honeynet's immense work at : www.honeynet.org
Yes tripwire or aide is what you need for sure.
As far as the files are concerned, mostly the files used for routine admin purpose are
changed by intruders.
If you look at major rootkits, they mostly replace the following files:
ps
ls
w
/bin/login
s
What you are asking for is impossible. The exploits are discovered and
passed around all the time...
What you should consider is a file integrity assessment application. We use
Tripwire and it is good. The docs are available from the files area on their
sourceforge website.
That, plus a well co
I've *asked* friends of mine to "audit" some of my systems before, but I've never
run any executables they give or so much as given them a shell. The
objective the test is that they have to get the shell themselves.
If you run a program for him, then *you* are the weak link in the security
and
well if the guy is telling him to use programs that are trojans, I'd say he's
certainly NOT
a friend.
On Mon, 22 Nov 1999 01:09:20 -0800, Mike Erickson wrote:
>Bob Taylor wrote:
>>
>> In message <[EMAIL PROTECTED]>, "Wellington
>> Terumi Uemura"
>> writes:
>> > Considering the security of
Look into the PIX firewall by Cisco.
fred
> Date: Sun, 21 Nov 1999 20:31:44 PST
> From: "Wellington Terumi Uemura" <[EMAIL PROTECTED]>
> To:[EMAIL PROTECTED]
> Subject: Re: Hacker Attack *help* thanks every one!!!
>
Gustav Schaffter wrote:
>
> Cokey,
>
> Where could I find more info on the Linux Router Project?
>
> Best regards
> Gustav
>
> Cokey de Percin wrote:
>
> > If you happen to have an old 386/40 or better with 16M of ram or
> > more (no hard drive, video or keyboard needed), you might want to
>
Bob Taylor wrote:
>
> In message <[EMAIL PROTECTED]>, "Wellington
> Terumi Uemura"
> writes:
> > Considering the security of my server(RedHat6.1),and the every Linux
> > community,i talk to a big friend of mine(a hacker) to try to hack my
> > sistem,to test the server and see how the server resp
Cokey,
Where could I find more info on the Linux Router Project?
Best regards
Gustav
Cokey de Percin wrote:
> If you happen to have an old 386/40 or better with 16M of ram or
> more (no hard drive, video or keyboard needed), you might want to
> look at the Linux Router Project. It works very
Thank you guys for the tips and recomendations:)Got to make my sys more
secure now,bye
__
Get Your Private, Free Email at http://www.hotmail.com
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
Juha Saarinen wrote:
>
> Wellington,
>
> First, that Web site has trojanised binaries on it (it's mostly Windows
> stuff). Don't download anything from there.
>
> Second, install a commercial-grade firewall, if you're worried about
> security. There's a security advisory document over at the Li
Wellington,
First, that Web site has trojanised binaries on it (it's mostly Windows
stuff). Don't download anything from there.
Second, install a commercial-grade firewall, if you're worried about
security. There's a security advisory document over at the Linux
Documentation Project site, I thin
On Sun, Nov 21, 1999 at 03:33:52PM -0800, Wellington Terumi Uemura wrote:
: 1 - How can we(linux community) make ftp,telnet and mail server,not to
: respond to a brute force attack?Like, give "3" chances for logins and
: passwords for all services.
If you're really serious, I'd start by doing t
In message <[EMAIL PROTECTED]>, "Wellington
Terumi Uemura"
writes:
> Considering the security of my server(RedHat6.1),and the every Linux
> community,i talk to a big friend of mine(a hacker) to try to hack my
> sistem,to test the server and see how the server respond to that kind of
> attack.
Chris,
>based access, everyone can still get to your pages) this is ftp, telnet,
since I need access to my own server from different servers, I cannot limit
access by host number. Is there an alternative solution?
Marcantonio
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LI
>
> How did you get that information? what commando did you use?
rpm -q bind
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
How did you get that information? what commando did you use?
__
Alfonso Barreto Lopez Inst. de Inv. de Matematicas U.N.A.M
[EMAIL PROTECTED]
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARC
> I would agree with this assessment. Check your BIND first, it's the
> biggest hole that hackers are using these days. RedHat had an RPM for
> the BIND vulerability, but it seems the description had downplayed the
> importance of the upgrade.
I think that was my problem. I sill had the old
On Mon, 8 Jun 1998, Chris Newbill wrote:
> Do you have your hosts.allow set for everyone to come in and do whatever the
> heck they want?
I did, but I don't anymore.
>
> look in /etc/hosts.allow, if there's a line in there that say's ALL: ALL
> Then your server is fair game. You should limi
[EMAIL PROTECTED] wrote:
>
> I had the following messages on my daily report for one of my web servers
> today:
>
> Checking Packages...
> changes from previous run...
> ---
[snip]
> > SM5. /usr/sbin/in.rshd
> 118a128
> > SM5. /bin/login
> ---
>
> I assume this means I have been h
Do you have your hosts.allow set for everyone to come in and do whatever the
heck they want?
look in /etc/hosts.allow, if there's a line in there that say's ALL: ALL
Then your server is fair game. You should limit access to only those
servers outside your own network that need access the server(
20 matches
Mail list logo
