Displaying 20 results from an estimated 200 matches similar to: "OSX Intrusion Suspected, Advice Sought"
2005 Jan 07
3
Intrusion Suspected, Advice Sought
I run OS X 10.3.7 on a PowerMac MDD G4 on a cable broadband connection.
I have reason to think my system has been tampered with. Security
features in Mac OS X have been left unlocked (Preference Pane - Users)
even though a master lock has always been set in the Security
Preference Pane. This locks all other important preference panes which
could be tampered with. Also permissions have been
2003 Dec 07
5
possible compromise or just misreading logs
I am not sure if I had a compromise but I am not sure I wanted some other
input.
I noticed in this in my daily security run output:
pc1 setuid diffs:
19c19
< 365635 -rwsr-xr-x 1 root wheel 204232 Sep 27 21:23:19 2003
/usr/X11R6/bin/xscreensaver
---
> 365781 -rwsr-xr-x 1 root wheel 205320 Dec 4 07:55:59 2003
/usr/X11R6/bin/xscreensaver
It was the only file listed and I didn't
2020 Apr 01
0
Can't block intrusion
D'Arcy Cain <darcy at VybeNetworks.com> writes:
> I have a script that checks for things like this and adds them to my
> packet filter (pf). Everything seems to work up to a point. The IP
> address gets added to my AUTOBLOCK table. The second rule, right after
> the friends whitelist, blocks any IP in that table. If I try to ping or
> traceroute to it I can't get
2020 Apr 01
0
Can't block intrusion
D'Arcy Cain <darcy at VybeNetworks.com> writes:
> Here is the first four lines from "pfctl -sr":
>
> pass in quick on bge0 from <FRIENDS> to any flags S/SA keep state
> block drop in log quick on bge0 from <ENEMIES> to any
> block drop in log quick on bge0 from <AUTOBLOCK> to any
> block drop out log quick on bge0 from any to
2020 Apr 01
0
Can't block intrusion
On 2/04/2020 5:28 AM, Mark Boyce wrote:
> On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com
> <mailto:gdt at lexort.com>> wrote:
>>
>> I think you need to use tcpdump and turn up firewall debugging.
>
> sngrep is your friend …My bet is UDP vs TCP on firewall rules :-)
>
> Mark
Or the stateful entry still exists when the table entry is updated.
2020 Apr 01
0
Can't block intrusion
On 2020-04-01 16:28, Mark Boyce wrote:
> On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com
> <mailto:gdt at lexort.com>> wrote:
>>
>> I think you need to use tcpdump and turn up firewall debugging.
>
> sngrep is your friend …My bet is UDP vs TCP on firewall rules :-)
block drop in log quick on bge0 from <AUTOBLOCK> to any
block drop out log quick
2020 Apr 02
0
Can't block intrusion
On 2020-04-02 08:01, Larry Moore wrote:
> I suspect you have a good understanding of pf.
Pretty good I think. As with everything I am always willing to learn more.
> Have you included in your script running 'pfctl -k <ip_address>' to kill
> any states that may exists after you update your <AUTOBLOCK> table?
I haven't yet because I want to watch the effect of
2006 Apr 25
2
firewall based antivirus/trojan blocking and intrusion detection [dnk]
Can anyone recommend an opensource package (preferably something centos 4X compatible)
that can be used on a (iptables) firewall to block virus/trojan, etc? And maybe
something for intrusion detection?
Thanks!
Dnk
2020 Apr 22
0
Recommendations on intrusion prevention/detection?
On 2020-04-22 18:45, Sami Ketola wrote:
> Actually by far the biggest source of stolen credentials is
> viruses/trojans harvesting them.
i tryed blacklist all ips that got passwords errors, but that ends in
big shorewall blrules so i turn it over to just add whitelist into
blrules where ips is known custommers that dont abuse server, that way
my shorewall got alot smaller config files
2020 Apr 22
1
Recommendations on intrusion prevention/detection?
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
</head>
<body>
<div>
<br>
</div>
<blockquote type="cite">
<div>
On 22/04/2020 19:56 Benny Pedersen <
<a href="mailto:me@junc.eu">me@junc.eu</a>> wrote:
</div>
<div>
<br>
2020 Apr 22
0
Recommendations on intrusion prevention/detection?
On 2020-04-22 5:29 a.m., Johannes Rohr wrote:
> Dear all,
>
> what are the key strategies for intrusion prevention and detection with
> dovecot, apart from installing fail2ban?
