search for: badguy

...x 5.2 - i386 Red Hat Linux 6.2 - i386 alpha 3. Problem description: The description of the vulnerability, taken from http://www.securityfocus.com/: -- An attacker poisons a nameserver to redirect all connections to www.goodguy.com, normally 100.100.100.100, to 99.99.99.99, www.badguy.com. The attacker causes all normal http requests to return what they normally would on www.goodguy.com, even though a user attempting to contact www.goodguy.com hits www.badguy.com. Upon getting a hit to www.badguy.com, the attacker causes an SSL connection to be established...

On 03/04/2015 09:45 PM, Dave McGuire wrote: > On 03/04/2015 03:37 PM, Oliver Welter wrote: >> Am 04.03.2015 um 21:03 schrieb Dave McGuire: >>> Am 04.03.2015 um 20:12 schrieb Michael Orlitzky: >>>> Please add [DNSBL] support to iptables instead of Dovecot. It's a waste of >>>> effort to code it into every application that listens on the network.

I went to reload (iptables-restore) my iptables configuration and obtained an error at the COMMIT statement. No further details were provided even when I ran restore with the -v option. I determined that none of my backed up configuration files going back to October will load either. This is more than passing strange because I altered and uploaded the iptables configuration on this host several

...nft list counters table ip filter { counter test { packets 0 bytes 0 } You can then refer to these objects from maps: # nft add table filter # nft add chain filter input { type filter hook input priority 0\; } # nft add map filter badguys { type ipv4_addr : counter \; } # nft add rule filter input counter name ip saddr map @badguys # nft add counter filter badguy1 # nft add counter filter badguy2 # nft add element filter badguys { 192.168.2.3 : "badguy1" } # nft add element filter badguys { 192.16...

On Fri, 12 Apr 2019, mj wrote: > What we do is: use https://github.com/trick77/ipset-blacklist to block IPs > (from various existing blacklists) at the iptables level using an ipset. "www.blocklist.de" is a nifty source. Could you suggest other publically available blacklists? > That way, the known bad IPs never even talk to dovecot, but are dropped > immediately. We

Hello List, I am having problem in getting iptables recent module working for me, so I was looking into /proc to get some clues. I see following line in the /proc for my iptables recent rule: # cat /proc/net/ipt_recent/badguy src=10.0.0.17 ttl: 63 last_seen: 3301974512 oldest_pkt: 2 3301973507, 3301974512 What does ttl mean? Is it time-to-live or what? What does it signify? -- CS

...contributed to ssh 1.2.23 in May 1998. I have missed the functionality after moving to OpenSSH so I have updated the patch and hope OpenSSH might accept it. The patch allows sshd_config to have lines like: AllowUsers root at localhost AllowUsers tridge@* AllowUsers guest at 192.168.2.* DenyUsers badguy@* etc. I found this useful for restricting users to only login from hostnames that they pre-arranged with me. Patch is against current cvs. Cheers, Tridge Index: auth.c =================================================================== RCS file: /cvs/openssh_cvs/auth.c,v retrieving revision...

Has anyone else seen this in the wild? We just had an attempted attack yesterday from a live attacker on one of our machines using this vulnerability. It wasn't all that clever, and they're long gone, but I *did* manage to catch them in the act and grab a copy of the binary they tried to run from /tmp/, as well as the PHP injection code they used to subvert a virtual web site's

...1 as a response. Thus, any user on TARGET.COM''s domain will connect to 127.0.0.1 if they try to contact WWW.SPOOFED.COM. The usage of 127.0.0.1 in this description is of course for instructional purposes, any IP address can be used, in particular an attacker could use its own IP address (BADGUY.COM''s IP) so all connections to ''host'' will go to ''BADGUY''. The attacker can then ''impersonate'' WWW.SPOOFED.COM. Given this attack, it is easy to visualize the effects of impersonating a high traffic FTP distribution site. This atta...