Hey all,
After much advocating, I've finally convinced SANS to at least run a
small conference in NH. It will be in Portsmouth from 10/20-10/28. More
info can be found here:
http://www.sans.org/portsmouth06/
About 1/3 of the 502 track is hands-on labs, mostly using a slightly
modified version of
On Sun, 2006-07-23 at 21:41 -0400, Ben Scott wrote:
Despite all the talk about heuristics, virus detection is still
almost entirely dependent on recognizing signatures of know viruses.
With good reason. AV vendors make most of their money off of
subscription services. So why fix something
On Mon, 2006-07-24 at 15:03 -0400, Ben Scott wrote:
How do you tell when code executing with root privs is malware? (NOT a
rhetorical
question btw, I'd seriously like to know if it is possible, and how)
For the general case, I don't think you can.
Agreed. Look at the latest dll
On Wed, 2006-07-26 at 14:34 -0400, Ben Scott wrote:
Mass infections are s 1990's.
I wish. Recall that SQL Slammer hit in 2003, and severely impacted
the whole Internet.
Agreed, but the cost was distributed. I think you would be hard pressed
to find anyone that went out of business
On Mon, 2006-07-17 at 18:19 -0400, Dan Coutu wrote:
I am expecting that following line opens traffic to the remote server on
whatever port passive mode ftp chooses to use:
eeek! Scary rules. ;-p
Just to verify, these are the rules on the client which is connecting to
the server, correct? If
On Tue, 2006-07-18 at 15:26 -0400, Chris Brenton wrote:
iptables -A OUTPUT -p tcp -d server ip --dport 25 -j ACCEPT
Dooh! Change that to be:
iptables -A OUTPUT -p tcp -d server ip --dport 21 -j ACCEPT
___
gnhlug-discuss mailing list
gnhlug-discuss
On Tue, 2006-06-27 at 16:15 -0400, mike ledoux wrote:
Are we talking problems as in faulty design, or hardware failures?
Or both? :) I would pretty much expect that Dell's hardware wears
out sooner and more often than HP or IBM stuff. Design issues, on the
other hand, can't be fixed
On Tue, 2006-05-16 at 21:19 -0400, Jonathan Linowes wrote:
http://www.votervoice.net/Core.aspx?AID=575APP=GACIssueID=7519
This Congress would become the very first to regulate the Internet
Humm. Has someone not been paying attention?
C
___
On Mon, 2005-12-19 at 22:22 -0500, Greg Rundlett wrote:
The environment I find myself in now is unlike ones that I'm used to.
SSH is allowed for some hosts while not for others. For most host
access, you need to go through a single point of entry (sentry), and
then ssh from there over the
On Wed, 2005-12-21 at 09:39 -0500, Jim Kuzdrall wrote:
Didn't SuSE recently decide to switch to GNOME as the default desktop
(although continuing to package KDE RPMs and such)?
SuSe 10 you can go either way. Can't remember if Gnome or KDE is the
default selection, but I *thought* it was
This is just too funny for words. I had to do some digging into it
before I would actually believe it:
http://www.pcworld.com/resource/article/0,aid,124047,pg,1,RSS,RSS,00.asp
In short, Microsoft is actioning off invitations to beta test MSN
Messenger Live which, when released, will be _free
On Wed, 2005-12-21 at 17:45 -0500, Thomas Charron wrote:
On 12/21/05, Chris Brenton [EMAIL PROTECTED] wrote:
This is just too funny for words. I had to do some digging
into it
before I would actually believe it:
http://www.pcworld.com/resource/article/0,aid
Hey all,
Does anyone know a retailer in the Manchester area that resells IBM
laptops? I have a friend thats interested in picking one up but wants to
be able to check it out first.
Thanks in advance for all replies,
Chris
___
gnhlug-discuss mailing
On Fri, 2005-07-22 at 09:46, Michael ODonnell wrote:
Simultaneously humorous and useful:
http://routergod.com/
Fabio explaining IMGP, I think I just wet myself laughing!
Thanks for the link,
C
___
gnhlug-discuss mailing list
On Thu, 2005-06-30 at 10:55, Bill McGonigle wrote:
Roughly:
* incoming mail gets scanned for envelope sender, envelope recipient,
sending IP
* if it's the first time the tuple is seen it gives an SMTP 'temporary
failure' error. The sending MTA retrys.
