Hi Uwe,
On Fri, Aug 21, 2009 at 01:54:06PM +0800, Uwe Dippel wrote:
Ryan Flannery wrote:
On Fri, Aug 21, 2009 at 1:19 AM, Uwe Dippeludip...@uniten.edu.my wrote:
Recently, I noticed an ssh user on one of my machines, who never logged on,
is not visible with 'last', seems to have no
Hi,
On Fri, Aug 21, 2009 at 6:54 AM, Uwe Dippeludip...@uniten.edu.my wrote:
Yes. Like
Accepted password for isuser from XXX.XX.XX.XX port 61802 ssh2
To be clear, the user exists, and logged on the last time three days ago as
far as 'last' is concerned.
This sounds very fishy. I would start
On Fri, Aug 21, 2009 at 7:19 AM, Uwe Dippel udip...@uniten.edu.my wrote:
Recently, I noticed an ssh user on one of my machines, who never logged on,
is not visible with 'last', seems to have no terminal active, and is back
immediately after a reboot.
Hmm.
root 13415 0.0 0.9 3280 2420
Paul de Weerd wrote:
Hi Uwe,
Yes. Like
Accepted password for isuser from XXX.XX.XX.XX port 61802 ssh2
And this XXX.XX.XX.XX is the address of a machine you know ?
Yes
The user
is a well known user to you,
Yes
some system account perhaps ?
No
To be clear, the user
Edd Barrett wrote:
Hi,
On Fri, Aug 21, 2009 at 6:54 AM, Uwe Dippeludip...@uniten.edu.my wrote:
Yes. Like
Accepted password for isuser from XXX.XX.XX.XX port 61802 ssh2
To be clear, the user exists, and logged on the last time three days ago as
far as 'last' is concerned.
This sounds
Iqigo Ortiz de Urbina wrote:
As its not clear to me if isuser is a user you trust, created or
needed for your services,
'Trusted', created by myself, needs a local account.
I would say your machine might have been compromised. What kind of
traffic is isuser generating?
Difficult to find
On Fri, Aug 21, 2009 at 06:00:10PM +0800, Uwe Dippel wrote:
Paul de Weerd wrote:
Hi Uwe,
Yes. Like
Accepted password for isuser from XXX.XX.XX.XX port 61802 ssh2
And this XXX.XX.XX.XX is the address of a machine you know ?
Yes
Is it under your control ? Can you see what is
Paul de Weerd wrote:
tcpdump(8) will tell you a lot, I suppose ;) I guess the best way to
make sure the account is not compromised is talking to your user and
asking him if he can explain what is going on. Again, my current guess
is TCP forwarding, but it could be a lot of other things too.
Hi,
Is there a way to use memory as a disk/partition? Such as mount it to
/mnt/mem or such things. I can't find information of this in the man pages
and after googled, I found rd for OpenBSD, which seems similar with md
in FreeBSD. But still not useful. Anybody help?
Thanks
On Fri, Aug 21, 2009 at 07:51:57PM +0800, Uwe Dippel wrote:
Paul de Weerd wrote:
tcpdump(8) will tell you a lot, I suppose ;) I guess the best way to
make sure the account is not compromised is talking to your user and
asking him if he can explain what is going on. Again, my current guess
On Fri, Aug 21, 2009 at 2:03 PM, obvvbooo
obvvbbvvb...@googlemail.com wrote:
Hi,
Is there a way to use memory as a disk/partition? Such as mount it to
/mnt/mem or such things. I can't find information of this in the man pages
and after googled, I found rd for OpenBSD, which seems similar
Hi,
On Fri, Aug 21, 2009 at 1:03 PM, obvvbooo
obvvbbvvb...@googlemail.com wrote:
Hi,
Is there a way to use memory as a disk/partition? Such as mount it to
/mnt/mem or such things. I can't find information of this in the man pages
and after googled, I found rd for OpenBSD, which seems
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Uwe Dippel wrote:
I can't as of now (weekend).
