On Aug 5, 2011 12:50 PM, "Walter Hurry" wrote:
>
> On Fri, 05 Aug 2011 13:31:37 -0400, shawn wilson wrote:
> > imo, meaningless
>
> Of that I have little doubt. As I said, I was just curious.
>
> By the way, my router is just a cheap home DLink unit, not anything
> running any special software. So
On Fri, 05 Aug 2011 13:31:37 -0400, shawn wilson wrote:
> imo, meaningless
Of that I have little doubt. As I said, I was just curious.
By the way, my router is just a cheap home DLink unit, not anything
running any special software. So I don't set the "rules" - just tell it
as part of the norma
On Fri, Aug 5, 2011 at 13:03, Walter Hurry wrote:
> On Fri, 05 Aug 2011 11:59:51 -0400, shawn wilson wrote:
>
>> 1. How are you figuring the source country? If you're looking at the ip
>> in the handshake and comparing this to a db of ip / country, you're only
>> looking at half of the story. If y
On Fri, 05 Aug 2011 11:59:51 -0400, shawn wilson wrote:
> 1. How are you figuring the source country? If you're looking at the ip
> in the handshake and comparing this to a db of ip / country, you're only
> looking at half of the story. If you're a bit smarter and have a list of
> border routers t
Walter Hurry writes:
> Am I to infer then, that it is likely than a fair proportion of these
> do not emanate directly from the hacker, but from a bot on an innocent
> bystander's box which has been compromised?
A "fair proportion" as in 99+%.
--
John Hasler
--
To UNSUBSCRIBE, email to debian-
source
country, this is probably better.
2. You didn't specify in simple t> On Fri, 05 Aug 2011 12:29:02 +,
Walter Hurry wrote:
>
>> More out of curiosity than paranoia, I have carried out a small
>> geographical analysis of rejected "intrusion attempts" at my
h
>> legal and not so legal business...
>
> Ah, thanks. You mention "malware bots". Am I to infer then, that it is
> likely than a fair proportion of these do not emanate directly from the
> hacker, but from a bot on an innocent bystander's box which has been
> compr
On Fri, 05 Aug 2011 14:34:42 +, Camaleón wrote:
>> China|483 United Kingdom |
>> 455 Russian Federation |167 Germany |
>> 74
>> Spain| 68
>
> Hey, I'm there (Spain) :-P
>
> My e-mai
On Fri, 05 Aug 2011 12:29:02 +, Walter Hurry wrote:
> More out of curiosity than paranoia, I have carried out a small
> geographical analysis of rejected "intrusion attempts" at my home router
> (this consists of dropped TCP packets and ICMP (ping) requests).
Intere
On Fri, 05 Aug 2011 12:29:02 +, Walter Hurry wrote:
> More out of curiosity than paranoia, I have carried out a small
> geographical analysis of rejected "intrusion attempts" at my home router
Sorry for the formatting, but I think it's just about legible, so I won&#
16 May 2011 Monday 7:28 P.M. Singapore Time
For Immediate Release
SINGAPORE, SINGAPORE - Singapore Citizen Mr. Teo En Ming (Zhang
Enming) would like to report first hand account of mind intrusion
and mind reading. I have been hearing voices for quite some time
now but I have not been able to
On 2008-10-29 17:16, David Bernier wrote:
> I got an email today from a list that I never subscribed to. The message
> body and headers were
> refused by Debian Users list because of some Javascript. The end part
> appears below...
[snip quotation of spam mail]
This is a phenomenon called spam [1
> David Bernier wrote:
>>
>
> I got an email today from a list that I never subscribed to. The message
> body and headers were
> refused by Debian Users list because of some Javascript. The end part
> appears below...
Sounds like run-of-the-mill spam.
To run a secure system, it's important to be
> -Mensaje original-
> De: Osamu Aoki [mailto:[EMAIL PROTECTED]
> Enviado el: Miércoles, 29 de Octubre de 2008 08:53 a.m.
> Para: David Bernier
> CC: debian-user@lists.debian.org
> Asunto: Re: intrusion detection
>
> Hi,
>
> On Tue, Oct 28, 2008 at 0
ch caused to creaye such thing. ...
So I took a test-drive of Ubuntu 8.04 Live CD, and then did a complete
reinstall. Now, I'm using Ubuntu and the firestarter firewall.
I'd like to know about ideas for security, including for example
intrusion-detection systems.
