Quoth Guy Cohen:
Hello,
I'm trying to discarded all those annoying windows unicode breakin attempts,
iptables -A INPUT -j REJECT -p tcp --dport 80 -m string --string cmd.exe
Since as of iptables v1.2.6a I can find no such match rule or option, I
assume you have developed it yourself. If I
On Tue, Aug 13, 2002 at 09:59:40PM +0300, Official Flamer/Cabal NON-Leader wrote:
Quoth Guy Cohen:
Hello,
I'm trying to discarded all those annoying windows unicode breakin attempts,
iptables -A INPUT -j REJECT -p tcp --dport 80 -m string --string cmd.exe
Since as of iptables
Quoth Official Flamer/Cabal NON-Leader:
The version I have does not have THAT. Mine's Debian, so they COULD have
chopped it out. Or, it could have been the other way around - it is not
Yes, debian HAS compiled netfilter without extensions.
On Tue, Aug 13, 2002 at 11:01:56PM +0300, Official Flamer/Cabal NON-Leader wrote:
Therefore, you CANNOT prevent logging info without KNOWING in advance
that some form of an attack is going to be following a legal connection,
OR having the kernel inform the application (i.e. netfilter inform
Quoth Guy Cohen:
yes, but why netfilter transfers the connection to apache in the first
place?
Do it manually ;-)...
---cuttez---dicez---removez---slicez---ambutez---choppez---
telnet foo.bar.com 80
GET /
GET /zumbu.html
GET
PROTECTED]
Sent: Tuesday, August 13, 2002 10:24 PM
Subject: Re: ipchains --string on http
Quoth Guy Cohen:
yes, but why netfilter transfers the connection to apache in the first
place?
Do it manually ;-)...
---cuttez---dicez---removez---slicez---ambutez---choppez---
telnet foo.bar.com 80
On Wed, Aug 14, 2002, Oleg Kobets wrote about Re: ipchains --string on http:
you forget that HTTP is stateless protocol. after one GET you will be
disconnected.
This is only strictly true in HTTP 0.9, a standard that nobody is using for
at least 5 years.
You can make requests in HTTP 1.1
RTFH (Read The Fucking Howto)
http://damyen.technion.ac.il/~dani/
Dani
On Fri, 7 Dec 2001, The Rabbit of Vugluskr wrote:
Hi list.
I have a problem at my home setup. I have Linux (RH72) server connected with
ADSL to Actcom. I have 2 Win machines, connected to same LAN with Linux,
Linux
Hello Eran
the gateway thing (Masquerading Forwarding) is in fact ipchains' job. I
guess that your firewalling script first cleans ipchains rules (so it
'disconnects' the other computers from the internet), and then putting the
firewall thing.
another possibility is that there is an ipchains
On Mon, 15 Jan 2001, Gilad Ben-Yossef wrote:
Tzafrir Cohen wrote:
Hi
I'm trying to understand a certain reoccouring denied packet. The trouble
is I can't find any reference to the meaning of all the fields in the
syslog message. Can anybody point me to such a reference?
Use the
Tzafrir Cohen wrote:
Hi
I'm trying to understand a certain reoccouring denied packet. The trouble
is I can't find any reference to the meaning of all the fields in the
syslog message. Can anybody point me to such a reference?
Use the source, Luke: ;-)
printk("%s PROTO=%d
On Sun, 31 Dec 2000, guy keren wrote:
On Sun, 31 Dec 2000, Jonathan Ben-Avraham wrote:
The ipchains HOWTO contains an example firewall configuration with
separate chains defined for each triple of source network, destination
network and direction. That is, there are chains "net-dmz",
On Mon, 1 Jan 2001, Adi Stav wrote:
Hmm. How is that different from from creating custom chains in
ipchains and sending packets from one chain to another?
with chains - when one chain matched a rule, then its action is taken
place, and no more rule matching is performed on that packet from
On Sun, Dec 31, 2000 at 10:01:07AM +0200, guy keren wrote:
btw, in the new kernel (2.4), where netfilter is used, there is a new
notion of tables. unlike usage of multiple chains, usage of multiple
tables does add extra functionality, in that it allows you to have one set
of rules perform a
On Sun, 31 Dec 2000, Alex Shnitman wrote:
Hi, guy!
