Displaying 20 results from an estimated 400 matches similar to: "Is log_in_vain really good or really bad?"
2003 Apr 14
3
strange connection attempts
hello,
I have turned on sysctls variables:
net.inet.tcp.log_in_vain: 1
net.inet.udp.log_in_vain: 1
And i have plenty of strange connection attempts on udp protocol
Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53
Apr 13 23:56:53 pals /kernel: Connection attempt to UDP xx.xx.x.xxx:55414 from 192.43.172.34:53
Connection attempt to UDP
2005 Jul 02
3
packets with syn/fin vs pf_norm.c
Hi,
First of all, I know that not dropping SYN/FIN isn't really a big deal, it
just makes no sense. But since it doesn't make any sense, I don't see
the reason why not to discard them.
I'm running pf on FreeBSD 5.4-RELEASE-p3 and I scrub any traffic. I've
read some other posts on google and as far as I can tell, clearly invalid
packets (like packets with SYN/RST set) is
2005 Apr 21
6
Information disclosure?
Hello,
For some reason, I thought little about the "clear" command today..
Let's say a privileged user (root) logs on, edit a sensitive file (e.g,
a file containing a password, running vipw, etc) .. then runs clear and
logout. Then anyone can press the scroll-lock command, scroll back up
and read the sensitive information.. Isn't "clear" ment to clear the
2004 Jun 07
1
freebsd-security Digest, Vol 61, Issue 3
On Sat, 29 May 2004 12:00:52 -0700 (PDT),
<freebsd-security-request@freebsd.org> wrote:
Hello !
Today i see in snort logs :
[**] [1:528:4] BAD-TRAFFIC loopback traffic [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/07-09:44:39.044590 127.0.0.1:80 -> 10.6.148.173:1566
TCP TTL:128 TOS:0x0 ID:577 IpLen:20 DgmLen:40
***A*R** Seq: 0x0 Ack: 0x75830001 Win: 0x0 TcpLen:
2004 Apr 22
2
IPsec - got ESP going, but not AH
Hi folks,
I've been working on getting my WiFi network running with IPsec. I'm
at the point where all traffic on the wifi subnet is encrypted (i.e.
ESP). Then I tried to add AH to the equation. I failed.
This picture describes the network setup:
http://beta.freebsddiary.org/images/ipsec-wireless.gif
Here's what I'm trying and failing with. With these rules, I get no
2004 Jun 04
3
syslogd(8) Dropping Privs
I made a quick change to syslogd(8) so that it can drop root
privileges immediately after starting up. It opens up the log
sockets (UNIX and network domains) and writes the PID files
before dropping privs. It drops privs before openning log
files and writing to users. Therefore, you would need to
modify your log file permissions appropriately. As for writing
to users, ttys generally are writeable
2004 Jan 09
1
Problem with DNS (UDP) queries
Hi all
I am trying to get rid of strings:
kernel: Connection attempt to UDP FREEBSD_IP:port from DNSSERVER_IP:53
on my console and in log file
I understand that those are replies on DNS queries that for some reason
took too long time to be answered.
I do not want to turn off the "log in vain" feature.
As these strings fill up my log I am afraid to miss some sensitive
messages (e.g.
2003 Oct 30
1
Using racoon-negotiated IPSec with ipfw and natd
[ -netters, please Cc me or security@ with replies. ]
I'm running into trouble integrating dynamic racoon-based IPSec into a network
with ipfw and natd. I need to be able to allow VPN access from any address
from authenticated clients. I've got the dynamic VPN working, with racoon
negotiating SAs and installing SPs, but the problem is that I can't tell
whether an incoming packet on
2004 Oct 10
1
MonkeyShell: using XML-RPC for access to a remote shell
Security pundits have been warning about the dangers implicit with Web
services for years. A good starting point for understanding the security
issues related to Web services can be found at:
http://searchwebservices.techtarget.com/originalContent/0,289142,sid26_gci872720,00.html
Of course to really understand the security risks posed by Web services,
you need to understand the basics of Web
2003 May 08
1
bridge and firewall
Can anyone help with this. Bridge is enabled, even in sysctl. Firewall is
enabled and configured. But my reality is done this way..
Cisco
(NATing
192.168.1.0/24) ---- Freebsd Bridge (Public IP) ------ stations
(Public IP) (NATing 172.16.0.0/24 192.168.1.xx
or something similar) 172.16.0.xx and on
one public IP one
2003 Nov 01
2
ipfw2 logging
Dear list!
I have a little problem, trying
to enable logging of deny rule.
