similar to: Malicious traffic comming from 37.75.210.90

Hi, we had an attack on a server and we don't understand how it was possible, Asterisk 1.4.28/Debian Lenny 5.1 Attacker came from PALTEL, network 188.161.128.0/18 Hacked account had following setup: [111] type=friend username=111 context=from-111 host=11.22.33.44 dtmfmode=auto qualify=yes nat=yes canreinvite=no defaultip=11.22.33.44 port=35060 disallow=all allow=ulaw,alaw call-limit=2

The Xen netback implementation contains a couple of flaws which can allow a guest to cause a DoS in the backend domain, potentially affecting other domains in the system. CVE-2013-0216 is a failure to sanity check the ring producer/consumer pointers which can allow a guest to cause netback to loop for an extended period preventing other work from occurring. CVE-2013-0217 is a memory leak on an

All, Has anyone had any thoughts/discussion on providing a malicious call trace feature within Asterisk. Most legacy PBX's support this feature which allows a handset user to indicate using DTMF during a call that it's a malicious call which instructs the PBX to send a specific Q931 message over the ISDN to the providers switch telling it to log the call details as malicious for later

This repository has begun triggering alerts in my enterprises trend micro solution this morning. centos.firehosted.com/7.2.1511/updates/x86_64/repodata/repomd.xml Any tips on ensuring this repository is never queried by my systems ? It seems to keep getting picked up on freshly deployed vagrants for development at this time. Thanks, Corey Erickson

Directory name have some malicious characters, is it safe?How can I exclude some characters,thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20190520/e3ea2c53/attachment.html> -------------- next part -------------- A non-text attachment was scrubbed... Name: smiley-laughing.gif Type: image/gif

How is that dangerous? If you pipe output from a directory listing to *any* command you need to sanitize it. That's normal if you have data that can be created by a user. The issue is known since the very beginning of Linux

Hi! I use OpenSuse 12.1 and I have written to OpenSuse security maillist but noone can help me. Here is an OpenSuse forum topic where have describe the problem in details: http://forums.opensuse.org/english/get-technical-help-here/network-internet/476052-i-think-its-virus-while-nmbd-running-some-web-sites-redirected-broken.html Here is a Ukrainian key media recourse http://www.pravda.com.ua/

Use scripts to create some malicious directories. Here is my creation process. How can I prevent the creation of these directories? I used the python imapclient script to create a directory. There may be no big threat to dovecot, but it is dangerous for doveadm. -------------- next part -------------- An HTML attachment was scrubbed... URL:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4544 / XSA-25 Xen domain builder Out-of-memory due to malicious kernel/ramdisk ISSUE DESCRIPTION ================= The Xen PV domain builder contained no validation of the size of the supplied kernel or ramdisk either before or after decompression. This could cause the toolstack to consume all available RAM

https://bugzilla.samba.org/show_bug.cgi?id=11949 Bug ID: 11949 Summary: A malicious sender can still use symlinks to overwrite files Product: rsync Version: 3.1.2 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: core Assignee:

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Xen Security Advisory CVE-2012-4544,CVE-2012-2625 / XSA-25 version 2 Xen domain builder Out-of-memory due to malicious kernel/ramdisk UPDATES IN VERSION 2 ==================== Clarify that XSA-25 is reporting, via the Xen.org security process, both CVE-2012-4544 and CVE-2012-2625. Also we would like to

Hi all, Testing would be appreciated (esp. Ron?): I'd like to push this as soon as possible into 2.6.23. I thought of it while pondering kvm-lite, and then proved it was a problem... == If a Guest makes hypercall which sets a GDT entry to not present, we currently set any segment registers using that GDT entry to 0. Unfortunately, this is not sufficient: there are other ways of altering

Hi all, Testing would be appreciated (esp. Ron?): I'd like to push this as soon as possible into 2.6.23. I thought of it while pondering kvm-lite, and then proved it was a problem... == If a Guest makes hypercall which sets a GDT entry to not present, we currently set any segment registers using that GDT entry to 0. Unfortunately, this is not sufficient: there are other ways of altering

As halflife demonstrated in Phrack 50 with his linspy project, it is trivial to patch any system call under Linux from within a module. This means that once your system has been compromised at the root level, it is possible for an intruder to hide completely _without_ modifying any binaries or leaving any visible backdoors behind. Because such tools are likely to be in use within the hacker

$tc filter add dev $eth parent ffff: \ protocol ip prio 1 \ u32 match ip sport 1863 0xffff \ police rate 124kbit burst 1k drop \ flowid :1 ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs

Hello everyone. I''m using drag and drop on my site, I''v notice strange effect about droping. When I hold element over the droppable area, and drop on it, i see that element not exacly drop on the droppable area, I see something like element coming from outside of the screen, or coming from diffrent position, it''s look like element slide and then is dropped on the

Hi everyone, I'm going to do testing on the servers this weekend. Can I provide any info for inclusion in the project, please let me know. I am planning to do a power failure test. I could turn on any logging or do any "sampling" of output during the run down of the batteries if it could be useful. The UPS is connected via USB to a PC hardware running Ubuntu 10.04 LTS server.

Curious here, What does that mean. Thanks -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Christopher Dobbs Sent: Monday, December 13, 2004 8:23 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: [Asterisk-Users] Ethernet Channel Bank (Comming Soon to a NOC NearYou!) My company has

Whats wrong here? I was expecting 11 as the result... Thanks in advance. bench <- function(str,...) { func <- function(x) x+10 expr <- list(...)[1] str <- gsub("XXX",expr,str) x <- as.call(gsub("\"","",str)) eval(x) } bench("func(XXX)", "1")

hi all, i have gradwell DID i am using it for inbound dialing with IVR when ever customer call my DID some times other IVR is cumming on my IVR that IVR is not even related with my server .can u please help me on this -------------- next part -------------- An HTML attachment was scrubbed... URL: