search for: attacks

Displaying 20 results from an estimated 4936 matches for "attacks".

2001 Nov 29
4
openssh 2.9p2 release 8.7 security alert!!!
Hi, everyone: My system was compromised a few days ago. The cracker attacked the system through openssh 2.9p2 release 8.7. I attached part of the log file. Thanks. Pin Lu (pin at stredo.com) Nov 25 11:33:05 ns sshd[10627]: Disconnecting: Corrupted check bytes on input. Nov 25 11:33:36 ns named[10478]: Lame server on '55.254.58.211.in-addr.arpa' (in
2002 Nov 08
1
bug on openssh 3.5p1
Excuse me in advance for my poor english I have noted a small bug on OpenSSH 3.5p1. When user root is not permitted to log in a system (PermitRoot no) and a correct password is submitted for it to server, a RST packet is issued from server to client: [root at xxx root]# ssh victim root at victim's password: Permission denied, please try again. root at victim's password: Permission
2008 Aug 26
0
Processed: The possibility of attack with the help of symlinks in some Debian
Processing commands for control at bugs.debian.org: > tags 496359 security Bug#496359: The possibility of attack with the help of symlinks in some Debian packages There were no tags set. Tags added: security > tags 496360 security Bug#496360: The possibility of attack with the help of symlinks in some Debian packages Tags were: confirmed Tags added: security > tags 496362 security
2009 Jun 02
3
Dovecot under brute force attack - nice attacker
Hi List, optimizing the configuration on one of our servers (which was hit by a brute force attack on dovecot) showed an odd behavior. The short story: On one of our servers an attacker did a brute force attack on dovecot (pop3). Since the attacker closed and reopened the connection after every user/password combination the logs showed many lines like this: dovecot: pop3-login: Aborted
2009 Jun 04
3
Dovecot under brute force attack - nice attacker
Hi List, optimizing the configuration on one of our servers (which was hit by a brute force attack on dovecot) showed an odd behavior. Dovecot Version 1.0.7 (CentOS 5.2) The short story: On one of our servers an attacker did a brute force attack on dovecot (pop3). Since the attacker closed and reopened the connection after every user/password combination the logs showed many lines like
2013 Jan 02
8
Auto ban IP addresses
Greetings all, I have been seeing a lot of [Jan 2 16:36:31] NOTICE[7519]: chan_sip.c:23149 handle_request_invite: Sending fake auth rejection for device 100<sip:100 at 108.161.145.18>;tag=2e921697 in my logs lately. Is there a way to automatically ban IP address from attackers within asterisk ? Thank you
2009 Dec 24
11
attack
Hi, My server is under attack allows the attacker to abuse of a php script of a vhost. How can I find what is the script. Regards, maverh
2015 Sep 01
2
llvm cfi
...ne because it was one of the few methods of evaluating CFI available. > More recent work is showing the deficiencies of evaluating CFI in this way > (in a nutshell, simple CFI defenses can be thwarted). > > Determining how to measure the effectiveness of defenses against > code-reuse attacks (such as Return-Oriented programming, Return to Libc > attacks, and Non-Control data attacks) > I don't think Non-Control data attacks is a kind of code-reuse attack. It is better to call it Data-Oriented attacks. > is an active area of research. My students and I are working to dev...
2013 May 16
5
ddos attack causes high ksoftirqd cpu use
Hello List! I got a small (50mbits or so) application layer ddos attack against a few name servers (thousands of IPs sending lots of bogus A record requests - weird) - one of the name servers was behind a shorewall firewall. That firewall was running a 2.6.18-194.11.1.el5 kernel and shorewall-4.4.11.1-1. I noticed that the shorewall host had ksoftirqd using 100% of the CPU during the
2011 Apr 04
6
sshd: Authentication Failures: 137 Time(s)
Hi, to prevent scripted dictionary attacks to sshd I applied those iptables rules: -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --update --seconds 60 --hitcount 4 --name SSH --rsource -j DROP -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -m recent --set --name SSH --rsource And this is part of logwatch: ssh...