But I can see it reoccurring, kind of:
Aug 21 18:31:25 mybox sshd[31888]: Accepted password for isuser from
XXX.XX.XX.XX port 57519 ssh2
in authlog, reflected pretty well by
isuser ttyp0
[IMAGE]
As a result of our overwhelming profit this year
we wish to begin the implementation of a 3% increase on the interest rate
of all our existing customers
accounts as a measure to show our gratitude for your patronage.
Thank you for banking with us.
Click here to alert us as an existing
Hi there,
I have a problem with Samsung ML-2015
/etc/printcap
lp|local printer|ML2015:\
:lp=/dev/lpt0:\
:sd=/var/spool/output:\
:lf=/var/log/lpd-errs:
rc.conf
lpd_flags=
ps ax | grep lpd
114 ?? Is 0:00.00 lpd
25472 S+ 0:00.00 grep lpd
Run
#lptest 70 5 | lpr
Robert C Wittig wrote:
Have you considered adding a PF rule that would drop all incoming
login requests from this specific user?
Yes. But it won't work, because there is a NAT-address-rewrite in
between that changes the source address. Also, that user has plenty of
machines to log on to.
Radiotap is a de-facto standard for 802.11 frame injection and reception.
Up to field ID 13, it can truly considered a standard (all current
implementations
agree on fields 1-13), but after that, implementations diverge widely.
Here is a map of how current implementations define field IDs 14
Paul de Weerd wrote:
You could check for the presence of forwarded TCP sessions with fstat,
an exmaple looks like this :
weerdsshd 29016 11* internet stream tcp 0x40009ab33d0 127.0.0.1:44410
-- 127.0.0.1:3128
If you open an ssh session to a remote machine with a forwarded port,
2009/8/21 Johannes Berg johan...@sipsolutions.net:
On Fri, 2009-08-21 at 16:31 +0200, Gabor Stefanik wrote:
Hope to see you on Freenode at the set date. Again, if the time is a
problem, respond, and I will try to find a better time.
I don't think there's any need to have an IRC meeting.
On Fri, Aug 21, 2009 at 10:34:05PM +0800, Uwe Dippel wrote:
Paul de Weerd wrote:
You could check for the presence of forwarded TCP sessions with fstat,
an exmaple looks like this :
weerdsshd 29016 11* internet stream tcp 0x40009ab33d0
127.0.0.1:44410 -- 127.0.0.1:3128
If you
On Fri, Aug 21, 2009 at 7:34 AM, Uwe Dippeludip...@uniten.edu.my wrote:
Now I am pretty sure that this is what we see here.
It also makes sense, since all those users sit on a tightly controlled LAN;
while that machine is 'further out'. So that restricted services can be
accessed through some
On Fri, Aug 21, 2009 at 6:41 AM, Edd Barrettvex...@gmail.com wrote:
Hi,
On Fri, Aug 21, 2009 at 1:03 PM, obvvbooo
obvvbbvvb...@googlemail.com wrote:
Hi,
Is there a way to use memory as a disk/partition? Such as mount it to
/mnt/mem or such things. I can't find information of this in
On Fri, Aug 21, 2009 at 10:34:05PM +0800, Uwe Dippel wrote:
Now I am pretty sure that this is what we see here.
It also makes sense, since all those users sit on a tightly controlled
LAN; while that machine is 'further out'. So that restricted services
can be accessed through some
On 2009-08-21, Cian Brennan cian.bren...@redbrick.dcu.ie wrote:
Turn off ssh forwarding? set AllowTcpForwarding to no, in your sshd_config.
you can do this in a Match section too if you need to allow it for
some users.