On Sun, Dec 31, 2000 at 10:01:07AM +0200, you wrote the following:
btw, in the new kernel (2.4), where netfilter is used, there is a new
notion of tables. unlike usage of multiple chains, usage of multiple
tables does add extra
On Sun, 31 Dec 2000, Alex Shnitman wrote:
btw, in the new kernel (2.4), where netfilter is used, there is a new
notion of tables. unlike usage of multiple chains, usage of multiple
tables does add extra functionality, in that it allows you to have one set
of rules perform a complete
On Mon, 1 Jan 2001, Adi Stav wrote:
btw, in the new kernel (2.4), where netfilter is used, there is a new
notion of tables. unlike usage of multiple chains, usage of multiple
tables does add extra functionality, in that itallows you to have one set
of rules perform a complete
Looks like this thread is never going to end. Does anybody still remember why
it was titled "ipchains"? :)
On Sat, Dec 30, 2000, Omer Zak wrote about "GPL or not GPL, that is the question (was:
Re: ipchains)":
I believe that all the arguments about GPLed software (sta
Hi, guy!
On Sun, Dec 31, 2000 at 10:01:07AM +0200, you wrote the following:
btw, in the new kernel (2.4), where netfilter is used, there is a new
notion of tables. unlike usage of multiple chains, usage of multiple
tables does add extra functionality, in that it allows you to have one set
On Fri, 29 Dec 2000, "Stanislav Malyshev" [EMAIL PROTECTED] wrote:
For GPL, RMS is the copyright law.
No it isn't. RMS has his legal counsel (a professor of law) issue his
opinions. If you think you opinions of law are worth more, you're
welcome to do whatever you want. I just think RMS's
On Sat, 30 Dec 2000, "Stanislav Malyshev" [EMAIL PROTECTED] wrote:
MZ I just think RMS's legal counsel
MZ is pretty sound. Is that a problem for you?
Yes
..
since I do not
have my own law professor, all I can do is ranting about it.
Not so. For a couple of hundred dollars, you can get a
On Sat, 30 Dec 2000, "Stanislav Malyshev" [EMAIL PROTECTED] wrote:
Well, dual licensing code as GPL and BSD (or GPL and PD, for example) is a
You can't dual license as GPL and PD -- public domain is not a license.
A license refers to the terms under which you may use copyrighted works
while
MZ For GPL, RMS is the copyright law.
MZ
MZ No it isn't. RMS has his legal counsel (a professor of law) issue his
MZ opinions. If you think you opinions of law are worth more, you're
MZ welcome to do whatever you want. I just think RMS's legal counsel
MZ is pretty sound. Is that a problem for
On Fri, Dec 29, 2000 at 09:26:59PM +0200, Stanislav Malyshev a.k.a Frodo wrote:
AS ==quote==
AS Richard Stallman wrote:
AS
AS That you don't distribute binaries does not change the fact that your
AS source code is designed to include Readline in the program. You
AS cannot do that,
On Fri, Dec 29, 2000 at 09:29:51PM +0200, Stanislav Malyshev a.k.a Frodo wrote:
AS Have you actually READ the GPL? It does not define "derived work"
AS anywhere, leaving that to copyright law. RMS has said as much, too.
For GPL, RMS is the copyright law. Since if RMS thinks it's violating
On Fri, Dec 29, 2000 at 07:27:34PM +0200, Nadav Har'El wrote:
But the GPL causes the following sort of "comtamination": Take any of the
important pieces of GPL software on the Internet. Most, if not all, of them
have been written by more than one person. Some of them have been written
or
On Fri, Dec 29, 2000 at 08:44:52PM +0200, Stanislav Malyshev a.k.a Frodo wrote:
NH What kind of judge is going to make a decision against a company
NH when in a 100,000 line code, 50 lines "somehow distantly
NH resemble" code from a GPLed program? If the developer only looks
NH at the code,
AS That is necessary for copyleft. If you could take Linux and release it
Sure. So be aware that any time you read "proprietary" in FSF texts, you
should read "non-GPL", since GPL restricts not only more strict licenses,
but also less strict. I understand why it's done, but let's be honest -
On Sat, Dec 30, 2000, Adi Stav wrote about "Re: ipchains":
On Fri, Dec 29, 2000 at 07:27:34PM +0200, Nadav Har'El wrote:
There's another problematic issue about the GPL. It's quite clear how it
applies to software companies, but how does it apply to Hardware companies?
