search for: sourcefire

Sourcefire is looking to bring on a talented DevOps guy to join our talented Vulnerability Research Team. FreeBSD fanatics preferred! Sourcefire, Inc. (Nasdaq:FIRE) a world leader in Cyber Security is transforming the way Global 2000 organizations and government agencies manage and minimize network security...

...ow of the portsentry tool, but the project seems pretty much dead after Cisco bought Psyonic... and again is not on up2date''s list... I intend to use Snort, though I hope that it won''t share portsentry''s fate and become extinct after Check Point''s acquisition of Sourcefire will be completed. No FUD intended on this, optimistic views are always highly welcomed :) Luckily denyhosts has no plans of selling itself to anyone so that''s one project I can safely use :) So, Open Source portscaner for CentOS... anyone... ? :) Thank you for your time and help, Wit...

...X-UIDL: 58a7d456fd799ddf67cd2a767f5369f1 kris 2003/04/17 14:45:03 PDT FreeBSD ports repository Modified files: security/snort Makefile distinfo pkg-plist security/snort/files patch-snort.c Log: Update to snort 2.0.0. This fixes a security vulnerability: The Sourcefire Vulnerability Research Team has learned of an integer overflow in the Snort stream4 preprocessor used by the Sourcefire Network Sensor product line. The Snort stream4 preprocessor (spp_stream4) incorrectly calculates segment size parameters during stream reassembly for certain seque...

A client wants me to set up a mechanism whereby his customers can drop files securely into directories on his FreeBSD server; he also wants them to be able to retrieve files if needed. The server is already running OpenSSH, and he himself is using Windows clients (TeraTerm and WinSCP) to access it, so the logical thing to do seems to be to have his clients send and receive files via SFTP or SCP.

Hello, what is the right way to disable XFree86 and wdm listening ports tcp 6000 and tcp 1024. I read in man XFree86 about the -nolisten tcp option and tried to set in /usr/X11R6/lib/X11/xdm :0 local /usr/X11R6/bin/X -nolisten tcp but it was not successful. What is the right way to close the ports without use of IPFW? Your help would be appreciated. Thank?s Wolfgang

Hi all, There are rumours flying around about a supposed vulnerability in OpenSSH. Two details which I've seen mentioned many times are (a) that this exploit was used to break into a RedHat system running OpenSSH 4.3 plus backported security patches, and (b) that "recent" versions of OpenSSH are not affected; but it's not clear if there is any basis for these rumours. Given

...that (and a few other) attributes. Once I updated my schema to the correct one (http://us1.samba.org/samba/ftp/samba.schema), updated my LDAP ACL's to give samba read/write access to the attribute, and restarted the LDAP server, it was working again. Regards, Nathan - -- Nathan Benson http://sourcefire.com/ 1C1A F2C1 82AD F75F 9B6B E501 0D73 DC9B E96B DD96 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD4DBQFBWdwADXPcm+lr3ZYRAkpoAJj6Jnu4Xkh9GWaAOSKkYASmSwCFAJ9HSGI8 RXTDcm74HsT1voCeJb0JcQ== =TRS3 -----END PGP S...

Hello! At the University of Granada (Spain) we use a Samba Server for aprox. 1000 users and runs ok. But (there's always a but) we need to know how encript password for the smbpasswd file. I know that we can use the smbpasswd program but we need get the encrypted password in the stdout. Has someone a program than does this?? TIA.