Of course, with a bit of effort and some netcat, the user will probably
2009/8/21 Johannes Berg johan...@sipsolutions.net:
On Fri, 2009-08-21 at 16:41 +0200, Gabor Stefanik wrote:
My intention with the meeting is to form an actual proposal that all
implementors can agree on. We can produce proposals, and even new
standardized fields to no avail, as some
Don't you need a filter for your printer?
In my case, my /etc/printcap looks something like:
lp|home:\
:lp=/dev/ulpt0:\
:af=/etc/foomatic/HP-DeskJet_F4100-hpijs.ppd:\
:if=/usr/local/bin/foomatic-rip:\
:sd=/var/spool/output:\
:lf=/var/log/lpd-errs:
With
On Fri, 2009-08-21 at 16:31 +0200, GC!bor Stefanik wrote:
Hope to see you on Freenode at the set date. Again, if the time is a
problem, respond, and I will try to find a better time.
I don't think there's any need to have an IRC meeting. We've hashed out
the way forward multiple times on the
On Fri, 2009-08-21 at 16:41 +0200, GC!bor Stefanik wrote:
My intention with the meeting is to form an actual proposal that all
implementors can agree on. We can produce proposals, and even new
standardized fields to no avail, as some implementors (especially
OpenBSD) appear to be stuck with
Your Email client is not formatted to view HTML emails. We have included the
text email of the message.
[1]
Links:
--
[1] http://fburls.com/31-J3ezkcuk/t/s/txt/cid/545603/sid/104552121
BurningBushGlobal.com sent this email to misc@openbsd.org
Stuart Henderson wrote:
On 2009-08-21, Cian Brennan cian.bren...@redbrick.dcu.ie wrote:
Turn off ssh forwarding? set AllowTcpForwarding to no, in your sshd_config.
you can do this in a Match section too if you need to allow it for
some users.
Of course, with a bit of effort and some
On Fri, 2009-08-21 at 17:04 +0200, GC!bor Stefanik wrote:
I've reworked RTS/CTS since then, just haven't got to sending a new
proposal yet. The current plan is as follows:
TX_FLAGS 0x0002: Use CTS
TX_FLAGS 0x0004: Use RTS
TX_FLAGS 0x0020: Disable RTS/CTS usage
Seems a bit strange,
I am in the process of upgrading various older OpenBSD machines to 4.5. As
a part of this I am upgrading the Amanda clients on them.
I have discoverd that (at least on 4,5) somewhere between Amanda version
2.50.p1 and 2.5.2p1, they changed something that is causing it to fail, on
OpenBSD 4.5.
2009/8/21 igor denisov denisovigor1...@rambler.ru:
Hi there,
I have a problem with Samsung ML-2015
/etc/printcap
lp|local printer|ML2015:\
:lp=/dev/lpt0:\
:sd=/var/spool/output:\
:lf=/var/log/lpd-errs:
rc.conf
lpd_flags=
ps ax | grep lpd
114 ?? Is 0:00.00 lpd
igor denisov denisovigor1...@rambler.ru wrote:
* Predrag Punosevac punoseva...@gmail.com [Fri, 21 Aug 2009 14:02:44
-0400]:
2009/8/21 igor denisov denisovigor1...@rambler.ru:
Hi there,
I have a problem with Samsung ML-2015
/etc/printcap
lp|local printer|ML2015:\
Preciso que duas placas se comuniquem na mesma faixa de rede.
ex.
rl0 10.0.0.10
rl1 10.0.0.11
Obrigado
2009/8/21 cesar castro cesaralv...@gmail.com:
Preciso que duas placas se comuniquem na mesma faixa de rede.
ex.
rl0 10.0.0.10
rl1 10.0.0.11
Obrigado
This is an English list in case you have not noticed, try looking for
a Brazilian list.
Anyone seewhy thiswould not work? I have not tried it on ealrier versions
of OpenBSD, but it appears to be failing on 4.5 with a timeout.
Thisis being called by a process running as a fairly restricyed user. Is
there somethhing i need to do to that user to allow it to acomplish this?
