similar to: MonkeyShell: using XML-RPC for access to a remote shell

Heya.. Yesterday someone "attacked" by box by connection to several ports.. In other words, a simple portscan.. yet, since my box has "log_in_vain" enabled, so it tries to log everything to /var/log/messages, since the logfile got full and the size went over 100K, it tried to rotate the log to save diskspace. (Apr 16 21:00:00 omikron newsyslog[32137]: logfile turned over due

Hi folks, I've been working on getting my WiFi network running with IPsec. I'm at the point where all traffic on the wifi subnet is encrypted (i.e. ESP). Then I tried to add AH to the equation. I failed. This picture describes the network setup: http://beta.freebsddiary.org/images/ipsec-wireless.gif Here's what I'm trying and failing with. With these rules, I get no

Can anyone help with this. Bridge is enabled, even in sysctl. Firewall is enabled and configured. But my reality is done this way.. Cisco (NATing 192.168.1.0/24) ---- Freebsd Bridge (Public IP) ------ stations (Public IP) (NATing 172.16.0.0/24 192.168.1.xx or something similar) 172.16.0.xx and on one public IP one

Dear list! I have a little problem, trying to enable logging of deny rule. I have enabled it via kernel: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=3 It is ipfw2. After that, my inten- tion was to use syslogd and !ipfw *.* /var/log/ipfw.log and newsyslog with /var/log/ipfw.log 600 3 100 * J In rc.conf I have firewall_enable="YES"

hi all i'm trying to get ipfilter set up on my new 5.1-RELEASE box. ipfilter seems to be working fine. i just have a couple of issues that are probably not very serious... one thing is that during network startup at boot, i get the message IPFilter: already initialized repeated 4 times. i think i have everything configured properly my kernel config looks like options IPFILTER options

[ -netters, please Cc me or security@ with replies. ] I'm running into trouble integrating dynamic racoon-based IPSec into a network with ipfw and natd. I need to be able to allow VPN access from any address from authenticated clients. I've got the dynamic VPN working, with racoon negotiating SAs and installing SPs, but the problem is that I can't tell whether an incoming packet on

Just rebuilt and installed/world kernel: FreeBSD 4.8-STABLE #0: Fri Apr 11 14:34:37 EDT 2003 Using the latest Makefile for squid25: # fgrep \$FreeBSD /usr/ports/www/squid/Makefile # $FreeBSD: ports/www/squid/Makefile,v 1.100 2003/04/09 08:31:30 adrian Exp $ Modified with: # fgrep CONFIGURE_ARGS Makefile |fgrep -v \# CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \

hope this help some one else --as it helped me, in undertanding contributions to * wiki pages... Regards! Samuel ----- Original Message ----- From: "whatis.com" <WhatIs-BAD63EB5A68046E1@lists.techtarget.com> To: "whatis.com" <WhatIs@lists.techtarget.com> Sent: Tuesday, January 06, 2004 10:31 AM Subject: Word-of-the-Day: wiki > THE

I made a quick change to syslogd(8) so that it can drop root privileges immediately after starting up. It opens up the log sockets (UNIX and network domains) and writes the PID files before dropping privs. It drops privs before openning log files and writing to users. Therefore, you would need to modify your log file permissions appropriately. As for writing to users, ttys generally are writeable

Hello list. I would like to get your opinion on what is a safe multi-user environment. The scenario: We would like to offer to some customers of ours some sort of network backup/archive. They would put daily or weekly backups from their local machine on our server using rsync and SSH. Therefore, they all have a user account on our server. However, we must ensure that they would absolutely not be

On Sat, 29 May 2004 12:00:52 -0700 (PDT), <freebsd-security-request@freebsd.org> wrote: Hello ! Today i see in snort logs : [**] [1:528:4] BAD-TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] 06/07-09:44:39.044590 127.0.0.1:80 -> 10.6.148.173:1566 TCP TTL:128 TOS:0x0 ID:577 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x75830001 Win: 0x0 TcpLen:

hello, I have turned on sysctls variables: net.inet.tcp.log_in_vain: 1 net.inet.udp.log_in_vain: 1 And i have plenty of strange connection attempts on udp protocol Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53 Apr 13 23:56:53 pals /kernel: Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53 Connection attempt to UDP

Hi There, I've been having an issue trying to figure out a way to policy route outbound packets from a multihomed machine through the proper interface using IPFW to no avail. I've tried several different incantations of IPFW fwd/forward statements, and none of them seem to do the trick. Basically, I have a host that has multiple Internet connections. This host is running FreeBSD 4.9

Hi, I have been doing some tests using hping2 and TCP SYN pings targeting local and remote hosts from two FreeBSD 4.7-RELEASE-p10 and one Linux 2.4.18 host. The three machines have the same hardware configuration and have been running for 6 months now. The average load isnt too high (usually 0.01 to 0.15) on the FreeBSD machines. Here is the output from hping2 (excuse me the line wrap),

Thanks for the module, I think its a good idea to commit it to FreeBSD for a few reasons: 1) Some folks just prefer more static kernels. 2) Securelevel is a great thing, but can be a pain to do upgrades around remotely. [A lot of folks use FreeBSD simply because its a breeze to run remotely]. 3) Until someone writes code to add modules to a kernel via /dev/mem and releases it to the script

Hello, ctags(1) uses external application sort(1) for sorting the tags file. It calls it via system(3) function. Look at the /usr/src/usr.bin/ctags/ctags.c file, there are such lines here: if (uflag) { (void)asprintf(&cmd, "sort -o %s %s", outfile, outfile); if (cmd == NULL) err(1, "out of space"); system(cmd); free(cmd); cmd = NULL; } This code will be

(Either this was too hard for the folks on -questions, or it was out of place there, or I'm not providing the right kind of info or... I'm open to suggestions.) At this stage I'd approach bliss if someone could even tell me how to make bind forget that IPv6 exists, and therefore stop hammering these queries at an apparently unsympathetic NT DNS server. Two affected

Hi! I'm trying to increase security on my FreeBSD 4.8 firewall/DSL router/VPN router. My problem is with firewalling the VPN part. I'm using a tunnel to a RedHat 7.1 box running FreeS/WAN. This tunnel allows traffic from my internal net (172.17.0.0/24) to that box only: spdadd 172.17.0.0/24 $REDHAT/32 any -P out ipsec esp/tunnel/$MYADDR-$REDHAT/unique; spdadd $REDHAT/32 172.17.0.0/24

I am not sure if I had a compromise but I am not sure I wanted some other input. I noticed in this in my daily security run output: pc1 setuid diffs: 19c19 < 365635 -rwsr-xr-x 1 root wheel 204232 Sep 27 21:23:19 2003 /usr/X11R6/bin/xscreensaver --- > 365781 -rwsr-xr-x 1 root wheel 205320 Dec 4 07:55:59 2003 /usr/X11R6/bin/xscreensaver It was the only file listed and I didn't

Presently, the Samba documentation says that the default NetBIOS username used by client-type applications is determined by the following (from smbclient(1)), If no username is supplied, it will default to an uppercase version of the environment variable USER or LOGNAME in that order. If no username is sup- plied and neither