search for: breakins

...ter--but raising user awareness is one of those things that security always seems to depend upon... > -----Original Message----- > From: Loomis, Rip > Sent: Friday, June 01, 2001 9:46 AM > To: openssh-unix-dev at mindrot.org > Subject: Disabling Password-based auth? (was RE: recent breakins) > > > All-- > > But it's not as simple as forwarding the password-based > authentication. Regardless of what method was used to > SSH from system one (user's) to system two (SF), the > user then started up *a second* SSH session to go > from two (SF) to three...

...riable substitutions Greetz, Louis > -----Oorspronkelijk bericht----- > Van: samba [mailto:samba-bounces at lists.samba.org] Namens Mark > Foley via samba > Verzonden: dinsdag 19 september 2017 16:08 > Aan: samba at lists.samba.org > Onderwerp: [Samba] How to track attempted breakins, > authentication failure logging > > This may have been asked before, but I can't find it. I am > getting repeated external attempted to log into our AD/DC > (running Samba 4.4.14). In /var/log/samba/log.samba I get > entried like: > > 2017/09/19 05:02:25.562957,...

>From http://www.apache.org/info/20010519-hack.html: "The ssh client at SourceForge had been compromised to log outgoing names and passwords, so the cracker was thus able get a shell on apache.org." user's ssh --> SF's ssh --> apache.org's sshd So basically the user's password was entered in the clear to an untrusted program (SF's ssh). Never mind that

...ation. -- Rip Loomis Brainbench MVP for Internet Security http://www.brainbench.com (Transcript 1923411) > -----Original Message----- > From: Tom Holroyd [mailto:tomh at po.crl.go.jp] > Sent: Friday, June 01, 2001 4:53 AM > To: openssh-unix-dev at mindrot.org > Subject: Re: recent breakins > > > On Fri, 1 Jun 2001, Gert Doering wrote: > > > On Fri, Jun 01, 2001 at 11:24:49AM +0900, Tom Holroyd wrote: > > > But what about multiple links? It should be possible to forward > > > authentication requests back to the user's keyboard. The > SR...

I know this is cruel, but I figured out a way to break dovecot, temporarily. The really great news is that it recovers nicely. I'm also not sure if anything can be done about this, since I've seen the same thing happen with courier-imap, uw-imap, and maybe cyrus-imap. I used cyrus-imap for such a short period of time that I didn't get to really test it much. how to... (this

Ok here is one for you. I know we all do the this for 911: exten => _911,1,Dial(Zap/1/911) exten => _9911,1,Dial(Zap/1/911) And this probably is more then acceptable for most of us. However I have a system setup that uses SIP for most calls and 1 POTS line. We use a "least cost" routing that uses the POTS line for local calls AND SIP when appropiate. What I want to do is

This may have been asked before, but I can't find it. I am getting repeated external attempted to log into our AD/DC (running Samba 4.4.14). In /var/log/samba/log.samba I get entried like: 2017/09/19 05:02:25.562957, 2] ../source4/auth/ntlm/auth.c:430(auth_check_password_recv) auth_check_password_recv: sam_ignoredomain authentication for user [HPRS\333] FAILED with error

Hi, I'm working on some project which is sort of log filter. Last few days I noticed that there are some wacky people scanning sshd port all the time from anywhere. Although sshd reports it with syslog error message which is very helpful, I'd like to know the source ip address with following message: canohost.c: around line #100 if (getaddrinfo(name, NULL, &hints, &aitop) !=

Hello everyone - My CentOS 6.8 server has been rebooting itself every 2 to 4 hours for the last several days. I do not know where to look for logs that might give a clue what the problem is. There are no unusual entries in /var/log/messages. I looked over other log files in /var/log and found nothing suggestive. Where else can I look? By luck I saw the beginning of a reboot on the server