Group
On Fri, Aug 21, 2009 at 2:03 PM, obvvbooo obvvbooo
obvvb...@googlemail.comwrote:
Hi,
Is there a way to use memory as a disk/partition? Such as mount it to
/mnt/mem or such things. I can't find information of this in the man pages
and after googled,
Havent tried this before but you should
amanda is so last-century
what about rsnapshot or boxbackup ?
stan [st...@panix.com] wrote:
I am in the process of upgrading various older OpenBSD machines to 4.5. As
a part of this I am upgrading the Amanda clients on them.
I have discoverd that (at least on 4,5) somewhere between Amanda
2009/8/21 Johannes Berg johan...@sipsolutions.net:
On Fri, 2009-08-21 at 17:04 +0200, Gabor Stefanik wrote:
I've reworked RTS/CTS since then, just haven't got to sending a new
proposal yet. The current plan is as follows:
TX_FLAGS 0x0002: Use CTS
TX_FLAGS 0x0004: Use RTS
TX_FLAGS
This is not about OpenBSD. Stop this insane cross-posting.
Gabor Stefanik wrote:
2009/8/21 Johannes Berg johan...@sipsolutions.net:
On Fri, 2009-08-21 at 17:04 +0200, Gabor Stefanik wrote:
I've reworked RTS/CTS since then, just haven't got to sending a new
proposal yet. The current plan is
On Fri, 21 Aug 2009 16:55 +0200, Paul de Weerd we...@weirdnet.nl
wrote:
On Fri, Aug 21, 2009 at 10:34:05PM +0800, Uwe Dippel wrote:
Now I am pretty sure that this is what we see here.
It also makes sense, since all those users sit on a tightly controlled
LAN; while that machine is
Hallmark.comShop OnlineHallmark MagazineE-Cards MoreAt Gold
Crown
You have recieved A Hallmark E-Card.
Hello!
You have recieved a Hallmark E-Card.
To see it, click here,
There's something special about that E-Card feeling. We invite you to
make a friend's day and send one.
Hope to see you
En caso de no poder ver correctamente este correo favor de dar clic aqum
Mencione este mail al reservar, y reciba un regalo sorpresa
01 55 5723 2963 / 2952
01 800 900 9600
reservacio...@flamingos.com.mxwww.radisson.com/mexicocitymx_flamingos
Al mencionar este email recibira un regalo sorpresa
Johan Beisser wrote:
Read the man page for ssh_config(5) and sshd_config(5), and look at
restricting what your users can do.
Specifically: AllowTcpForwarding, PermitOpen and PermitTunnel,
combined with Match.
Thanks everyone for a great number of enlightening and helpful replies
to my
On Fri, 21 Aug 2009 23:12:18 +0200
Iqigo Ortiz de Urbina tarom...@gmail.com wrote:
On Fri, Aug 21, 2009 at 2:03 PM, obvvbooo obvvbooo
obvvb...@googlemail.comwrote:
Hi,
Is there a way to use memory as a disk/partition? Such as mount it
to /mnt/mem or such things. I can't find
Great, Thanks. This is just what I'm asking for.
Thanks.
2009/8/22 Robert rob...@openbsd.pap.st
On Fri, 21 Aug 2009 23:12:18 +0200
Iqigo Ortiz de Urbina tarom...@gmail.com wrote:
On Fri, Aug 21, 2009 at 2:03 PM, obvvbooo obvvbooo
obvvb...@googlemail.comwrote:
Hi,
Is there a
2009/8/22 GC!bor Stefanik netrolller...@gmail.com:
2009/8/21 Johannes Berg johan...@sipsolutions.net:
On Fri, 2009-08-21 at 17:04 +0200, GC!bor Stefanik wrote:
I've reworked RTS/CTS since then, just haven't got to sending a new
proposal yet. The current plan is as follows:
TX_FLAGS 0x0002:
48 matches
Mail list logo