On Sun, Nov 22, 2020 at 1:14 AM Nick Holland
wrote:
>
> On 2020-11-20 17:15, Erik Lauritsen wrote:
> > Is it recommended to run some kind of intrusion detection on an
> > OpenBSD router/firewall?
> >
> > I suspect that any kind of system like Snort or Suricat
> 22. nov. 2020 kl. 02:02 skrev Predrag Punosevac :
> OpenBSD is all about prevention and exploit mitigation. Code simplicity,
> correctness, and code audit are all examples of intrusion prevention
> methods. They don't sound very sexy :-) If you are super new to OpenBSD
>
On 2020-11-20 17:15, Erik Lauritsen wrote:
> Is it recommended to run some kind of intrusion detection on an
> OpenBSD router/firewall?
>
What do you mean by "some kind of intrusion detection" (IDS). At the
risk of sounding patronizing I would start by clarifying terminol
On 2020-11-20 17:15, Erik Lauritsen wrote:
> Is it recommended to run some kind of intrusion detection on an
> OpenBSD router/firewall?
>
> I suspect that any kind of system like Snort or Suricata will give a
> lot of false positives?
MY philosophy is it is much easier to ke
Is it recommended to run some kind of intrusion detection on an OpenBSD
router/firewall?
I suspect that any kind of system like Snort or Suricata will give a lot of
false positives?
Kind regards,
Erik
On 2017-06-19, Rui Ribeiro wrote:
> Depending on how "evil" the ISP is, or how you want to obfuscate your
> metadata, you might want to have a look at dnscrypt
> https://blog.ipredator.se/openbsd-dnscrypt-howto.html
Yes, that's an option, though it does just move your trust
Hi,
Depending on how "evil" the ISP is, or how you want to obfuscate your
metadata, you might want to have a look at dnscrypt
https://blog.ipredator.se/openbsd-dnscrypt-howto.html
On 18 June 2017 at 10:59, Stuart Henderson wrote:
> On 2017-06-17, Paul Suh
On 18/06/2017 10:59, Stuart Henderson wrote:
> On 2017-06-17, Paul Suh wrote:
>> Folks,=20
>>
>> My understanding of the way that this is done is by returning a CNAME =
>> when the ISP's DNS recursive DNS server would otherwise return a =
>> NXDOMAIN result, followed by a
Just for info:
So I rang Virgin to ask them to turn off their ANES for me (Advanced
Network Error Search). 2 phone calls, 57 minutes and 7 advisors later
they managed to find someone who knew what I was talking about. That's
why I don't phone them unless I see no option.
Now if I run with their
On 2017-06-17, Paul Suh wrote:
> Folks,=20
>
> My understanding of the way that this is done is by returning a CNAME =
> when the ISP's DNS recursive DNS server would otherwise return a =
> NXDOMAIN result, followed by a HTTP 302 when the browser attempts to =
> reach the
g to /etc/hosts for things which you want to "block" is fairly
> common practice but I've never been a huge fan.. For this case where
> you're just working around the ISP resolver hijacking NXDOMAIN
> responses I'd usually take the workaround of running my own local
> recursive DNS se
ed for it.
Adding to /etc/hosts for things which you want to "block" is fairly
common practice but I've never been a huge fan.. For this case where
you're just working around the ISP resolver hijacking NXDOMAIN
responses I'd usually take the workaround of running my own local
recursive
On Jun 16, 2017, at 9:32 PM, Joe Holden wrote:
>
> It is done by the VM dns servers, if you visit a domain that doesn't
> exist you should be directed to the advanced search page, there *should*
> be a link to disable it there, but if not login to your account and
>
On 17/06/17 09:27, Stuart Henderson wrote:
> On 2017-06-16, Maurice McCarthy wrote:
> > Ooops! ... Well, I moved the .Xauthority file aside and restarted X to
> > create a new one. Obviously it has one line with my hostname in it. But
> >
> > $ xauth list
> >
On 2017-06-16, Maurice McCarthy wrote:
> Ooops! ... Well, I moved the .Xauthority file aside and restarted X to
> create a new one. Obviously it has one line with my hostname in it. But
>
> $ xauth list
> fresh.yem/unix:0 MIT-MAGIC-COOKIE-1 ...