...in, and not querying the LDAP server again when I provide credentials when prompted. I am sure that is is probably something trivial that I am missing, but I am indeed missing it. I would appreciate any input on this, as it is more than mildly annoying. Regards, Nathan - -- Nathan Benson http://sourcefire.com/ 1C1A F2C1 82AD F75F 9B6B E501 0D73 DC9B E96B DD96 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQFBm3+qDXPcm+lr3ZYRAtohAJ9YUu3wn0Vi8C7zN3KA+fPXn5N10QCgl77F 4TchVkpfCchSzJZKjykwzYA= =9Cxa -----END PGP SIGNATURE-----

Hi All, I currently have setup a site to site vpn using racoon on my freebsd firewall. All is well there and I can connect through the vpn when I am on the firewall and get the connection fine. Now I want to be able to connect from other machines through the firewall - this is where I come unstuck, the ipsec policy allows for my external address range to connect through the vpn, but then I would

...rg Version: unspecified Hardware: x86-64 (AMD64) OS: Linux (All) Status: NEW Severity: normal Priority: medium Component: Driver/nouveau Assignee: nouveau at lists.freedesktop.org Reporter: awillia2 at sourcefire.com QA Contact: xorg-team at lists.x.org I was using Chrome when my display froze (the mouse still worked, but otherwise the screen was non-responsive). After SSHing in, the following messages were in /var/log/syslog (dmesg wasn't helpful because the kernel message buffer had wrapped...

Hello all: I tried to install snort under /usr/ports/security and have some problems. with "make all", I checked every item on the menu but I got error messages: ////////////////////////////// laptop# make all ===> snort-2.8.1_1 is marked as broken: FLEXRESP2 patch file does not incorporate cleanly. *** Error code 1 Stop in /usr/ports/security/snort.

Hello, We have been using Samba 3.0.7 for almost a month now, and today marks the second time that I see a machine (one out of twelve on our network" that gives this error when I log in: "The system cannot log you on to this domain because the system's computer account in its primary domain is missing or the password on that account is incorrect." Last time this

Dear list! I've tried to compile tripwire-2.3.1-2 port on my 5.2 release. Two diffe- rent tarballs have failed with message, that port was broken, all in one sentence. No any details. Well! Makefile has so- mething like: .if ${OSVERSION} >= 500000 BROKEN= "Fails to build inder 5.X" .endif One more: USE_GMAKE= yes Has someone compiled it successfully? Is it for a good

Good day! To get ready for the release, we need to make sure that the list of external open source projects using LLVM 3.0 (file:///Volumes/Sandbox/llvm/llvm.src/docs/ReleaseNotes.html#externalproj) is up to date. Please send me an email with the project's name and a short description of it. Alternatively, if the project was commented out and you would still like to be listed, just tell me

...> > Not vulnerable. Red Hat does not ship Snort in any of our supported > products. > > SGI > > SGI does not ship snort as part of IRIX. > > Snort > > Snort 2.0 has undergone an external third party professional security > audit funded by Sourcefire. > _________________________________________________________________ > > The CERT/CC acknowledges Bruce Leidl, Juan Pablo Martinez Kuhn, and > Alejandro David Weil of Core Security Technologies for their discovery > of VU#139129. We also acknowledge Mark Dowd a...

If someone has some free time, can you go over my ipfw config. See if I have any problems, or things i should add. Im not an ipfw expert or anything. Here is the config. add 100 allow all from any to any via lo0 add 110 deny log all from any to 127.0.0.0/8 add 120 deny log ip from 127.0.0.0/8 to any add 00200 check-state add 00250 deny all from any to any frag in via bge0 add 00260 deny

Hey Guys, today I upgraded to 4.8-RELEASE-p15. As usual I set IPFIREWALL to default accept in my kernel config file. Config & make weren't complaining so, installed the kernel, reboot and there it was: >IP packet filtering initialized, divert disabled, rule-based forwarding enabled, default to deny, logging disabled Another rebuild didn't work out so... I reviewed

Hi, I have a 4.9-STABLE FreeBSD box apparently hacked! Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs. Those are: chfn ... INFECTED chsh ... INFECTED date ... INFECTED ls ... INFECTED ps ... INFECTED But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED. I know by the FreeBSD-Security archives that

Hi everyone, today I got an e-mail from a company claiming that my server is doing port scans on their firewall machine. I found that hard to believe so I started checking the box. The company rep told me that the scan was originating at port 80 with destination port 8254 on their machine. I couldn't find any hints as to why that computer was subject to the alleged port scans. Searching