search for: cipherdyne

...xec_state() Product: Portable OpenSSH Version: 9.1p1 Hardware: All OS: All Status: NEW Severity: normal Priority: P5 Component: sshd Assignee: unassigned-bugs at mindrot.org Reporter: mbr at cipherdyne.org Created attachment 3671 --> https://bugzilla.mindrot.org/attachment.cgi?id=3671&action=edit fix sshbuf memory leak in recv_rexec_state() In recv_rexec_state() the sshbuf 'inc' is not free'd before returning. The attached trivial patch fixes this, and matches the behavior...

https://bugzilla.netfilter.org/bugzilla/show_bug.cgi?id=505 ------- Additional Comments From mbr@cipherdyne.org 2007-03-24 06:01 MET ------- I've tested the proposed patch against the iptables-1.3.7 source, and find that it works in the reported broken case: # iptables -A INPUT -m string --algo kmp --string 111\"222 -j LOG # ./iptables-save > ipt.out # ./iptables-restore ipt.out # ./ip...

...string Product: Portable OpenSSH Version: 9.1p1 Hardware: All OS: All Status: NEW Severity: minor Priority: P5 Component: ssh Assignee: unassigned-bugs at mindrot.org Reporter: mbr at cipherdyne.org Created attachment 3678 --> https://bugzilla.mindrot.org/attachment.cgi?id=3678&action=edit patch to fix minor memory leak for kex_names_cat() returned string The caller of kex_names_cat() should free the returned string (as documented in the comment above the kex_names_cat() functio...

...morning I awoke to an email saying: [-] You may just need to add a default logging rule to the /sbin/ip6tables ''filter'' ''INPUT'' chain on hydra. For more information, see the file "FW_HELP" in the psad sources directory or visit: http://www.cipherdyne.org/psad/docs/fwconfig.html Well I have ipv6 entirely disabled in sysctl.conf. How should I address this? Also, has anyone tried tiger? ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways t...

...installed on a VM (vmware workstation build 36983) SELinux Disabled Firewall enabled, no services allowed. "Minimal" installation performed. IP=10.1.1.8 =================== Setup the server Optional : Update the server; #yum -y update #reboot Install fwknop #cd /tmp #wget http://www.cipherdyne.org/fwknop/download/fwknop-1.0.1-1.i386.rpm #rpm -i fwknop-1.0.1-1.i386.rpm Backup fwknop's access.conf file and make our own. #mv /etc/fwknop/access.conf /etc/fwknop/access.conf.orig #access=/etc/fwknop/access.conf #echo "SOURCE: ANY;">>$access #echo "OPEN_PORTS:tcp/22;&q...

as subject

...^^^^^^^^ > realized entirely with nftables ... frankly, for that reason, I like fwknop (in my case, straight from OS repos) better ... I'd still have to see fwknopd exit unexpectedly, which is where a host-firewall-only mechanism on the server side would have an advantage ... http://www.cipherdyne.org/fwknop/ > ~# cd /etc/fwknop > fwknop# diff access.conf.orig access.conf | sed -e '/> .*KEY/s/\t.*/\t.../' > 204,206c204,211 > < SOURCE ANY > < KEY_BASE64 __CHANGEME__ > < HMAC_KEY_BASE64 __CHANGEME__ > --- >> SOURCE...

I've seen pam_shield recommended several times for protecting against malicious login attempts; but I'm not quite clear if this requires one to be already running some pam-based software? Also, I'm running shorewall, and would prefer a shorewall based protection, but the advice I read on googling for this seemed excessively complicated. -- Timothy Murphy e-mail: gayleard /at/

Hi, I like shorewall and I''ve been using it for a long time. I now have a requirement to block worms / trojans in a public free wifi network I''m running. fwsnort ( http://www.cipherdyne.org/fwsnort/) translates Snort rules to iptables rules and it seems to fit my requirements. What is the best way to integrate shorewall and fwsnort? I tried googling for information about this subject but I couldn''t find any. Can anyone share experiences of integrating shorewall and fwsn...

Hi, I''d like to use psad from www.cipherdyne.com that analyze iptables log messages on my firewall-shorewall. It complains to incorrectly configured iptables when starting. This is the message : -------------------------------------------------------------------------------------------------- ** The INPUT chain in the iptables ruleset on de...

My LAN is behind a Netgear router, which does NAT. On the CentOS server I have fail2ban running. This morning my router reported 3 different IPs attempting to send UDP packets to port 38950, Since each address is only seen 4-5 times, I presume that fail2ban took over after that. GRC reports that ports are stealthed (port 143 was open, but is now closed), but then: Unsolicited Packets:

Hi, (I'm not subscribed to the list, so please CC me on reply.) I'd like to request adding a feature to OpenSSH: Task: ~~~~~ It is quite sometime useful to invoke a program prior to connecting to an ssh server. The most common use case will probably be port knocking. That is a small program sends certain packets to a server and the server reacts to this by unlocking the ssh port, which