On Tue, 2017-09-19 at 17:02 +0200, L.P.H. van Belle via samba wrote: > Hai Mark, > > I see the bugreport for this is still untouched. > https://bugzilla.samba.org/show_bug.cgi?id=11998 I've closed that bug now. Extensive work has been done to add this feature to Samba 4.7, due out this week: https://wiki.samba.org/index.php/Setting_up_Audit_Logging Two new debug classes,

The trojaned ssh client is nothing new to the hacker community, and the statement in the previous thread claiming "This type of man-in-the-middle attack (trojaned ssh) is not theoretical anymore, and password authentication is broken." is an example of how many poeple still think "hacking" is something very difficult and nothing short of a genius is required to make the

Question, there are the teardrop, ping of death, DoS and a host of other forms of attacks. While all of the research that I have been doing concerning another form of an attack.... I became sorta stumped on an idea... is there anywhere.... a description on what to expect or what happenes during any one of these or other attacks listed somewhere? If so, could someone please direct me in that

> > The best thing to do is add this to /etc/selinux/config > > SELINUX=disabled > > And then get on with the real jobs.... > Listening to all the pros and cons of SELinux. I'd like to improve the security of our regional web server using SELinux. We have a main regional web site and several virtual domains, kept up by private users, all on the same server. Some of

Hi Bill, On 2016-05-30, Bill Gee <bgee at campercaver.net> wrote: > > By luck I saw the beginning of a reboot on the server console. Normally I have > other systems up on the KVM switch. It appears to have dumped core. I don't > know where to look for the core dump files. They are not in /root. One place you might check is under /var/lib. I think there may be a

Dear R People: When will version 1.9 (for Windows) be ready, please? My reason for asking: there is an interesting library from Bioconductor called tkWidgets. However, it will only work with version 1.9.0 or higher. Are there ways around this, or should I just be patient? Thanks so much in advance! Sincerely, Erin Hodgess Associate Professor Department of Computer and Mathematical Sciences

I have quite a few entries in /var/log/messages for connection attempts. Is there anything other than ignoring them I can do? Example is below. Aug 21 15:48:19 machine sshd(pam_unix)[17903]: check pass; user unknown Aug 21 15:48:19 machine sshd(pam_unix)[17903]: authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=wsip-24-234-149-156.lv.lv.cox.net THanks, Jerry

If it''s any help, here''s a sed script that is reasonably good at pulling out suspicious-looking items generated by various daemons. Fix appropriately... _H* ========== # this should match a buncha different stuff / [Pp]ermi/b ff / PERMI/b ff / [Rr]efuse/b ff / REFUSE/b ff / [Dd]en[yi]/b ff / DEN[YI]/b ff /[Rr]eject/b ff /REJECT/b ff /[Bb]ogus/b ff /[Pp]assw/b ff /PASSW/b ff

At 07:43 AM 6/29/2015, you wrote: >James B. Byrne wrote: > > On Mon, June 29, 2015 02:14, Sorin Srbu wrote: > > OS 6? > >> > >> Please note: I'm not criticizing, just curious about the argument > >> behind using a regular OS to do firewall-stuff. > > > > Maintenance. > > > > A consistent set of expectations does wonders for

Hi, openssh-1.2.2p1 seems to have 2 problems on ipv6 (and ipv4 mapped addresses). 1. "BREAKIN ATTEMPT" warnings from ipv4 node 2. X forwarding The following patche fixes them. Thanks. diff -ru openssh-1.2.2p1/canohost.c openssh-1.2.2p1-20000308/canohost.c --- openssh-1.2.2p1/canohost.c Fri Jan 14 13:45:48 2000 +++ openssh-1.2.2p1-20000308/canohost.c Wed Mar 8 00:25:18 2000 @@

Last Wednesday at 12:21 I made this switch, which seemed to be uneventful. In any case, no user has reported problems since the migration. Not content to leave well enough alone, this morning I scanned the syslog and maillog for dovecot related errors. What I found was that: Before the Migration=========================== I saw a lot of SSL errors that look like this: > Jan 14 11:49:23