2014/08/30 12:20 Eric Furman ericfur...@fastmail.net:
grc.*** (because I don't want any more googgle weight given to
this website) and the person who runs it, whose name shall
not be mentioned other than his initials are SG, is a complete
fraud.
The first two paragraphs didn't seem too bad.
On Tue, Aug 19, 2014 at 03:24:08AM -0400, Todd Zimmermann wrote:
Just off the top my head a few links:
www.team-cymru.org
https://www.dshield.org
http://emergingthreats.net/
https://www.grc.com/dns/dns.htm
I stumbled upon malheur awhile back. No idea what to do with it, but
it compiles
grc.*** (because I don't want any more googgle weight given to
this website) and the person who runs it, whose name shall
not be mentioned other than his initials are SG, is a complete
fraud.
On Fri, Aug 29, 2014, at 08:37 PM, Scott Bonds wrote:
On Tue, Aug 19, 2014 at 03:24:08AM -0400, Todd
* Scott Bonds sc...@ggr.com [2014-08-19 02:28]:
The funny thing is that I have a book on Snort on my reading list. Time
to read it.
or you use the time for something useful instead.
did I say snake oil? ewps.
--
Henning Brauer, h...@bsws.de, henn...@openbsd.org
BS Web Services GmbH,
OpenBSD has always rocked for providing very current versions of
snort. barnyard2 compiles cleanly on obsd.
The funny thing is that I have a book on Snort on my reading list. Time
to read it. I'll checkout barnyard2 as well
There is a learning curve for sure. It's not something that most can
On 2014-08-15, Scott Bonds sc...@ggr.com wrote:
I thought I was being reasonably careful: ssh disabled for root,
key-only login on my admin account, following stable, etc...then again,
I'm running owncloud and a bunch of other (no doubt less secure)
software. Perhaps I should separate the
On Fri, Aug 15, 2014 at 5:53 PM, Josh Grosse j...@jggimi.homeip.net wrote:
On 2014-08-15 10:39, Scott Bonds wrote:
...I'm running owncloud and a bunch of other (no doubt less secure)
software
On June 29, there was a 5.5-stable update to www/owncloud to release 6.0.4
to fix a security
On 16-08-14 08:22, Joel Rees wrote:
On Fri, Aug 15, 2014 at 11:39 PM, Scott Bonds sc...@ggr.com wrote:
[...]
Perhaps I should separate the router and 'everything else'
roles, so that the router only has builtin OpenBSD software on it, no
packages.
Strongly encourage you to get a separate box
On Sat, Aug 16, 2014 at 02:34:21AM -0400, Todd Zimmermann wrote:
Lots of good stuff in base and the ports collection. mtree can be
extended to check file integrity for anything you've modified and
other local stuff (something I need to do).
thanks, mtree is neat, glad to know about it
On Sat, Aug 16, 2014 at 1:52 AM, Scott Bonds sc...@ggr.com wrote:
On Fri, Aug 15, 2014 at 10:50:55AM -0500, Adam Thompson wrote:
While a long way from perfect, tools such as chkrootkit and rkhunter
might shed some light on your situation.
As Giancarlo said, check every machine that's closely
On Fri, Aug 15, 2014 at 11:39 PM, Scott Bonds sc...@ggr.com wrote:
[...]
Perhaps I should separate the router and 'everything else'
roles, so that the router only has builtin OpenBSD software on it, no
packages.
Strongly encourage you to get a separate box to run the router and
firewall on.
Yeah it sucks, the miscreants run 24/7 365. My guess is home systems
are targeted a lot because there's only an 'IT Dept' of one.
Lots of good stuff in base and the ports collection. mtree can be
extended to check file integrity for anything you've modified and
other local stuff (something I need
On Sat, Aug 16, 2014 at 15:22, Joel Rees wrote:
On Fri, Aug 15, 2014 at 11:39 PM, Scott Bonds sc...@ggr.com wrote:
[...]
Perhaps I should separate the router and 'everything else'
roles, so that the router only has builtin OpenBSD software on it, no
packages.
