use real tin.
HTH, Ian
___
Perhaps of interest to some:
http://www.abc.net.au/news/2016-08-10/census-night-how-the-shambles-unfolded/7712964
cheers, Ian
___
freebsd-security@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send
On Sat, 30 Apr 2016 14:27:17 +, Poul-Henning Kamp wrote:
[..]
> The best explanation of all this is John R. Vig's Quartz Tutorial
> which is freely available on the web - highly recommended:
>
> http://www.am1.us/Local_Papers/U11625%20VIG-TUTORIAL.pdf
This is one of the best
On Wed, 8 Jul 2015 12:49:12 -0500, Mark Felder wrote:
No workaround is available, but only systems that are manually
configured to enable DNSSEC validation are affected. would be a
reasonable statement.
Agreed. DNSSEC may become mandatory, and while surely 'best practice',
it's not yet
On Fri, 15 May 2015 07:51:34 -0500, Mark Felder wrote:
On Fri, May 15, 2015, at 03:07, Ian Smith wrote:
On Thu, 14 May 2015 17:32:53 +0200, Adam Major wrote:
Hello
But I don't think disable TLS 1.0 is ok.
TLS 1.0 is dead and is even now banned in new
On Thu, 14 May 2015 17:32:53 +0200, Adam Major wrote:
Hello
But I don't think disable TLS 1.0 is ok.
TLS 1.0 is dead and is even now banned in new installations according to
the PCI DSS 3.1 standards. Nobody should expect TLS 1.0 to be supported
by *any* HTTPS site now.
On Thu, 14 May 2015 10:28:27 +0200, Patrick Proniewski wrote:
On 13 mai 2015, at 23:18, Anders Gulden Olstad wrote:
Qualys report chain issues
that's pretty odd, because I've checked too just after sending my
reply to the list (message id
On Wed, 25 Feb 2015 20:55:43 +, Christopher Schulte wrote:
On Feb 25, 2015, at 2:34 PM, Philip Jocks pjli...@netzkommune.com wrote:
it felt pretty scammy to me, googling for the worm got me to
rkcheck.org which was registered a few days ago and looks like a
tampered version of
On Wed, 28 Jan 2015 17:01:50 -0800, jungle Boogie wrote:
Hi Nick,
On Jan 28, 2015 4:56 PM, Nick Frampton nick.framp...@akips.com wrote:
On 29/01/15 08:46, Joe Holden wrote:
Really, how many SCTP users are there om the wild... maybe one?
It shouldn't be in GENERIC at the very
On Tue, 13 Jan 2015 14:20:20 -0600, Greg Rivers wrote:
On Tue, 13 Jan 2015, Paul Hoffman wrote:
...and I'm glad we're not discussing the uninformed crypto FUD that started
this thread...
Agreed, we can all move on now. I only asked about this because I honestly
wanted to know what
On Mon, 26 May 2014 19:46:14 -0700, Ronald F. Guilmette wrote:
Ian Smith smi...@nimnet.asn.au wrote:
... might syslog trigger adhoc rotations by
newsyslog - of a particular log, not all - after learning how to measure
'stress', perhaps by rates of delta filesize, diskspace consumption
On Mon, 26 May 2014 16:11:52 +0200, Dag-Erling Smørgrav wrote:
Ronald F. Guilmette r...@tristatelogic.com writes:
I forgot that newsyslog(8) should limit the size of /var/log/messages, and
that as long as you limit the size of that to a reasnable value, and as
long as you have newsyslog(8)
On Sat, 3 May 2014 01:25:40 -0400, Garrett Wollman wrote:
On Sat, 3 May 2014 13:53:44 +1000 (EST), Ian Smith smi...@nimnet.asn.au
said:
I've always allowed frags, as per the example rulesets in rc.firewall.
I only recall seeing them on DNS responses from zen.spamhaus.org, where
On Sun, 13 Apr 2014 10:33:53 -0400, Lowell Gilbert wrote:
David Noel david.i.n...@gmail.com writes:
My main point was that if you don't trust Subversion it makes no sense
to say you trust portsnap. Portsnap pulls the ports tree from
Subversion. Using Subversion! The portsnap system
On Wed, 9 Apr 2014 19:00:52 +0100, Pawel Biernacki wrote:
On 9 April 2014 17:08, Joe User mailingli...@rootservice.org wrote:
On 09.04.2014 17:29, Pawel Biernacki wrote:
[snip]
We need more transparency here.
Please read this and other related threads and you'll understand that
On Sat, 22 Mar 2014 22:39:36 -0700, Julian Elischer wrote:
reposting with a useful subject line and more comments
On 3/22/14, 10:33 PM, Julian Elischer wrote:
in ipfw that's up to you..
but I usually put the check-state quite early in my rule sets.