1996 Sep 19
0
CERT Advisory CA-96.21 - TCP SYN Flooding and IP Spoofing Attacks
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= CERT(sm) Advisory CA-96.21 Original issue date: September 19, 1996 Last revised: -- Topic: TCP SYN Flooding and IP Spoofing Attacks - ----------------------------------------------------------------------------- *** This advisory supersedes CA-95:01. *** Two "underground magazines" have recently published code to conduct denial-of-service attacks by creating TCP "half-open" connections. This code...
2005 Oct 29
1
Bug#336265: logrotate detection, possible attack not checked by logcheck
Package: logcheck Version: 1.2.41 Problem: Logcheck try to detect if log file have been rotate or not by file size way. Possible attack: - current log file (sizeA) - run logcheck, (logcheck/logtail put inode in offsetfile), offset=sizeA - [attacker run attack 1] - run logrotate - [attacker run attack 2] - run logcheck may don't detect the rotation and don't check the log for attack 1
2008 Aug 26
0
Processed (with 58 errors): The possibility of attack with the help of symlinks in some Debian
Processing commands for control at bugs.debian.org: > tags 496359 secuirity Unknown tag/s: secuirity. Recognized are: patch wontfix moreinfo unreproducible fixed potato woody sid help security upstream pending sarge sarge-ignore experimental d-i confirmed ipv6 lfs fixed-in-experimental fixed-upstream l10n etch etch-ignore lenny lenny-ignore. Bug#496359: The possibility of attack with the help
2017 Feb 15
2
Serious attack vector on pkcheck ignored by Red Hat
...oked for another path to leverage his zero day. So the mere fact that an untrusted user is able to massage the heap of a binary (pkcheck in this case) to run whatever code he wants is a serious attack vector and thus those two memory leaks should be fixed. Because they allow bad people to leverage attacks with much more ease. Regards, Leonard. -- mount -t life -o ro /dev/dna /genetic/research
2012 Jan 10
2
defense-in-depth possible for sshd?
If an attacker finds an exploit to take control of httpd, they're still blocked in part by the fact that httpd runs as the unprivileged apache user and hence can't write any root-owned files on the system, unless the attacker also knows of a second attack that lets apache escalate its privilege. Basically correct? What about sshd -- assuming that the attacker can connect to sshd at
1998 Jul 14
1
Different Forms of attack...
Question, there are the teardrop, ping of death, DoS and a host of other forms of attacks. While all of the research that I have been doing concerning another form of an attack.... I became sorta stumped on an idea... is there anywhere.... a description on what to expect or what happenes during any one of these or other attacks listed somewhere? If so, could someone please direct me...
2017 Feb 09
4
Serious attack vector on pkcheck ignored by Red Hat
On Thu, 2017-02-02 at 13:40 -0800, Gordon Messmer wrote: > Escalation *requires* attacking a program in a security context other > than your own. Not necessarily. Suppose the adversary is aware of a root exploit/privilege escalation in a random library. Then the heap spraying allows this attacker to easily trigger this exploit because he is able to initialize the entire contents of the
2018 Jun 05
4
Help attack DDOS
Hi. I have a problem with the icecast. When I activate the service I am having an exesive consumption in the ip queries. It seems like a DDOS attack. How can I mitigate this attack? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.xiph.org/pipermail/icecast/attachments/20180605/bd03e5eb/attachment.htm>
2013 Aug 28
2
[LLVMdev] Adding diversity for security (and testing)
...nnel information such as timing channels in an attempt to discover the length of the inserted NOP sleds. This sounds like an extraordinarily difficult task, but possibly doable. With a weak PRNG like a LCG, for example, you may have sufficient information to break it [2] (I believe there are better attacks, but this is the first that came up with a quick search). 3. Remote attacker who can use a memory disclosure bug to read the contents of the memory. Like attacker 1, the defense can be bypassed. 4. Remote attacker who cannot read out memory. This is similar to 2 but would seem to be far more diff...
2004 Apr 06
4
SYN attacks
Heya, FREEBSD 4.9-STABLE Is there anyway to block SYN attacks and prevent it from bring down my server? Its been attacking for sometime.