search for: attackers

Displaying 20 results from an estimated 4936 matches for "attackers".

Did you mean: attacker
2001 Nov 29
4
openssh 2.9p2 release 8.7 security alert!!!
Hi, everyone: My system was compromised a few days ago. The cracker attacked the system through openssh 2.9p2 release 8.7. I attached part of the log file. Thanks. Pin Lu (pin at stredo.com) Nov 25 11:33:05 ns sshd[10627]: Disconnecting: Corrupted check bytes on input. Nov 25 11:33:36 ns named[10478]: Lame server on '55.254.58.211.in-addr.arpa' (in
2002 Nov 08
1
bug on openssh 3.5p1
Excuse me in advance for my poor english I have noted a small bug on OpenSSH 3.5p1. When user root is not permitted to log in a system (PermitRoot no) and a correct password is submitted for it to server, a RST packet is issued from server to client: [root at xxx root]# ssh victim root at victim's password: Permission denied, please try again. root at victim's password: Permission
2008 Aug 26
0
Processed: The possibility of attack with the help of symlinks in some Debian
Processing commands for control at bugs.debian.org: > tags 496359 security Bug#496359: The possibility of attack with the help of symlinks in some Debian packages There were no tags set. Tags added: security > tags 496360 security Bug#496360: The possibility of attack with the help of symlinks in some Debian packages Tags were: confirmed Tags added: security > tags 496362 security
2009 Jun 02
3
Dovecot under brute force attack - nice attacker
Hi List, optimizing the configuration on one of our servers (which was hit by a brute force attack on dovecot) showed an odd behavior. The short story: On one of our servers an attacker did a brute force attack on dovecot (pop3). Since the attacker closed and reopened the connection after every user/password combination the logs showed many lines like this: dovecot: pop3-login: Aborted
2009 Jun 04
3
Dovecot under brute force attack - nice attacker
Hi List, optimizing the configuration on one of our servers (which was hit by a brute force attack on dovecot) showed an odd behavior. Dovecot Version 1.0.7 (CentOS 5.2) The short story: On one of our servers an attacker did a brute force attack on dovecot (pop3). Since the attacker closed and reopened the connection after every user/password combination the logs showed many lines like
2013 Jan 02
8
Auto ban IP addresses
Greetings all, I have been seeing a lot of [Jan 2 16:36:31] NOTICE[7519]: chan_sip.c:23149 handle_request_invite: Sending fake auth rejection for device 100<sip:100 at 108.161.145.18>;tag=2e921697 in my logs lately. Is there a way to automatically ban IP address from attackers within asterisk ? Thank you
2009 Dec 24
11
attack
Hi, My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script. Regards, maverh
2015 Sep 01
2
llvm cfi
2015-09-01 11:38 GMT+08:00 John Criswell <jtcriswel at gmail.com>: > On 8/31/15 10:43 PM, 慕冬亮 via llvm-dev wrote: > > I want to create an experiment to show the effectiveness of cfi : > For example , > I first need a program with vulnerability so that we can hijack its > control flow; > > then I enforce cfi of llvm and we can't hijack its control flow. > >
2013 May 16
5
ddos attack causes high ksoftirqd cpu use
Hello List! I got a small (50mbits or so) application layer ddos attack against a few name servers (thousands of IPs sending lots of bogus A record requests - weird) - one of the name servers was behind a shorewall firewall. That firewall was running a 2.6.18-194.11.1.el5 kernel and shorewall-4.4.11.1-1. I noticed that the shorewall host had ksoftirqd using 100% of the CPU during the
2011 Apr 04
6
sshd: Authentication Failures: 137 Time(s)
Hi, to prevent scripted dictionary attacks to sshd I applied those iptables rules: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSH --rsource And this is part of logwatch: sshd: Authentication Failures: unknown
1996 Sep 19
0
CERT Advisory CA-96.21 - TCP SYN Flooding and IP Spoofing Attacks
...if it has a source address from your internal network. In addition, you should filter outgoing packets that have a source address different from your internal network to prevent a source IP spoofing attack from originating from your site. The combination of these two filters would prevent outside attackers from sending you packets pretending to be from your internal network. It would also prevent packets originating within your network from pretending to be from outside your network. These filters will *not* stop all TCP SYN attacks, since outside attackers can spoof packets from *any* outside networ...