Strongly encourage you to get
Ok, thanks for confirming (and Chris and Adam). And while I have you
here, thank you for all of your contributions to OpenBSD, its amazing to
me the scope and quality of what y'all have built.
I thought I was being reasonably careful: ssh disabled for root,
key-only login on my admin account,
On 15-08-2014 11:39, Scott Bonds wrote:
I thought I was being reasonably careful: ssh disabled for root,
key-only login on my admin account, following stable, etc...then again,
I'm running owncloud and a bunch of other (no doubt less secure)
software. Perhaps I should separate the router and
On Fri, Aug 15, 2014 at 11:42:32AM -0300, Giancarlo Razzolini wrote:
Don't forget to check your own machine, not just your OpenBSD server.
It's more often than not the point of origin of the attack. If your
machine is compromised, reinstalling your server won't do anything,
since they'll
On 14-08-15 10:01 AM, Scott Bonds wrote:
I'm running OpenBSD 5.5-stable on my laptop as well. My laptop isn't
running any public services AFAIK...I've configured the ones I'm running
on it (like unbound) to only respond to local requests. Then again, I
haven't tested those ports from another
On 2014-08-15 10:39, Scott Bonds wrote:
...I'm running owncloud and a bunch of other (no doubt less secure)
software
On June 29, there was a 5.5-stable update to www/owncloud to release
6.0.4 to fix a security issue.
If you are looking for possible attack surfaces, this may have been
On June 29, there was a 5.5-stable update to www/owncloud to release
6.0.4 to fix a security issue.
The developers annoucement, from the webpage for this thingie ( i
don't know what the hell this software is doing):
--
Yeah, you were screwed!
On Fri, Aug 15, 2014 at 10:50:55AM -0500, Adam Thompson wrote:
While a long way from perfect, tools such as chkrootkit and rkhunter
might shed some light on your situation.
As Giancarlo said, check every machine that's closely interconnected, not
just the one compromised server you've noticed.
previously on this list Scott Bonds contributed:
I'm running OpenBSD 5.5-stable on my laptop as well. My laptop isn't
running any public services AFAIK...I've configured the ones I'm running
on it (like unbound) to only respond to local requests. Then again, I
haven't tested those ports
On 2014-08-15 12:38, Mihai Popescu wrote:
On June 29, there was a 5.5-stable update to www/owncloud to release
6.0.4 to fix a security issue.
The developers annoucement, from the webpage for this thingie ( i
don't know what the hell this software is doing):
--
Yeah, you were
Before I blocked all of China, I saw something very similar on an ssh
honeypot I run.
Every few hours or so, I'd get the following:
http://sprunge.us/OGfE
Seemed totally automated.
J. Stuart McMurray
On Fri, Aug 15, 2014 at 1:51 PM, Josh Grosse j...@jggimi.homeip.net wrote:
On 2014-08-15
I run an OpenBSD 5.5-stable amd64 server at home. Email, web, etc. Today
I was doing some maintenance and I found my way to /etc/rc.local. When I
opened it I saw this:
$ cat rc.local
# $OpenBSD: rc.local,v 1.44 2011/04/22 06:08:14 ajacoutot Exp $
# Site-specific startup actions, daemons,
Scott Bonds [sc...@ggr.com] wrote:
I run an OpenBSD 5.5-stable amd64 server at home. Email, web, etc. Today
...
$ file dsfrefr dsfrefr: ELF 32-bit LSB executable, Intel 80386, version
...
So...have I been p0wned or does anyone know what innocent thing might be
happening here? Please CC
On 14-08-14 07:54 PM, Scott Bonds wrote:
So...have I been p0wned or does anyone know what innocent thing might be
happening here?
I think you already know the answer, unless you've done something very,
very strange back in April.
However, it could be said that the 3rd party here isn't
On Thu, Aug 14, 2014 at 17:54, Scott Bonds wrote:
So...have I been p0wned or does anyone know what innocent thing might be
happening here? Please CC sc...@ggr.com on any replies, as I'm not
subscribed to updates from the list.
Bad news: yeah. They appear to have screwed up their rootkit by
27 matches
Mail list logo