* if it's been
On Thu, 2005-06-23 at 22:59, Steven W. Orr wrote:
Note that home.alginin.org is resolved to 209.6.219.177
snip
Jun 23 22:31:37 saturn sendmail[9853]: j5O2UaPX009847:
to=[EMAIL PROTECTED], delay=00:01:01, xdelay=00:01:00, mailer=esmtp,
pri=230639, relay=home.alginin.org. [209.150.61.19],
On Mon, 2005-05-09 at 13:15, Neil Joseph Schelly wrote:
On Monday 09 May 2005 10:16 am, Kevin D. Clark wrote:
You have a lot more information if you know that user logged in via
ssh and then su'd to root compared to just knowing that somebody
somewhere logged in as root.
That is an
On Fri, 2005-03-04 at 20:38, Jason Stephenson wrote:
So, if you're worried about the technique being used on you, set those
sysctl MIBs to 0, and don't worry about it. ;)
Just curious, has anyone tested this? Not sure if this shuts off all
timestamp support or just keeps it from being
On Sat, 2004-12-18 at 16:40, Fred wrote:
Are you sure you can trust the TSA to leave it alone and not steal it or
think it's a bomb?
I will second Fred's comments but not because of TSA. I think it has
more to do with the baggage handlers. I've had stuff stolen out of my
checked luggage
On Fri, 2004-11-19 at 09:39, Ted Roche wrote:
It's good to hear that Microsoft is giving up on trying to diss FOSS or
compete with unfair comparisons, and is just threatening their
customers.
Ya, my favorite quote:
Linux violates more than 228 patents, according to a recent report from
a
On Sat, 2004-10-02 at 07:32, Brian Chabot wrote:
Do any of you have a prefered VPN software under Linux?
I use SSH myself, but quite a few of my students use ssltunnel and
absolutely love it:
http://sourceforge.net/projects/ssltunnel/
Basically its a PPP tunnel secured with SSL or TLS. It can
On Fri, 2004-09-24 at 12:26, Jeff Macdonald wrote:
On Fri, 24 Sep 2004 11:03:15 -0400, Whelan, Paul [EMAIL PROTECTED] wrote:
Maybe if you
did -L389:host:389 and point your connector to localhost for the GC that
might work for you.
ssh won't allow ports below 1024 to be redirected.
Try
On Wed, 2004-08-04 at 15:41, Jeff Macdonald wrote:
Well, this issue hasn't really cropped up until now, because I can't
recall a single email provider in the past whose mantra was to scan
incoming emails for content and provide ads/generate revenue from
that.
It sort of has, people have
On Wed, 2004-08-04 at 19:07, Michael ODonnell wrote:
I suspect that at least one of us has missed a point; I was
only worried that if (say) you were a gmail user and the
gmail folks felt free to append an ad to end of all your
outbound emails then anything you posted to the GNHLUG
list would
On Sun, 2004-05-16 at 09:44, Jerry Feldman wrote:
Your ISP is a bit misguided. SPAM is a serious problem for ISPs as it
takes up a significant part of their bandwidth.
But, there is another issue. Should an ISP filter your email. IMHO, they
should allow their clients to decide whether or not
On Mon, 2004-05-10 at 10:29, Kurth Bemis wrote:
After looking around his site, I found a lot of useful tools, so I
wget'ed a local copy for myself!
Ya its pretty amazing the wealth of Linux tools that Bill has come up
with. Its one of the few sites I pull down to my cellphone every day
(just
On Sun, 2004-05-09 at 21:16, Kurth Bemis wrote:
It's a real pain to ssh to each of the boxen and repeat the same process
again and again to upgrade apache,php,mod_perl,mod_ssl, system files, etc.
Why not use Bill Stearn's fanout?
http://www.stearns.org/
Just run the command once and its
On Sun, 2004-04-25 at 23:06, Hewitt Tech wrote:
One thing that might affect which tool you decide to use - if you need an
intrusion detection system, you might want to use snort.
Actually, tcpdump, Ethereal and Snort (in binary mode) will all use the
same file format. So you can capture with
Greets all,
I apologize for this not being completely on topic, but I wanted to pass
this opportunity on to GNHLUG members before anyone else.