2005 Oct 29
1
Bug#336265: logrotate detection, possible attack not checked by logcheck
Package: logcheck Version: 1.2.41 Problem: Logcheck try to detect if log file have been rotate or not by file size way. Possible attack: - current log file (sizeA) - run logcheck, (logcheck/logtail put inode in offsetfile), offset=sizeA - [attacker run attack 1] - run logrotate - [attacker run attack 2] - run logcheck may don't detect the rotation and don't check the log for attack 1
2008 Aug 26
0
Processed (with 58 errors): The possibility of attack with the help of symlinks in some Debian
Processing commands for control at bugs.debian.org: > tags 496359 secuirity Unknown tag/s: secuirity. Recognized are: patch wontfix moreinfo unreproducible fixed potato woody sid help security upstream pending sarge sarge-ignore experimental d-i confirmed ipv6 lfs fixed-in-experimental fixed-upstream l10n etch etch-ignore lenny lenny-ignore. Bug#496359: The possibility of attack with the help
2017 Feb 15
2
Serious attack vector on pkcheck ignored by Red Hat
Hello Warren, On Thu, 2017-02-09 at 15:27 -0700, Warren Young wrote: > So you?ve now sprayed the heap on this system, but you can?t upload > anything else to it because noexec, so?now what? What has our > nefarious attacker gained? So the heap is set with data provided by the (local) attacker who could initialize it to his liking using either of the two memory leaks in the options
2012 Jan 10
2
defense-in-depth possible for sshd?
If an attacker finds an exploit to take control of httpd, they're still blocked in part by the fact that httpd runs as the unprivileged apache user and hence can't write any root-owned files on the system, unless the attacker also knows of a second attack that lets apache escalate its privilege. Basically correct? What about sshd -- assuming that the attacker can connect to sshd at
1998 Jul 14
1
Different Forms of attack...
Question, there are the teardrop, ping of death, DoS and a host of other forms of attacks. While all of the research that I have been doing concerning another form of an attack.... I became sorta stumped on an idea... is there anywhere.... a description on what to expect or what happenes during any one of these or other attacks listed somewhere? If so, could someone please direct me in that
2017 Feb 09
4
Serious attack vector on pkcheck ignored by Red Hat
On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote: > Escalation *requires* attacking a program in a security context other > than your own. Not necessarily. Suppose the adversary is aware of a root exploit/privilege escalation in a random library. Then the heap spraying allows this attacker to easily trigger this exploit because he is able to initialize the entire contents of the
2018 Jun 05
4
Help attack DDOS
Hi. I have a problem with the icecast. When I activate the service I am having an exesive consumption in the ip queries. It seems like a DDOS attack. How can I mitigate this attack? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180605/bd03e5eb/attachment.htm>
2013 Aug 28
2
[LLVMdev] Adding diversity for security (and testing)
...in a compiler. >> > > Security comes from careful threat analysis and establishing > counter-measures appropriate to the threats, which might or might not > warrant crypto. This is a very good point. It may help to clarify your threat model here. Let's think about who the attackers are. Some possibilities: 1. Local attacker who can read the contents of the binary. This defense doesn't really buy you anything given automated attack creation frameworks like Q [1]. 2. Local attacker who cannot read the contents of the binary. (This is a pretty strange one, but it's pos...
2004 Apr 06
4
SYN attacks
Heya, FREEBSD 4.9-STABLE Is there anyway to block SYN attacks and prevent it from bring down my server? Its been attacking for sometime.