If you are playing wi
Celejar escribió:
On Wed, 29 Oct 2008 22:00:30 +0630
David Bernier <[EMAIL PROTECTED]> wrote:
...
The Gnome system monitor now shows incoming traffic at 4 kB/sec every 20
seconds. Maybe
this is when my computer contacts an SNTP server ( simple network time
protocol).
Would a package
On Wed, 29 Oct 2008 22:00:30 +0630
David Bernier <[EMAIL PROTECTED]> wrote:
...
> The Gnome system monitor now shows incoming traffic at 4 kB/sec every 20
> seconds. Maybe
> this is when my computer contacts an SNTP server ( simple network time
> protocol).
>
> Would a package such as etherea
David Bernier escreveu:
> Would a package such as ethereal tell me what this traffic is?
>
Yes (and all other traffic happening in the machine).
There's also the netstat command, but if the connection is opened and
closed quickly it may be hard to catch it.
--
Eduardo M Kalinowski
[EMAIL PRO
ch caused to creaye such thing. ...
So I took a test-drive of Ubuntu 8.04 Live CD, and then did a complete
reinstall. Now, I'm using Ubuntu and the firestarter firewall.
I'd like to know about ideas for security, including for example
intrusion-detection systems.
If you are playi
mouse which caused to creaye such thing. ...
> So I took a test-drive of Ubuntu 8.04 Live CD, and then did a complete
> reinstall. Now, I'm using Ubuntu and the firestarter firewall.
>
> I'd like to know about ideas for security, including for example
> intrusion-detect
Douglas A. Tutty wrote:
On Tue, Oct 28, 2008 at 03:37:05PM +, Sam Kuper wrote:
2008/10/28 David Bernier <[EMAIL PROTECTED]>
I'd like to know about ideas for security, including for example
intrusion-detection systems.
I recently read Linux Fire
On Tue, Oct 28, 2008 at 03:37:05PM +, Sam Kuper wrote:
> 2008/10/28 David Bernier <[EMAIL PROTECTED]>
> >
> > I'd like to know about ideas for security, including for example
> > intrusion-detection systems.
> >
>
> I recently read Linux Firewal
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> In the host-based category, I'm aware of two -- there's the
> samhain/yule/beltane family, which are really one intrustion
> detection apparatus. Samhain is the daemon that runs on the
> clients being monitored, yule is the server that maintains
Andrew Reid wrote:
On Tuesday 28 October 2008 11:25, David Bernier wrote:
Dear Debian users,
Now, I'm using Ubuntu and the firestarter firewall.
I'd like to know about ideas for security, including for example
intrusion-detection systems.
There are (at least) two kind
On Tuesday 28 October 2008 11:25, David Bernier wrote:
> Dear Debian users,
>
> Now, I'm using Ubuntu and the firestarter firewall.
>
> I'd like to know about ideas for security, including for example
> intrusion-detection systems.
There are (at least) two kinds
David Bernier wrote:
[ .. ]
I'd like to know about ideas for security, including for example
intrusion-detection systems.
Usually a properly configured iptables should do but if you want maybe
extra protection I guess you should start with snort.
--
en0f
--
To UNSUBSCRIBE,
2008/10/28 David Bernier <[EMAIL PROTECTED]>
>
> I'd like to know about ideas for security, including for example
> intrusion-detection systems.
>
I recently read Linux Firewalls <http://www.nostarch.com/firewalls_mr.htm> ,
and can recommend it. I'm sure there a
ask for that. Same sound from stereo playing Redbook format
audio CD
and the *.ogg file on the hard drive ...
So I took a test-drive of Ubuntu 8.04 Live CD, and then did a complete
reinstall. Now, I'm using Ubuntu and the firestarter firewall.
I'd like to know about ideas for se
I found this to be an intriguing read. I'm not sure just
how practical it is, but it is intriguing. It reminds me
of some tools I used 'way back when which plotted the
address bus on an oscilloscope, used for profiling/instrumenting
code for purposes of optimization. X and Y were the outputs
of th
On 2005-05-02, Robert S penned:
>
>> - never use the same email addy ( john ) as your any of your
>> loginID ( john ) .. one of it should be "jsmith" or some other
>> non-guessible loginid ... and aliase [EMAIL PROTECTED] in your
>> /etc/alias files back to j1z3k5 so that j1z3k5 can
>> read/del
> - sniff any/all of the emails and follow that email into the server
> and try to guess their passwords
I'm particularly concerned that spammers can find out valid email accounts
on our system. From what you say it looks as if that's unavoidable unless I
take elaborate precautions.