On 3/22/14, 1:34 AM, Ian
On Fri, 21 Mar 2014 13:01:25 -0700, Ronald F. Guilmette wrote:
In message 20140322000445.c31...@sola.nimnet.asn.au,
Ian Smith smi...@nimnet.asn.au wrote:
As assorted experts have suggested, you need a stateful rule. It's
really not that hard; if you _only_ needed to protect ntp
On Thu, 20 Mar 2014 13:41:06 -0700, Ronald F. Guilmette wrote:
[..]
I dearly hope that someone on this list who does in fact have commit privs
will jump on this Right Away. I'm not persuaded that running a perfectly
configured ipfw... statefully, no less... should be an absolute prerequsite
http://www.abc.net.au/news/2013-09-06/new-snowden-documents-say-nsa-can-break-common-internet-encrypt/4940138
Ian
___
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to
On Wed, 13 Feb 2013 09:28:00 +0100, Dag-Erling Smørgrav wrote:
Ian Smith smi...@nimnet.asn.au writes:
Dag-Erling Smørgrav d...@des.no writes:
Slight correction: dropping *all* ICMP is a bad idea. You can get by
with just unreach. Add timex, echoreq and echorep for troubleshooting
On Wed, 13 Feb 2013 01:52:29 +0100, Dag-Erling Smørgrav wrote:
Mark Felder f...@feld.me writes:
Dropping ICMP is not a security method. Please stop doing this!
Slight correction: dropping *all* ICMP is a bad idea. You can get by
with just unreach. Add timex, echoreq and echorep for
On Fri, 2 Oct 2009, johnea wrote:
Garrett Wollman wrote:
[..]
tcp4 0 0 atom.60448 host154.advance.com.ar.auth
TIME_WAIT
auth is the port number used by the IDENT protocol.
-GAWollman
Thank You to everyone who responded!
In fact I did
On Thu, 19 Mar 2009, Giorgos Keramidas wrote:
On Mon, 16 Mar 2009 20:31:21 +0100, Eirik Øverby ltn...@anduin.net wrote:
On 16. mars. 2009, at 00.50, freebsd...@pc.jgr.de wrote:
Dear Giorgos,
thank you for coming back to the emacs issue. I deinstalled
emacs by means of pkg_delete -v
On Wed, 4 Feb 2009, Janos Dohanics wrote:
I came across this today:
http://information-security-resources.com/2009/01/29/did-heartland-ceo-make-insider-trades/
The article discusses some questions about the security breach which
occurred
at Heartland Payment Systems. Among other
On Mon, 24 Nov 2008, Eirik Øverby wrote:
On Nov 24, 2008, at 23:12, Pieter de Boer wrote:
[..]
Results for port 8585:
IP (tos 0x0, ttl 59, id 44156, offset 0, flags [DF], proto: TCP (6),
length: 64) alge.anart.no.1839 213.225.74.230.8585: S, cksum 0xf765
(correct),
On Thu, 2 Oct 2008, Bjoern A. Zeeb wrote:
On Thu, 2 Oct 2008, Ian Smith wrote:
http://www.kb.cert.org/vuls/id/472363
This link doesn't work, and neither does searching for '472363' there?
Or at least, not from here :)
It's been working for a few hours now. Time
On Thu, 17 Apr 2008, FreeBSD Security Advisories wrote:
IV. Workaround
Disable support for IPv6 in the sshd(8) daemon by setting the option
AddressFamily inet in /etc/ssh/sshd_config.
Disable support for X11 forwarding in the sshd(8) daemon by setting
the option X11Forwarding no
On Thu, 17 Apr 2008, Peter Pentchev wrote:
On Thu, Apr 17, 2008 at 04:07:56PM +1000, Ian Smith wrote:
On Thu, 17 Apr 2008, FreeBSD Security Advisories wrote:
IV. Workaround
Disable support for IPv6 in the sshd(8) daemon by setting the option
AddressFamily inet
On Mon, 21 Jan 2008, Dan Lukes wrote:
Ian Smith napsal/wrote, On 01/21/08 12:55:
No problem; IPFW has tables too, and sets, with which you could
enable/disable or
It interests me:
swap your script-constructed tables atomically.
I know how to create new set of rules
On Fri, 21 Dec 2007, W. D. wrote:
At 05:45 12/20/2007, Ian Smith, wrote:
Thanks for your reply Ian. This is the kind of
information I am looking for.
Firstly, this really belongs over on freebsd-net@ if not
freebsd-questions@, but anyway ..
I'll be glad to move
Firstly, this really belongs over on freebsd-net@ if not
freebsd-questions@, but anyway ..
On Thu, 20 Dec 2007, W. D. wrote:
At 03:49 12/17/2007, Tuomo Latto wrote:
W. D. wrote:
How do I tell which rule is blocking me out? SSH *is* working,
but others are not.
It all depends on
33 matches
Mail list logo