search for: nkritsky

My machine got hacked a few days ago through the samba bug. I reinstalled everything cvsuped src-all, and ran chkrootkit. No more LKM but still... Can anyone please advise ? bash-2.05b# chkrootkit | grep INFECTED Checking `chfn'... INFECTED Checking `chsh'... INFECTED Checking `date'... INFECTED Checking `ls'... INFECTED Checking `ps'... INFECTED -- Jay -------------- next

...any to any via lo0 ${fwcmd} add 200 deny all from any to 127.0.0.0/8 ${fwcmd} add 300 deny ip from 127.0.0.0/8 to any } ;------------------------------------------- I think that they are talking about the same thing, no? Best Regards. ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru

...I have read arc4 (or RC4 - they supposed to be identical) looks quite good as SPRNG given ARC4_MAXRUNS and ARC4_RESEED_SECONDS values are 16384 and 300s. Can anybody shed some light on this topic or point me to the URL to read. Any help is very good. ;------------------------------------------- ; NKritsky ; mailto:nkritsky@internethelp.ru

I don't think I'm trying to do anything amazing, but IPFW's logging features are giving me a real headache. I can't find much in the archives either, but I find it hard to believe others havne't found this too. My rule: add 100 allow log tcp from any to <my IP> <ports> limit src-addr 2 I want connecting parties to be able to form no more than 2 connection. This

Hi, I noted on my 4.7 machines that when a ssh conection is made, the following PTR query happens (10.11.1.11 is the src address in the example): 13:23:21.120290 PUBLIC_IP.4523 > PUBLIC_IP.53: 52788+ PTR? 11.1.11.10.in-addr.arpa. (41) 13:23:21.120517 PUBLIC_IP.4524 > PUBLIC_IP.53: 52788+ PTR? 11.1.11.10.in-addr.arpa. (41) 13:23:21.120683 PUBLIC_IP.4525 > PUBLIC_IP.53: 52788+ PTR?

Just saw this from eWeek. "IBM, which paid roughly $500,000 for the testing, and SuSE (pronounced "SOOS-ah") were announcing the certification jointly. " The article is here: http://www.eweek.com/article2/0,3959,1212529,00.asp --- Darren Reed <avalon@caligula.anu.edu.au> wrote: > In some mail from twig les, sie said: > > > > I actually just asked

Hi All, I need to configure a VPN between a FreeBSD-4.8 box and a Linux (FreeS/WAN) box. In the Linux side, the network administrator installed FreeS/WAN with RSA authentication without IKE support. Does anybody knows if is possible to make my FreeBSD box connect a VPN with the Linux box? If so, could point me to a documentation about how to install IPSec with RSA authentication and how to make

so i just found that one of my hosts is GENERATING these probe pairs, maybe every minute or two (note the sequence numbers): seq my host victim(s) --- ---------------- --------------- 24) 192.168.0.2:1121 <--> 216.52.3.2:2703 25) 192.168.0.2:1122 <--> 216.52.3.4:2703 39) 192.168.0.2:1124 <-->

I am trying to get a tunnel from a cisco 1760 with IOS 12.2.15.t13 to a freebsd 4.9 install with racoon. I have package version freebsd-20040408a and internal version 20001216 in my log file. I posted the full racoon and cisco log below my configs. Racoon keeps saying: 2004-07-26 16:24:03: DEBUG: isakmp.c:2295:isakmp_printpacket(): begin. 2004-07-26 16:24:03: DEBUG:

First, I hope that this message is not considered flame bait. As someone who has used FreeBSD for for 5+ years now, I have a genuine interest in the integrity of our source code. Second, I hope that this message is not taken as any form of insult or finger pointing. Software without bugs does not exist, and I think we all know that. Acknowledging that point and working to mitigate the risks