search for: attack

Hi, everyone: My system was compromised a few days ago. The cracker attacked the system through openssh 2.9p2 release 8.7. I attached part of the log file. Thanks. Pin Lu (pin at stredo.com) Nov 25 11:33:05 ns sshd[10627]: Disconnecting: Corrupted check bytes on input. Nov 25 11:33:36 ns named[10478]: Lame server on '55.254.58.211.in-addr.arpa' (in '254.5...

...at victim's password: Permission denied, please try again. root at victim's password: Permission denied, please try again. ......... root at victim's password: Read from remote host 10.12.7.110: Connection reset by peer Connection to victim closed. tcpdump session: 12:17:32.650039 attacker.32804 > victim.22: S 1378959426:1378959426(0) win 5840 12:17:32.650538 victim.22 > attacker.32804: S 671772074:671772074(0) ack 1378959427 win 5792 12:17:32.650627 attacker.32804 > victim.22: . ack 1 win 5840 12:17:32.651741 victim.22 > attacker.32804: P 1:24(23) ack 1...

Processing commands for control at bugs.debian.org: > tags 496359 security Bug#496359: The possibility of attack with the help of symlinks in some Debian packages There were no tags set. Tags added: security > tags 496360 security Bug#496360: The possibility of attack with the help of symlinks in some Debian packages Tags were: confirmed Tags added: security > tags 496362 security Bug#496362: The poss...

Hi List, optimizing the configuration on one of our servers (which was hit by a brute force attack on dovecot) showed an odd behavior. The short story: On one of our servers an attacker did a brute force attack on dovecot (pop3). Since the attacker closed and reopened the connection after every user/password combination the logs showed many lines like this: dovecot: pop3-login: Aborted log...

Hi List, optimizing the configuration on one of our servers (which was hit by a brute force attack on dovecot) showed an odd behavior. Dovecot Version 1.0.7 (CentOS 5.2) The short story: On one of our servers an attacker did a brute force attack on dovecot (pop3). Since the attacker closed and reopened the connection after every user/password combination the logs showed many lines like th...

Greetings all, I have been seeing a lot of [Jan 2 16:36:31] NOTICE[7519]: chan_sip.c:23149 handle_request_invite: Sending fake auth rejection for device 100<sip:100 at 108.161.145.18>;tag=2e921697 in my logs lately. Is there a way to automatically ban IP address from attackers within asterisk ? Thank you

Hi, My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script. Regards, maverh

...program fragment in the literature. Is there any complete program to show that cfi can protect control flow? It's just a basic theory display, not academic paper！ > That said, doing an experiment will not show that CFI is effective; it > will only show that CFI stops that one particular attack that you are > demonstrating. While this was done in past research papers, it was only > done because it was one of the few methods of evaluating CFI available. > More recent work is showing the deficiencies of evaluating CFI in this way > (in a nutshell, simple CFI defenses can be thw...

Hello List! I got a small (50mbits or so) application layer ddos attack against a few name servers (thousands of IPs sending lots of bogus A record requests - weird) - one of the name servers was behind a shorewall firewall. That firewall was running a 2.6.18-194.11.1.el5 kernel and shorewall-4.4.11.1-1. I noticed that the shorewall host had ksoftirqd using 100%...

Hi, to prevent scripted dictionary attacks to sshd I applied those iptables rules: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSH --rsource And this is part of logwatch: ss...

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT(sm) Advisory CA-96.21 Original issue date: September 19, 1996 Last revised: -- Topic: TCP SYN Flooding and IP Spoofing Attacks - ----------------------------------------------------------------------------- *** This advisory supersedes CA-95:01. *** Two "underground magazines" have recently published code to conduct denial-of-service attacks by creating TCP "half-open" connections. This cod...

Package: logcheck Version: 1.2.41 Problem: Logcheck try to detect if log file have been rotate or not by file size way. Possible attack: - current log file (sizeA) - run logcheck, (logcheck/logtail put inode in offsetfile), offset=sizeA - [attacker run attack 1] - run logrotate - [attacker run attack 2] - run logcheck may don't detect the rotation and don't check the log for attack 1 duration. attack 1 : The real attack,...

...Unknown tag/s: secuirity. Recognized are: patch wontfix moreinfo unreproducible fixed potato woody sid help security upstream pending sarge sarge-ignore experimental d-i confirmed ipv6 lfs fixed-in-experimental fixed-upstream l10n etch etch-ignore lenny lenny-ignore. Bug#496359: The possibility of attack with the help of symlinks in some Debian packages There were no tags set. Tags added: > tags 496360 secuirity Unknown tag/s: secuirity. Recognized are: patch wontfix moreinfo unreproducible fixed potato woody sid help security upstream pending sarge sarge-ignore experimental d-i confirmed ipv6...

Hello Warren, On Thu, 2017-02-09 at 15:27 -0700, Warren Young wrote: > So you?ve now sprayed the heap on this system, but you can?t upload > anything else to it because noexec, so?now what? What has our > nefarious attacker gained? So the heap is set with data provided by the (local) attacker who could initialize it to his liking using either of the two memory leaks in the options parsing. The heap, that is entirely under the control of the attacker, now contains a call to a library with parameters such that it in...

If an attacker finds an exploit to take control of httpd, they're still blocked in part by the fact that httpd runs as the unprivileged apache user and hence can't write any root-owned files on the system, unless the attacker also knows of a second attack that lets apache escalate its privilege. Ba...

Question, there are the teardrop, ping of death, DoS and a host of other forms of attacks. While all of the research that I have been doing concerning another form of an attack.... I became sorta stumped on an idea... is there anywhere.... a description on what to expect or what happenes during any one of these or other attacks listed somewhere? If so, could someone please direct m...

On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote: > Escalation *requires* attacking a program in a security context other > than your own. Not necessarily. Suppose the adversary is aware of a root exploit/privilege escalation in a random library. Then the heap spraying allows this attacker to easily trigger this exploit because he is able to initialize the entire contents...

Hi. I have a problem with the icecast. When I activate the service I am having an exesive consumption in the ip queries. It seems like a DDOS attack. How can I mitigate this attack? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180605/bd03e5eb/attachment.htm>

...in a compiler. >> > > Security comes from careful threat analysis and establishing > counter-measures appropriate to the threats, which might or might not > warrant crypto. This is a very good point. It may help to clarify your threat model here. Let's think about who the attackers are. Some possibilities: 1. Local attacker who can read the contents of the binary. This defense doesn't really buy you anything given automated attack creation frameworks like Q [1]. 2. Local attacker who cannot read the contents of the binary. (This is a pretty strange one, but it's...

Heya, FREEBSD 4.9-STABLE Is there anyway to block SYN attacks and prevent it from bring down my server? Its been attacking for sometime.