For exa
I believe that all the arguments about GPLed software (starting from
ipchains and then wandered elsewhere) overlooked one important point.
This point is what originally motivated RMS in his GNU crusade.
His original point is that users must have the power to modify software
and tailor it to
On Sat, Dec 30, 2000 at 10:14:33PM +0200, Stanislav Malyshev a.k.a Frodo wrote:
AS That is necessary for copyleft. If you could take Linux and release it
Sure. So be aware that any time you read "proprietary" in FSF texts, you
should read "non-GPL", since GPL restricts not only more strict
On Sat, Dec 30, 2000 at 10:25:31PM +0200, Nadav Har'El wrote:
I'd say that as soon as a company releases software, it doesn't matter
whether the company's core business is hardware or not. The software
is governed by the same laws.
I'm not sure I understand: do you mean the GPL should
Hi, Stanislav!
I'll skip the GPL-related part of the email since it has already been
discussed to death by others. (I think it's been a bit like "a
watermelon is red from the inside" "no, asshole, it's green from the
outside" type of thing, but whatever.)
On Thu, Dec 28, 2000 at 11:07:47PM
On Sun, 31 Dec 2000, Jonathan Ben-Avraham wrote:
The ipchains HOWTO contains an example firewall configuration with
separate chains defined for each triple of source network, destination
network and direction. That is, there are chains "net-dmz", "dmz-net",
"net-int", "int-net", "int-dmz"
On Fri, Dec 29, 2000 at 09:34:22AM +0200, Stanislav Malyshev a.k.a Frodo wrote:
AS That's a common misconception. It should have been obvious, but
AS somehow never is, that no amount of licensing trickery can make one
AS program be considered a derivative work of an unrelated program. And
On Fri, Dec 29, 2000, Adi Stav wrote about "Re: ipchains":
Likewise, no program can
"contaminate" other programs and change their license, whether or not
you link them together. What the GPL is saying that you cannot
If you want to use others' GPLed code in more
res
NH What kind of judge is going to make a decision against a company
NH when in a 100,000 line code, 50 lines "somehow distantly
NH resemble" code from a GPLed program? If the developer only looks
NH at the code, that's what going to happen - he won't suddenly
NH have 10,000 lines identical to a
NH What kind of judge is going to make a decision against a company
NH when in a 100,000 line code, 50 lines "somehow distantly
NH resemble" code from a GPLed program? If the developer only looks
NH at the code, that's what going to happen - he won't suddenly
NH have 10,000 lines identical
AS The same copyright system that disallows you to copy ripped MP3s
AS disallows companies to make proprietary products out of GPLed
AS software. Our copyright system is just fine.
With our GPLed software the matter is pretty complicated. Generally, GPLed
software is referred to as a "free
On Thu, Dec 28, 2000 at 11:07:47PM +0200, Stanislav Malyshev a.k.a Frodo wrote:
With our GPLed software the matter is pretty complicated. Generally, GPLed
software is referred to as a "free software". But, in fact, it's not free
at all, in the common meaning of the word "freedom". You cannot
On Thu, 28 Dec 2000, "Stanislav Malyshev" [EMAIL PROTECTED] wrote:
RIAA is within it's right when it uses current law. I agree that it might
be immoral
When some company does something that is within the law but immoral, I
tend to lose respect for that company's requests. Whatever happened
to
AS That's a common misconception. It should have been obvious, but
AS somehow never is, that no amount of licensing trickery can make one
AS program be considered a derivative work of an unrelated program. And
See, this is an official position of RMS. I have quotes from him
personally saying
At 11:07 PM 12/28/00 +0200, you wrote:
AS The same copyright system that disallows you to copy ripped MP3s
AS disallows companies to make proprietary products out of GPLed
AS software. Our copyright system is just fine.
With our GPLed software the matter is pretty complicated. Generally, GPLed
On Mon, 25 Dec 2000 16:41:49 +0200, System1 [EMAIL PROTECTED] wrote:
using ICQ remote attacker is able to make full port scan on networks behind
the firewall.
No, when a user uses the client with a bug, a remote attacker is able to
If ICQ gives people the ability to make scans of my
Moshe Zadka wrote:
On Mon, 25 Dec 2000 16:41:49 +0200, System1 [EMAIL PROTECTED] wrote:
using ICQ remote attacker is able to make full port scan on networks behind
the firewall.
No, when a user uses the client with a bug, a remote attacker is able to
No, it's a protocol feature
Moshe Zadka wrote:
On Tue, 26 Dec 2000 17:53:08 +0200, Alon Oz [EMAIL PROTECTED] wrote:
As you said, the sysadmin was an idiot, if a sysadmin wants
he can easily block ICQ.
ssh UDP forwarding to home machine. 'Nuff said.
1 problem though, by using firewall piercing techniques you
On Tue, 26 Dec 2000, Alon Oz [EMAIL PROTECTED] wrote:
1 problem though, by using firewall piercing techniques you probably
violate your contract with the company.
And what part of "I'm an advocate of company policy/polite request rather
then technical solutions" did I fail to make clear?
Moshe Zadka wrote:
On Tue, 26 Dec 2000, Alon Oz [EMAIL PROTECTED] wrote:
1 problem though, by using firewall piercing techniques you probably
violate your contract with the company.
And what part of "I'm an advocate of company policy/polite request rather
then technical solutions"
AO 1. the computer on 192.168.1.78(example) is up
Nice. Most computers tend to be up when people are working.
AO 2. It can receive connection to the ICQ port
Wrong. Firewall won't let incoming connection in. It would only allow to
receive UDP packets inside "virtual circuit" created by
AO Even if the CEO does. Seen any company that the users don't hold mp3s
AO on their computers? It's illegal in the US and most startups are
AO registered in the US.
MP3 format is illegal in US? News for me. Is WAV going to be banned too?
--
[EMAIL PROTECTED] \/ There shall be counsels
Jonathan Ben-Avraham wrote:
On Mon, 25 Dec 2000, System1 wrote:
Hi,
we are using here IPChains Firewall.
Is there anyway to block complete domain such as *.icq.com ?
No, not with ipchains, because -s accepts only a hostname, network address
or plain IP address
You dig all the
On Mon, 25 Dec 2000, Alon Oz wrote:
Jonathan Ben-Avraham wrote:
On Mon, 25 Dec 2000, System1 wrote:
Hi,
we are using here IPChains Firewall.
Is there anyway to block complete domain such as *.icq.com ?
No, not with ipchains, because -s accepts only a hostname, network
Jonathan Ben-Avraham wrote:
On Mon, 25 Dec 2000, Alon Oz wrote:
Jonathan Ben-Avraham wrote:
On Mon, 25 Dec 2000, Alon Oz wrote:
Jonathan Ben-Avraham wrote:
On Mon, 25 Dec 2000, System1 wrote:
Hi,
we are using here IPChains Firewall.
Is
On Mon, Dec 25, 2000, System1 wrote about "ipchains":
its not so easy , i blocked while ago port 5194 (icq login port) but today i
found users still able to connect.
..
and to block aol messanger (another client with security bugs which allows
remote attacker take full control of users
trying to block it)
Moran.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Hetz Ben Hamo
Sent: Monday, December 25, 2000 4:34 PM
To: System1
Cc: [EMAIL PROTECTED]
Subject: Re: ipchains
Well, if I was a sys admin, then I would allow ICQ..
BUT, I would
On Mon, Dec 25, 2000, System1 wrote about "RE: ipchains":
using ICQ remote attacker is able to make full port scan on networks behind
the firewall.
If ICQ gives people the ability to make scans of my servers that are behind
firewall I dont want it here. its only troubles.