I have enabled it via kernel:
options IPFIREWALL
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=3
It is ipfw2. After that, my inten-
tion was to use syslogd and
!ipfw
*.* /var/log/ipfw.log
and newsyslog with
/var/log/ipfw.log 600 3 100 * J
In rc.conf I have
firewall_enable="YES"
2004 May 17
4
Multi-User Security
Hello list.
I would like to get your opinion on what is a safe multi-user environment.
The scenario:
We would like to offer to some customers of ours some sort of network
backup/archive. They would put daily or weekly backups from their local
machine on our server using rsync and SSH. Therefore, they all have a user
account on our server. However, we must ensure that they would absolutely
not be
2004 Dec 03
4
Is my Apache server running as the root user or not?
Heya..
By reading my /usr/local/etc/apache2/httpd.conf, I can find out that my Apache is
running as the user "www" and the group "www" .. Yet, when I run sockstat, it tells me
one of the forks are runned as root and listening on port 80 as well as the other forks
are runned by www:www.. If I got a lot of users connecting to my server on port 80, will
thier requests ever be
2000 Jan 31
1
Change Request: New Environmental Variable for Username
Presently, the Samba documentation says that the default NetBIOS
username used by client-type applications is determined by the
following (from smbclient(1)),
If no username is supplied, it will default to an
uppercase version of the environment variable USER
or LOGNAME in that order. If no username is sup-
plied and neither
2003 Aug 07
1
problems with ipfilter on 5.1-RELEASE
hi all
i'm trying to get ipfilter set up on my new 5.1-RELEASE box. ipfilter
seems to be working fine. i just have a couple of issues that are
probably not very serious...
one thing is that during network startup at boot, i get the message
IPFilter: already initialized
repeated 4 times.
i think i have everything configured properly
my kernel config looks like
options IPFILTER
options
2004 Oct 22
5
Default permissions of /home/user..
Hello..
I've asked this question before without getting any further help really..
When a new user is added using "adduser" on 5.x (havn't really checked
if it's the same under 4.x or not), the default homedir permission is 755
(drwxr-xr-x) which to me, looks a bit insecure? It's of course pretty easy
to solve it by a simple chmod, but yet, isn't there anyway to
2003 Apr 11
2
Ipf headers not installed per default ?
Just rebuilt and installed/world kernel: FreeBSD 4.8-STABLE #0: Fri Apr 11
14:34:37 EDT 2003
Using the latest Makefile for squid25:
# fgrep \$FreeBSD /usr/ports/www/squid/Makefile
# $FreeBSD: ports/www/squid/Makefile,v 1.100 2003/04/09 08:31:30 adrian Exp $
Modified with:
# fgrep CONFIGURE_ARGS Makefile |fgrep -v \#
CONFIGURE_ARGS= --bindir=${PREFIX}/sbin --sysconfdir=${PREFIX}/etc/squid \
2003 Nov 03
1
FreeBSD and serial ata
Dear List,
This is my second post since I did not receive
any answers the first time.
I have P4P800-VM motherboard with serial ata
controlers (ICH5) and serial ata discs. I managed
to install FreeBSD 4.9-STABLE on this box when
setting the IDE controller in legacy mode.
Everything works normal except when booting,
the drives are set into UDMA33 mode:
atapci0: <Intel ICH5 SATA150
2003 Jun 07
1
Impossible to IPfilter this?
Hi!
I'm trying to increase security on my FreeBSD 4.8 firewall/DSL router/VPN
router.
My problem is with firewalling the VPN part. I'm using a tunnel to a
RedHat 7.1 box running FreeS/WAN. This tunnel allows traffic from my
internal net (172.17.0.0/24) to that box only:
spdadd 172.17.0.0/24 $REDHAT/32 any -P out ipsec esp/tunnel/$MYADDR-$REDHAT/unique;
spdadd $REDHAT/32 172.17.0.0/24
2003 May 26
2
sshd doing dns queries on localhost?
Hi,
I noted on my 4.7 machines that when a ssh conection is made, the
following PTR query happens (10.11.1.11 is the src address in the example):
13:23:21.120290 PUBLIC_IP.4523 > PUBLIC_IP.53: 52788+ PTR?
11.1.11.10.in-addr.arpa. (41)
13:23:21.120517 PUBLIC_IP.4524 > PUBLIC_IP.53: 52788+ PTR?
11.1.11.10.in-addr.arpa. (41)
13:23:21.120683 PUBLIC_IP.4525 > PUBLIC_IP.53: 52788+ PTR?