Some of you may recognize me as the author and instructor of SANS'
Firewalls, Perimeter Security and VPNs track. If you are not familiar
with the class,
On Tue, 2004-03-02 at 08:07, Michael ODonnell wrote:
Ah. If you announce that you're Recording changes you're then
able to enter Review comentary in a little dialog box. Clunky.
That commentary is viewable later in the same clunky dialog...
Clunky or a feature, I guess its how you look at
On Thu, 2004-02-26 at 00:09, Derek Martin wrote:
But as members of the community, we can not forget that many people
who use computers can not effective do what they need to do in Linux,
and in some cases can't do it at all.
Exactly. To draw an analogy, I drive a Subaru coupe. I love the
Sorry in advance to the OT post.
Bruce,
I've tried to respond directly to both of your e-mails today. Both times
I received a 554. I have the feeling you may have some black listing in
place that is including my address space. :(
C
___
gnhlug-discuss
On Wed, 2004-02-25 at 23:59, Derek Martin wrote:
On Wed, Feb 25, 2004 at 11:00:17AM -0500, [EMAIL PROTECTED] wrote:
That is true, but there is also a problem with the Linux comunity in that
they think everything should be free.
There are certainly some people in the community who feel
On Wed, 2004-02-25 at 14:17, Jeff Kinz wrote:
And as I stated before, Quicken runs quite nicely on Linux if you use
CrossOver Office. Its only $40 and allows you to run a ton of MS apps (I
just loaded MS Visio this week and its running great).
Also gotta work w/Intuits tax software
On Wed, 2004-02-25 at 19:44, Jeff Kinz wrote:
Nothing I love more than someone who decides they know what I'm thinking
and gets its completely wrong,
Its not what you're thinking but what your writing. You seem focused on
ignoring posts from people like myself who are trying to tell you this
On Mon, 2004-02-23 at 09:15, Kevin D. Clark wrote:
What about people with low-speed or non-existant network access --
these people *can't* download huge software distributions. Are these
people {de facto} idiots?
Or the people who _could_ download it but _choose_ to buy it in order to
dump
On Fri, 2004-02-06 at 14:09, Michael ODonnell wrote:
No. I'm upset because terms of an agreement are
being violated.
Then sue them or quit. I'm guessing that corporate attitude probably
feels that during work hours they 0wn you and if the connectivity does
not further the business model then
On Fri, 2004-02-06 at 15:24, Derek Martin wrote:
There exist firewalls which can look at packet payloads to determine
if they conform to the protocol for which they are supposedly being
transmitted. Your chums in the IT department are evidently using one.
Its probably _not_ the solution they
On Fri, 2004-02-06 at 15:31, Derek Martin wrote:
On Fri, Feb 06, 2004 at 01:09:52PM -0500, Chris Brenton wrote:
For the record, outbound SSH _can_ be a security risk.
So is HTTP, and it's a much more serious one than SSH,
Hummm. I don't remember saying that HTTP _was not_ a security risk
On Sat, 2004-02-07 at 12:16, Derek Martin wrote:
An (I think) important point: this is true of ALL security, not just
perimeter security.
Absolutely true! I mentioned perimeter specifically because that was the
topic at hand. :)
(either knowing or unknowing) and which one's you don't.
On Fri, 2004-02-06 at 12:35, Michael ODonnell wrote:
Two days after I started, though,
the geniuses in the IT gang started blocking port 22
snip
Anyway, until recently I've still been able to get
through by having my home server answer on port
80, as well, but now the IT geniuses have
On Wed, 2003-11-12 at 21:39, [EMAIL PROTECTED] wrote:
If you can say, what software is it that has this problem?
Actually, I can't (NDA). Let's just say be careful if you have a
commercial alternative to Bind. ;-)
C
___
gnhlug-discuss mailing list
On Wed, 2003-11-12 at 10:12, Joshua S. Freeman wrote:
I'll go back and change the serial number and restart named but I swear
that I made those changes are restarted named yesterday!
A slick little trick, use a reverse date format like so:
200311121
So its:
4 digit year
2 digit month
2 digit
On Wed, 2003-11-12 at 13:15, [EMAIL PROTECTED] wrote:
Also, another tip: Instead of using a serial number of the form MMDD,
use MMDDNN, where NN gets incremented for each change that day.