Nadav Har'El wrote:
On Mon, Dec 25, 2000, System1 wrote about "RE: ipchains":
using ICQ remote attacker is able to make full port scan on networks behind
the firewall.
If ICQ gives people the ability to make scans of my servers that are behind
firewall I dont want it here
Well, if I was a sys admin, then I would allow ICQ..
BUT, I would prevent the ports that needed to send/receive files or chat (these
are the ports in the confguration menu)...
Blocking ICQ messages seems harder and harder - you can even configure ICQ to
send messages with port 80, 21,23, 25,
can you point us out to this tool?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of System1
Sent: Monday, December 25, 2000 4:42 PM
To: 'Hetz Ben Hamo'
Cc: [EMAIL PROTECTED]
Subject: RE: ipchains
using ICQ remote attacker is able to make full port scan
Ishay Sommer wrote:
email headers sent via smtp include the original ip from which the message
sent from
Not if you make a few changes to the mailer (checked on qmail/sendmail)
--
Alon Oz,
Aduva Research Team,
Mailto: [EMAIL PROTECTED]
--
A proud member in the Evil Linux
On Mon, Dec 25, 2000, Alon Oz wrote about "Re: ipchains":
The ICQ protocol reveals the real IP of the computer running the client,
so even if you use GNU replacements it doesn't matter.
So what? Unless you have a completely-proxy-firewall (block everything and
allow only applicati
I dont think many knows about this.
The person who show us this vulnerability didnt say where he found it. but
we saw how he make it.
Moran.
-Original Message-
From: Nadav Har'El [mailto:[EMAIL PROTECTED]]
Sent: Monday, December 25, 2000 5:26 PM
To: Alon Oz
Subject: Re: ipchains
Sure
this.
| The person who show us this vulnerability didnt say where he found it. but
| we saw how he make it.
|
| Moran.
|
|
|
| -Original Message-
| From: Nadav Har'El [mailto:[EMAIL PROTECTED]]
| Sent: Monday, December 25, 2000 5:26 PM
| To: Alon Oz
| Subject: Re: ipchains
|
| Sure
On Mon, 25 Dec 2000, System1 wrote:
the first step is using udp sniffer.
after that you have tools you can find on the webto preform scans in the
network of the victim.
you must have direct connection to the user for that. (I think its ICQ
default).
Is that correct?
Then you can make sure
NH So what? Unless you have a completely-proxy-firewall (block
NH everything and allow only application proxies), whatever packets
NH you let through (be they http, ftp, or icq) carry the IP address
NH of the machine behind the firewall. But so what? If you use
I give you address of a machine
AO The ICQ protocol reveals the real IP of the computer running the client,
AO so even if you use GNU replacements it doesn't matter.
AO This "feature" opens a window for "crackers" to use various firewall
AO penetrating/piercing techniques.
If the computer is behind the firewall, most chances
Nadav Har'El wrote:
On Mon, Dec 25, 2000, Alon Oz wrote about "Re: ipchains":
The ICQ protocol reveals the real IP of the computer running the client,
so even if you use GNU replacements it doesn't matter.
So what? Unless you have a completely-proxy-firewall (block everything
S using ICQ remote attacker is able to make full port scan on networks behind
S the firewall.
How exactly one does that? Can you elaborate?
--
[EMAIL PROTECTED] \/ There shall be counsels taken
Stanislav Malyshev /\ Stronger than Morgul-spells
phone +972-3-9316425/\
AO But if icq.com(example) got my packet and know my "secret" intranet
AO addresses
Oh, yeah, those defined in top-secret RFC1918? 10.1.1.1? 10.10.1.1?
192.168.1.1? 172.16.1.1? Am I l33t haxx0r already?
Guess how many pings is it going to take me to know each
internet-accessible address on your
On 0, Ira Abramov [EMAIL PROTECTED] wrote:
On Sat, 22 Jan 2000, Subba Rao wrote:
I have several ipchain rules. One of them is:
ipchains -A input -i ppp0 -p TCP --destination-port 21 -l -j DENY
Why are these ipchains not doing any logging? I do have the -l option
from what
70 matches
Mail list logo
