search for: breakin

...ter--but raising user awareness is one of those things that security always seems to depend upon... > -----Original Message----- > From: Loomis, Rip > Sent: Friday, June 01, 2001 9:46 AM > To: openssh-unix-dev at mindrot.org > Subject: Disabling Password-based auth? (was RE: recent breakins) > > > All-- > > But it's not as simple as forwarding the password-based > authentication. Regardless of what method was used to > SSH from system one (user's) to system two (SF), the > user then started up *a second* SSH session to go > from two (SF) to thre...

...riable substitutions Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mark > Foley via samba > Verzonden: dinsdag 19 september 2017 16:08 > Aan: samba at lists.samba.org > Onderwerp: [Samba] How to track attempted breakins, > authentication failure logging > > This may have been asked before, but I can't find it. I am > getting repeated external attempted to log into our AD/DC > (running Samba 4.4.14). In /var/log/samba/log.samba I get > entried like: > > 2017/09/19 05:02:25.562957,...

>From http://www.apache.org/info/20010519-hack.html: "The ssh client at SourceForge had been compromised to log outgoing names and passwords, so the cracker was thus able get a shell on apache.org." user's ssh --> SF's ssh --> apache.org's sshd So basically the user's password was entered in the clear to an untrusted program (SF's ssh). Never mind that

...ation. -- Rip Loomis Brainbench MVP for Internet Security http://www.brainbench.com (Transcript 1923411) > -----Original Message----- > From: Tom Holroyd [mailto:tomh at po.crl.go.jp] > Sent: Friday, June 01, 2001 4:53 AM > To: openssh-unix-dev at mindrot.org > Subject: Re: recent breakins > > > On Fri, 1 Jun 2001, Gert Doering wrote: > > > On Fri, Jun 01, 2001 at 11:24:49AM +0900, Tom Holroyd wrote: > > > But what about multiple links? It should be possible to forward > > > authentication requests back to the user's keyboard. The > S...

I know this is cruel, but I figured out a way to break dovecot, temporarily. The really great news is that it recovers nicely. I'm also not sure if anything can be done about this, since I've seen the same thing happen with courier-imap, uw-imap, and maybe cyrus-imap. I used cyrus-imap for such a short period of time that I didn't get to really test it much. how to... (this

Ok here is one for you. I know we all do the this for 911: exten => _911,1,Dial(Zap/1/911) exten => _9911,1,Dial(Zap/1/911) And this probably is more then acceptable for most of us. However I have a system setup that uses SIP for most calls and 1 POTS line. We use a "least cost" routing that uses the POTS line for local calls AND SIP when appropiate. What I want to do is

This may have been asked before, but I can't find it. I am getting repeated external attempted to log into our AD/DC (running Samba 4.4.14). In /var/log/samba/log.samba I get entried like: 2017/09/19 05:02:25.562957, 2] ../source4/auth/ntlm/auth.c:430(auth_check_password_recv) auth_check_password_recv: sam_ignoredomain authentication for user [HPRS\333] FAILED with error

...lpful, I'd like to know the source ip address with following message: canohost.c: around line #100 if (getaddrinfo(name, NULL, &hints, &aitop) != 0) { logit("reverse mapping checking getaddrinfo for %.700s " "from address %.100s failed - POSSIBLE BREAKIN ATTEMPT!", ntop, name); return xstrdup(ntop); } I added ip address to the message. Since the name woun't be abled to be resolved correctly, reporting only host name won't help so. Please apply below patch if it is acceptable. Thanks! -- Junji --- openssh-4.0...

Hello everyone - My CentOS 6.8 server has been rebooting itself every 2 to 4 hours for the last several days. I do not know where to look for logs that might give a clue what the problem is. There are no unusual entries in /var/log/messages. I looked over other log files in /var/log and found nothing suggestive. Where else can I look? By luck I saw the beginning of a reboot on the server

On Tue, 2017-09-19 at 17:02 +0200, L.P.H. van Belle via samba wrote: > Hai Mark, > > I see the bugreport for this is still untouched. > https://bugzilla.samba.org/show_bug.cgi?id=11998 I've closed that bug now. Extensive work has been done to add this feature to Samba 4.7, due out this week: https://wiki.samba.org/index.php/Setting_up_Audit_Logging Two new debug classes,