> It is a pity that the IMAP protocol does not support 2 factor
> authentication, which seems to stop 90% of intrusion attempts in their
> tracks. Without it, if someone has obtained your password and
2006 Nov 09
2
Suspected GPL violation by Erightsoft "super"
Hi guys,
the SUPER codec by Erightsoft
http://www.erightsoft.net/SUPER.html
contains lots of GPL and LGPL code:
mplayer, ffmpeg, x264, musepack, theora,
which they admit and give credit for.
Still, their product is proprietary,
and they insist on it. I tried to get
the source through their forum, but they
of course won't give it:
http://www.erightsoft.net/Supforum.html
I'll forward
2017 Feb 24
2
[SUSPECTED SPAM] Canonical Link to Reference of "ServerAliveInterval"
What is the canonical link to Reference of "ServerAliveInterval"?
Background: I want to write an answer at serverfault (Q-A Site).
I want to avoid copy+pasting. I would like to lead the new comer
to the canonical reference.
Regards,
Thomas G?ttler
--
Thomas Guettler http://www.thomas-guettler.de/
2019 May 17
0
drm/nouveau/core/memory: kmemleak 684 new suspected memory leaks
On (05/17/19 15:13), Sergey Senozhatsky wrote:
> 5.1.0-next-20190517
>
> I'm looking at quite a lot of kmemleak reports coming from
> drm/nouveau/core/memory, all of which are:
>
> unreferenced object 0xffff8deec27c4ac0 (size 16):
> comm "Web Content", pid 5309, jiffies 4309675011 (age 68.076s)
> hex dump (first 16 bytes):
> 00 00
2019 May 17
0
drm/nouveau/core/memory: kmemleak 684 new suspected memory leaks
On (05/17/19 15:13), Sergey Senozhatsky wrote:
> ... but most likely it's utterly wrong.
>
JFI, I removed kmemleak annotation and added the following
thing:
@@ -360,6 +360,7 @@ gp100_vmm_valid(struct nvkm_vmm *vmm, void *argv, u32 argc,
return -EINVAL;
}
+ kfree(map->tags);
ret = nvkm_memory_tags_get(memory,
2001 May 10
1
Re: PR#929 and [R] matrix: suspected integer overflow
On Wed, 9 May 2001 andreas.krause@pharma.novartis.com wrote:
> Is the following a known issue, in particular in terms of message clarity of the latter two?
Yes, bug PR#929. It's a bug in asInteger, an internal C routine which
using (int) on a double. coerce.c has better routines used to corce
vectors, and the comment
/* This section of code handles type conversion for elements */
/* of
2014 Feb 08
0
Asterisk intrusion detection/prevention, georgaphic IP banning, etc. (new software)
I'm looking for some beta testers to provide feedback on an Asterisk intrusion detection & prevention program we're releasing soon.
As a quick overview, the program provides:
- banning based on geographic location of source IP (Continent, country, region, city, etc)
- detection and banning based on channels in use by a user
- detection and banning based on rate of dialing
- detection
2004 May 10
5
rate limiting sshd connections ?
Does anyone know of a way to rate limit ssh connections from an IP address
? We are starting to see more and more brute force attempts to guess
simple passwords "/usr/sbin/inetd -wWl -C 10" is nice for slowing down
attempts to services launched via inetd. Is there an equiv method for
doing this to sshd? Running from inetd has some issues supposedly.
---Mike
2014 Jan 28
1
[SUSPECTED SPAM] default change in 6.2 breaks sslh
Hi all!
I'm using sslh. It's a multiplexer, used to let you have ssh, https,
stunnel, etc on one port.
In 6.2 there is a change in default behaviour:
* ssh(1): When SSH protocol 2 only is selected (the default), ssh(1)
now immediately sends its SSH protocol banner to the server without
waiting to receive the server's banner, saving time when connecting.
which, i suppose,
2001 May 09
1
matrix: suspected integer overflow
Is the following a known issue, in particular in terms of message clarity of the latter two?
> matrix(0, 10^8, 10^8)
Error: cannot allocate vector of size 2064896 Kb
> matrix(0, 20, 10^10)
Error in matrix(0, 20, 10^10) : negative length vectors are not allowed
> matrix(0, 10^10, 10^10)
Error: cannot allocate vector of size 0 Kb
# looks better for arrays:
> array (0, c(20, 10^10))