similar to: OSX Intrusion Suspected, Advice Sought

I run OS X 10.3.7 on a PowerMac MDD G4 on a cable broadband connection. I have reason to think my system has been tampered with. Security features in Mac OS X have been left unlocked (Preference Pane - Users) even though a master lock has always been set in the Security Preference Pane. This locks all other important preference panes which could be tampered with. Also permissions have been

I am not sure if I had a compromise but I am not sure I wanted some other input. I noticed in this in my daily security run output: pc1 setuid diffs: 19c19 < 365635 -rwsr-xr-x 1 root wheel 204232 Sep 27 21:23:19 2003 /usr/X11R6/bin/xscreensaver --- > 365781 -rwsr-xr-x 1 root wheel 205320 Dec 4 07:55:59 2003 /usr/X11R6/bin/xscreensaver It was the only file listed and I didn't

D'Arcy Cain <darcy at VybeNetworks.com> writes: > I have a script that checks for things like this and adds them to my > packet filter (pf). Everything seems to work up to a point. The IP > address gets added to my AUTOBLOCK table. The second rule, right after > the friends whitelist, blocks any IP in that table. If I try to ping or > traceroute to it I can't get

D'Arcy Cain <darcy at VybeNetworks.com> writes: > Here is the first four lines from "pfctl -sr": > > pass in quick on bge0 from <FRIENDS> to any flags S/SA keep state > block drop in log quick on bge0 from <ENEMIES> to any > block drop in log quick on bge0 from <AUTOBLOCK> to any > block drop out log quick on bge0 from any to

On 2/04/2020 5:28 AM, Mark Boyce wrote: > On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com > <mailto:gdt at lexort.com>> wrote: >> >> I think you need to use tcpdump and turn up firewall debugging. > > sngrep is your friend …My bet is UDP vs TCP on firewall rules :-) > > Mark Or the stateful entry still exists when the table entry is updated.

On 2020-04-01 16:28, Mark Boyce wrote: > On 1 Apr 2020, at 22:14, Greg Troxel <gdt at lexort.com > <mailto:gdt at lexort.com>> wrote: >> >> I think you need to use tcpdump and turn up firewall debugging. > > sngrep is your friend …My bet is UDP vs TCP on firewall rules :-) block drop in log quick on bge0 from <AUTOBLOCK> to any block drop out log quick

On 2020-04-02 08:01, Larry Moore wrote: > I suspect you have a good understanding of pf. Pretty good I think. As with everything I am always willing to learn more. > Have you included in your script running 'pfctl -k <ip_address>' to kill > any states that may exists after you update your <AUTOBLOCK> table? I haven't yet because I want to watch the effect of

Can anyone recommend an opensource package (preferably something centos 4X compatible) that can be used on a (iptables) firewall to block virus/trojan, etc? And maybe something for intrusion detection? Thanks! Dnk

On 2020-04-22 18:45, Sami Ketola wrote: > Actually by far the biggest source of stolen credentials is > viruses/trojans harvesting them. i tryed blacklist all ips that got passwords errors, but that ends in big shorewall blrules so i turn it over to just add whitelist into blrules where ips is known custommers that dont abuse server, that way my shorewall got alot smaller config files

<!doctype html> <html> <head> <meta charset="UTF-8"> </head> <body> <div> <br> </div> <blockquote type="cite"> <div> On 22/04/2020 19:56 Benny Pedersen < <a href="mailto:me@junc.eu">me@junc.eu</a>> wrote: </div> <div> <br>

On 2020-04-22 5:29 a.m., Johannes Rohr wrote: > Dear all, > > what are the key strategies for intrusion prevention and detection with > dovecot, apart from installing fail2ban? > It is a pity that the IMAP protocol does not support 2 factor > authentication, which seems to stop 90% of intrusion attempts in their > tracks. Without it, if someone has obtained your password and

Hi guys, the SUPER codec by Erightsoft http://www.erightsoft.net/SUPER.html contains lots of GPL and LGPL code: mplayer, ffmpeg, x264, musepack, theora, which they admit and give credit for. Still, their product is proprietary, and they insist on it. I tried to get the source through their forum, but they of course won't give it: http://www.erightsoft.net/Supforum.html I'll forward

What is the canonical link to Reference of "ServerAliveInterval"? Background: I want to write an answer at serverfault (Q-A Site). I want to avoid copy+pasting. I would like to lead the new comer to the canonical reference. Regards, Thomas G?ttler -- Thomas Guettler http://www.thomas-guettler.de/

On (05/17/19 15:13), Sergey Senozhatsky wrote: > 5.1.0-next-20190517 > > I'm looking at quite a lot of kmemleak reports coming from > drm/nouveau/core/memory, all of which are: > > unreferenced object 0xffff8deec27c4ac0 (size 16): > comm "Web Content", pid 5309, jiffies 4309675011 (age 68.076s) > hex dump (first 16 bytes): > 00 00

On (05/17/19 15:13), Sergey Senozhatsky wrote: > ... but most likely it's utterly wrong. > JFI, I removed kmemleak annotation and added the following thing: @@ -360,6 +360,7 @@ gp100_vmm_valid(struct nvkm_vmm *vmm, void *argv, u32 argc, return -EINVAL; } + kfree(map->tags); ret = nvkm_memory_tags_get(memory,

On Wed, 9 May 2001 andreas.krause@pharma.novartis.com wrote: > Is the following a known issue, in particular in terms of message clarity of the latter two? Yes, bug PR#929. It's a bug in asInteger, an internal C routine which using (int) on a double. coerce.c has better routines used to corce vectors, and the comment /* This section of code handles type conversion for elements */ /* of

I'm looking for some beta testers to provide feedback on an Asterisk intrusion detection & prevention program we're releasing soon. As a quick overview, the program provides: - banning based on geographic location of source IP (Continent, country, region, city, etc) - detection and banning based on channels in use by a user - detection and banning based on rate of dialing - detection

Does anyone know of a way to rate limit ssh connections from an IP address ? We are starting to see more and more brute force attempts to guess simple passwords "/usr/sbin/inetd -wWl -C 10" is nice for slowing down attempts to services launched via inetd. Is there an equiv method for doing this to sshd? Running from inetd has some issues supposedly. ---Mike

Hi all! I'm using sslh. It's a multiplexer, used to let you have ssh, https, stunnel, etc on one port. In 6.2 there is a change in default behaviour: * ssh(1): When SSH protocol 2 only is selected (the default), ssh(1) now immediately sends its SSH protocol banner to the server without waiting to receive the server's banner, saving time when connecting. which, i suppose,

Is the following a known issue, in particular in terms of message clarity of the latter two? > matrix(0, 10^8, 10^8) Error: cannot allocate vector of size 2064896 Kb > matrix(0, 20, 10^10) Error in matrix(0, 20, 10^10) : negative length vectors are not allowed > matrix(0, 10^10, 10^10) Error: cannot allocate vector of size 0 Kb # looks better for arrays: > array (0, c(20, 10^10))