Be careful with using NN instead of N. I've run into name server
packages that only permit a
BTW, if anyone needs a real simple way to verify their DNS info, check
out:
http://www.dnsreport.com/
This will tell you if anything is broken. IMHO the scale seems a bit off
to me. There are a few warnings that I would consider a fail per the
RFCs, but the descriptions are great.
HTH,
C
This is pretty funny:
http://www.groklaw.net/article.php?story=20031106164630915
and just in time for the holidays!
:)
C
___
gnhlug-discuss mailing list
[EMAIL PROTECTED]
http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss
On Fri, 2003-11-07 at 13:27, Bill Mullen wrote:
I've had consistently good experiences with http://joker.com ... I've been
involved with six domain purchases from them, which have all gone well.
Check the NANOG archives. There have been a larger number of complaints
from people who have
On Thu, 2003-10-16 at 13:39, brian wrote:
I've often wondered|suspected that they some some filtering on captured
email addresses, ie: s/spam|NOSPAM|SPAM//g sort of thing.
Seems to work pretty well. I maintain spam-free-zone.net and I've ended
up with zero spam, even when trying to get an
On Sun, 2003-10-05 at 22:53, Brian Riley (maillist) wrote:
This would defeat the whole purpose of having the print server,
Then go with the first setup I described. I only mentioned SMB because
its also an option.
C
___
gnhlug-discuss mailing list
RH9 uses CUPS for printing. Launch the CUPS daemon and then kick off the
Print Manager. I'm guessing you want to set the queue type to LPD but
the JetDirect option *might* work.
Other option would be to share off a queue on Windows box, point to that
box and set the queue to SMB. This would allow
On Fri, 2003-10-03 at 15:26, Sharpe, Richard wrote:
Has anyone heard the rumors about Red Hat Splitting the Personal versions to
a new sub company and new product name ?
Looks like there will be three products:
Server software retailing for around $1,200
Workstation retailing for around $300
[EMAIL PROTECTED] wrote:
As others have suggested, rsync can keep two filesets synchronized, using
just the diffs. You could then backup the fileset at the main office. But
again, that depends on the size of your regular diffs.
I have to admin that's I've missed most of this thread, but if you
Stephen Ingham wrote:
A good repeater hub will automatically turn off a port when 32 consecutive
collisions are detected.
Humm. A collision is defined as a system following the Ethernet CSMA/CD
rules that detects a different bit pattern on the receive pair Vs. what
it is currently sending out on
Stephen Ingham wrote:
A repeater is more complicated than a line amplifier as Chris described it
below.
Actually, its not. Of course vendors are always free to add features.
Routers by definition simply route traffic and don't filter it, and yet
that's a feature most of us have learned to expect
I'm assuming Tom forgot to re-all on his note again so I've cc'd the group.
Tom Fogal wrote:
Now that I look it up, it is not as specific as either of us thought. In 802.3
it is simply defined (in clause 1.4.81) as 'A condition that results from
concurrent transmissions from multiple data
Larry Cook wrote:
Now that I've moved to DSL, I was looking for ways to test the security
of my router/firewall. I'm going to use ShieldsUp! (http://grc.com),
but was wondering what other tools were available.
Tom's recommendation of having a friend poke your perimeter is probably
your best
[EMAIL PROTECTED] wrote:
Check out the Kyocera cell phone. It's a cell phone which has an
embedded Palm Pilot. Also, check out the Visor Treo line of
commincators, they're along the same line.
There are apps for Palm devices to do web browsing/terminal type
stuff, and I seem to recall an SSH
On Mon, 2003-06-23 at 10:03, Ben Boulanger wrote:
Also, a useful command is RPM -Va. The output is documented in man rpm,
but it checks all of the files from RPMs for changes. You could also make
this quicker by targetting things like passwd or util-linux.
This is an *excellent* trick and
Michael O'Donnell wrote:
If that minimal effort yields a positive result, yay!
I was just pointing out that one ought not feel too comfy
if a minimal effort yields a negative result.
Agreed. If chkrootkit, RPM or what ever finds what you are looking for,
cool. If not, its time to mount the drive
59 matches
Mail list logo