Currently
On Mon, 2 May 2005, Robert S wrote:
> There seem to be bursts of this sort of activity every day or two, from
> different addresses.
good .. consider it a free server audit by script kiddies
> What concerns me is that the attackers seem to be able to retrieve the names
> of users on my system
Today I found hundreds of the following in my /var/log/auth.log:
May 2 08:12:01 debian sshd[16918]: Could not reverse map address
64.132.35.43.
May 2 08:12:04 debian sshd[16920]: Could not reverse map address
64.132.35.43.
May 2 08:12:06 debian sshd[16922]: Could not reverse map address
64.1
Hello.
Today I found one of my servers (Woody on an uml kernel) was down.
It's in another country, but I can admin it remotely. I rebooted it
(uml lets you do that), and found a couple of strange things.
- AIDE tells me all /dev and some tty devices were created right
before the server crashe
Original Message
Subject: Re: intrusion detection / logfile reporter
Date: Sat, 10 Nov 2001 00:24:34 -0800 (PST)
From: Alvin Oga <[EMAIL PROTECTED]>
To: "Timo Boewing" <[EMAIL PROTECTED]>
CC: "Debian User (en)"
hi timo
i like to ask mor
hi timo
i like to ask more detailed stuff...
here's some simpler answers...
- as others have said, download and install logcheck or equivalent
-- Debian security howto
http://www.debian.org/doc/manuals/securing-debian-howto/
-- patch your kernel
- add libsafe, ow1, etc
"Timo Boewing" <[EMAIL PROTECTED]> writes:
> Stephen E. Hargrove wrote:
>
> > http://www.psionic.com/ has some good stuff - logcheck, portsentry
> > and
>
> > hostsentry.
> >
>
>
> Hello Stephen,
>
> Hey, that was *exactly* what i was looking for. When i have time, i
> will try these packages
Thus spake Timo Boewing:
>
> Hello all,
>
> I have some questions regarding system security. Besides of doing
> filtering with IP tables, disabling inet.d services like telnet, r-tools
> etc. and setting some general denials in /etc/hosts.deny (plus some
> other stuff like changing default po
Stephen E. Hargrove wrote:
http://www.psionic.com/ has some good stuff - logcheck, portsentry and
hostsentry.
Hello Stephen,
Hey, that was *exactly* what i was looking for. When i have time, i will
try these packages. When i am done, i will let the list know about my
experiences; if anyon
* Timo Boewing ([EMAIL PROTECTED]) spake thusly:
>
> Especially, I am looking for a not-too-paranoid-to-setup-tool that can
> review my logfiles and report me via beep and/or local mail that it
> found something unusual in a log. Does anyone know of such a tool?
http://www.psionic.com/ has som
Hello all,
I have some questions regarding system security. Besides of doing
filtering with IP tables, disabling inet.d services like telnet, r-tools
etc. and setting some general denials in /etc/hosts.deny (plus some
other stuff like changing default ports of some demons like sshd), I am
loo
On 4 Feb 2001, John Hasler wrote:
> mgriffa writes:
> > yes, I know, but is my home network, and I have no space for too many
> > monitors...
>
> Have you never heard of ssh?
>
Yes, I have to confess. It was a RH firewall, and now I'm migrating my
home net to debian, so I dedicated a total of les
mgriffa writes:
> yes, I know, but is my home network, and I have no space for too many
> monitors...
Have you never heard of ssh?
--
John Hasler
[EMAIL PROTECTED]
Dancing Horse Hill
Elmwood, Wisconsin
On Sat, 3 Feb 2001, Jonathan D. Proulx wrote:
> On Sat, Feb 03, 2001 at 08:47:26PM -0300, [EMAIL PROTECTED] wrote:
> :
> :It was already a dedicated firewall. The box runs telnetd (only for
> :192.168.1.x), squid and ipchains.
>
> telnetd on a firewall!
yes, I know, but is my home network, and I
replaced inetd for xinetd. took off services I didnt't use (It
>was left all default, as I installed in a rush), and now I'd like a good
>intrusion detection system.
snort works. ippl, portsentry are some good "pre-IDS"es...
> I'd like to hear about any
Jon:
--- "Jonathan D. Proulx" <[EMAIL PROTECTED]> wrote:
> On Sat, Feb 03, 2001 at 06:56:01PM -0800, Bill
> Barnes wrote:
> :
> :Take a look at www.coyotelinux.com.
> :My $50 16M 486 has been up since July 24/7.