>
On 17/06/17 02:32, Joe Holden wrote:
> >
> > To Joe Holden,
> >
> > Thanks for the tip about NXDOMAIN queries. Don't see where to unset in
> > the router but I'm guessing the hosts file entry above should do the
> > same thing.
> >
> > I'll keep looking around to reassure myself anyhow
> >
>
08ed0926482c51f5cb386e28a0ea
>>>
>>>
>>> Virgin Media is my ISP. Is this an intrusion into my system please? I
>>> ran xauth remove ... just for the sake of it anyhow.
>>
>> well, even if it wasn't, you just posted the secret key to a public list, so
>> probably w
On 15/06/17 14:13, Ted Unangst wrote:
> Maurice McCarthy wrote:
> > Hi,
> >
> > $ xauth list
> > ...
> > advancedsearch.virginmedia.com:0 MIT-MAGIC-COOKIE-1
> > f3aa08ed0926482c51f5cb386e28a0ea
> >
> >
> > Virgin Media is my ISP. Is
Maurice McCarthy wrote:
> Hi,
>
> $ xauth list
> ...
> advancedsearch.virginmedia.com:0 MIT-MAGIC-COOKIE-1
> f3aa08ed0926482c51f5cb386e28a0ea
>
>
> Virgin Media is my ISP. Is this an intrusion into my system please? I
> ran xauth remove ... just for the s
82c51f5cb386e28a0ea
>>
>>
>> Virgin Media is my ISP. Is this an intrusion into my system please? I
>> ran xauth remove ... just for the sake of it anyhow.
>>
>> Thanks
>> Moss
>
>
> Maybe. Are there other hints in the system log files, history files around
>
On Thu, Jun 15, 2017 at 9:12 AM Maurice McCarthy <mansel...@gmail.com>
wrote:
> Hi,
>
> $ xauth list
> ...
> advancedsearch.virginmedia.com:0 MIT-MAGIC-COOKIE-1
> f3aa08ed0926482c51f5cb386e28a0ea
>
>
> Virgin Media is my ISP. Is this an intrusion into my sy
Hi,
$ xauth list
...
advancedsearch.virginmedia.com:0 MIT-MAGIC-COOKIE-1
f3aa08ed0926482c51f5cb386e28a0ea
Virgin Media is my ISP. Is this an intrusion into my system please? I
ran xauth remove ... just for the sake of it anyhow.
Thanks
Moss
Hello
I have a ftpd server OBSD-4.9, and i found this:
# last
ftp ftp 62.234.84.203.hostway.com.au Thu May 12 12:40 -
12:40 (00:00) --(it is not me)
Could it means that i have an intrusion in the server?
Where should i see? and what should i care, please?
# ls -laR /home
2011/5/12 fqui nonez fquinon...@gmail.com:
Hello
I have a ftpd server OBSD-4.9, and i found this:
# last
ftp ftp 62.234.84.203.hostway.com.au Thu May 12 12:40 -
12:40 (00:00) --(it is not me)
Could it means that i have an intrusion in the server?
Where should i see
For our Windows/Solaris/Linux servers, we've had PWC say that they're
qualified and able to do post-intrusion forensics on our server(s).
I'm told this will go a long way in making everyone in our company as
well as our customers feel better. Partly because it's an outside
party verification
On Thu, May 08, 2008 at 09:02:48AM -0600, Chris Cameron wrote:
For our Windows/Solaris/Linux servers, we've had PWC say that they're
qualified and able to do post-intrusion forensics on our server(s).
I'm told this will go a long way in making everyone in our company as
well as our customers
26 matches
Mail list logo