The trojaned ssh client is nothing new to the hacker community, and the statement in the previous thread claiming "This type of man-in-the-middle attack (trojaned ssh) is not theoretical anymore, and password authentication is broken." is an example of how many poeple still think "hacking" is something very difficult and nothing short of a genius is required to make the

Question, there are the teardrop, ping of death, DoS and a host of other forms of attacks. While all of the research that I have been doing concerning another form of an attack.... I became sorta stumped on an idea... is there anywhere.... a description on what to expect or what happenes during any one of these or other attacks listed somewhere? If so, could someone please direct me in that

...erver using SELinux. We have a main regional web site and several virtual domains, kept up by private users, all on the same server. Some of the private users want to run php and database apps on their websites. Up till now I steered away from allowing users to run anything on their sites, since a breakin to any private virtual domain would endanger the whole http process, including the main regional site. I'm preparing to switch over to a new (CentOS 4) machine, and I thought to set up a different SELinux context for each virtual domain, so that a vulnerability in someones private web site woul...

...#39;t > know where to look for the core dump files. They are not in /root. One place you might check is under /var/lib. I think there may be a /var/lib/crash directory which contains core dumps. > I ran MemTest 86+. No memory errors were found. Another option is to try Advanced Cluster Breakin, which runs other tests besides memory. http://www.advancedclustering.com/products/software/breakin/ I've had it find problems that memtest hasn't (and vice-versa). > Lm_sensors shows the processor running between 45 and 50C. If the system supports IPMI, check those sensors and logs,...

Dear R People: When will version 1.9 (for Windows) be ready, please? My reason for asking: there is an interesting library from Bioconductor called tkWidgets. However, it will only work with version 1.9.0 or higher. Are there ways around this, or should I just be patient? Thanks so much in advance! Sincerely, Erin Hodgess Associate Professor Department of Computer and Mathematical Sciences

I have quite a few entries in /var/log/messages for connection attempts. Is there anything other than ignoring them I can do? Example is below. Aug 21 15:48:19 machine sshd(pam_unix)[17903]: check pass; user unknown Aug 21 15:48:19 machine sshd(pam_unix)[17903]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=wsip-24-234-149-156.lv.lv.cox.net THanks, Jerry

...timed out/d [mod: If I read this correctly it prints recognized stuff, and generally discards anything that doesn''t match. I disapprove of this technique: There might be a message that looks innocent because it doesn''t have any of the above trigger words in it, but is actually a breakin report. You should start out with an empty script, and match/delete the annonying messages that keep on clobbering the output. -- REW ]

...t; > warrants. > >Yup. For, um, about a dozen years, I ran RH 7.1,7.2, 7.3, and eventually 9 >on an old box that was nothing but a firewall router. I was seriously >paranoid - no gcc or any development tools, no X, not much of anything. To >the best of my knowledge, we never had a breakin. > >I'm running DD-WRT on an ASUS router these days, and I'm *NOT* wildly >impressed. I mean, it seems ok, but the project is run in what I can only >describe as "amateur", in the worst sense of the word. The several >official developers release a build, and you can...

Hi, openssh-1.2.2p1 seems to have 2 problems on ipv6 (and ipv4 mapped addresses). 1. "BREAKIN ATTEMPT" warnings from ipv4 node 2. X forwarding The following patche fixes them. Thanks. diff -ru openssh-1.2.2p1/canohost.c openssh-1.2.2p1-20000308/canohost.c --- openssh-1.2.2p1/canohost.c Fri Jan 14 13:45:48 2000 +++ openssh-1.2.2p1-20000308/canohost.c Wed Mar 8 00:25:18 2000 @@ -42,6...

...like this: > Jan 14 11:49:23 mercury mail:warn|warning dovecot: imap-login: SSL_read() syscall failed: Connection reset by peer [69.180.200.184] > Jan 14 11:52:28 mercury mail:warn|warning dovecot: imap-login: SSL_read() syscall failed: Connection reset by peer [68.6.82.45] Which l took to be breakin attempts of some sort, except that I haven't seen any since the migration! After the migration==================================== I see errors like this: > Jan 14 12:21:45 mercury mail:err|error dovecot: IMAP(eg115): Corrupted index cache file /var/dcindx/eg115/.imap/INBOX/dovecot.index.c...