> :
> :Bill
>
> Perhaps you meant to send this to the list?
>
Yes, thanks for rese
On Sat, Feb 03, 2001 at 06:56:01PM -0800, Bill Barnes wrote:
:
:Take a look at www.coyotelinux.com.
:My $50 16M 486 has been up since July 24/7.
:
:Bill
Perhaps you meant to send this to the list?
Pretty cool concept for a firewall box, config it, make a spare
floppy, if it gets cracked instant
On Sat, Feb 03, 2001 at 08:47:26PM -0300, [EMAIL PROTECTED] wrote:
:
:It was already a dedicated firewall. The box runs telnetd (only for
:192.168.1.x), squid and ipchains.
telnetd on a firewall!
OK, I know you said it only listens on the private net, but it still
sound like poor form to me.
If
On Sat, Feb 03, 2001 at 08:47:26PM -0300, [EMAIL PROTECTED] wrote:
>
> can I complete re-install with apt? or I have to do the boot from cd
> again?
boot from the CD, and erase all partitions, backup any data or config
files you wnat to keep but manually audit each and every file before
restoring
mgriffa writes;
> is there any way to full re-install the system from inside? like apt-get
If the machine has been cracked you cannot trust any executable on it
(including the kernel). You can salvage your data and your config files
(if you audit them). Fist thing to do is get the machine off th
ault, as I installed in a rush), and now I'd like a good
> intrusion detection system.
> I'd like to hear about any advices about not security (too wide)
> but tools to run in cron and which may be usefull for this kind of
> situations.
The other advise I have seen you get
On 3 Feb 2001, John Hasler wrote:
> mgriffa writes:
> > I just realized that someone entered my debian box with cablemodem. I
> > couldn't find anything in the logs,...
>
> Thereby demonstrating that the author of the script your script-kiddie used
> is not incompetent.
>
> > ...but the pump packa
ed.
> > I replaced inetd for xinetd. took off services I didnt't use (It
> > was left all default, as I installed in a rush), and now I'd like a good
> > intrusion detection system.
> > I'd like to hear about any advices about not security (too wide)
mgriffa writes:
> I just realized that someone entered my debian box with cablemodem. I
> couldn't find anything in the logs,...
Thereby demonstrating that the author of the script your script-kiddie used
is not incompetent.
> ...but the pump package was deleted.
Why do you consider this proof t
es I didnt't use (It
> was left all default, as I installed in a rush), and now I'd like a good
> intrusion detection system.
> I'd like to hear about any advices about not security (too wide)
> but tools to run in cron and which may be usefull for this kind of
> s
7;d like a good
intrusion detection system.
I'd like to hear about any advices about not security (too wide)
but tools to run in cron and which may be usefull for this kind of
situations.
Thanks!
In article <[EMAIL PROTECTED]>,
marco presi wrote:
>While using XChat I received this message:
>
>eris.bt.net/Wallops- Remote CONNECT irc.u-net.com 2310 from ChrisN
>
>after this, no connection was logged by my system.
>Some ideas??
Marco, this has nothing to do with
While using XChat I received this message:
eris.bt.net/Wallops- Remote CONNECT irc.u-net.com 2310 from ChrisN
after this, no connection was logged by my system.
Some ideas??
Tnks
--
Ciao Ciao
Marco
Hi Paul,
> > On the systems that I run, I have disabled all incoming telnets, ftps,
> > rsh/rlogin/rexec/etc, finger, rusers, ident, etc. The only way in is via
>
> I already use ssh, but would like to exclude access by other means just
> as you describe. How do I go about doing this? Is ther
On 14-Apr-98 Ossama Othman wrote:
>
> On the systems that I run, I have disabled all incoming telnets, ftps,
> rsh/rlogin/rexec/etc, finger, rusers, ident, etc. The only way in is via
> Secure Shell. Note that outgoing telnets and ftps would still work. If
>
> -Ossama
>
I already use ssh,
Hi Alain,
> anyone know what's this and where to look for security advices and
> the likes (i dont know anymore where to start) ???
You might want to try Secure Shell and perhaps a one time password
package like OPIE.
Take a look at the following URL that has links to security software:
i was in the process of reading my syslog and noted some suspicious lines
in there,there was possibly an attack of my box via telnet,i wanted to
know more so i did: grep telnetd /var/log/daemon.log and got these
result:
Apr 3 02:10:30 main in.telnetd[374]: connect from ppp-annex-0454.mtl.total.ne
62 matches
Mail list logo
