similar to: Re: Possible compromise ?

that only works when you are presuming that the host was not hacked already because i would clear those logs when i hacked a system :) but indeed it's a try, If you remain unsure, it is best to reinstall the system to be sure that a fresh and newly updated (yeah update it when installed :)) system is not compromised at that time.. loads of work, but it gives you some relief to know that

forgot this addr. -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene -----Oorspronkelijk bericht----- Van: Remko Lodder [mailto:remko@elvandar.org] Verzonden: vrijdag 23 januari 2004 10:53 Aan: Nick Twaddell Onderwerp: RE: [Freebsd-security] ipfw + named problem did you tcpdump the packets so that you can

Hi, I dont think you can deny all ddos against your box, you will need help from your isp. That is because if a person sends you enough packets, like 1mbit (and your line is 1mbit) full of packets, your connection is stuck, whether you filter or not. Though you can mitigate those by closing all non needed ports, log them if any attempt is being made to connect to them, and use a bogon list which

yes unless you use the version as of :> 2004-03-02 17:24:46 UTC (RELENG_5_2, 5.2.1-RELEASE-p1) check it out with uname -a if it does not say -p1 it affects you. My guess, you are affected :) cheers -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene -----Oorspronkelijk bericht----- Van:

Hello Remko: sorry to bother you again,after e mailing freebsd-security@FreeBSD.org mailing list, got a reply by the list moderator rejecting my message,stating that there is no valid message from that address,sugesting yet another email address, it doubts the authenticity of your recomendation Remko, you sugested I should look into securing my emailserver installation by preventing unauthorized

er.... How to block Arp PAckages? []s

Hi all again, I must add, there are no log entries after June 9, 2004. "LKM" message first apeared June 8, 2004, after this day, there is nothing in /var/messages, /var/security ..... How could I look for suspicious LKM module ? How could I find it, if the machine is hacked and I can not believe "ls", "find" etc. commands ? Peter Rosa

Howyd all? Seems that I have been routed. Possibly by a physical B&E, but who knows? Probably some of you do.... anyways, some politically sensitive email was deleted from a user account and the line low -tr & inserted into my .xinitrc . Duncan (Dhu) Campbell

Hello, My company has been asked to help with the upgrade of several Freebsd systems that are pretty old. The customer is running a file server samba also running apache running FBSD 4.2, he wants to upgrade using cvsup & the make buildworld procedure to upgrade to 5.x. Im very familier with the make buildworld procedure however there have been significant changes between 4.2 & 5.x so is

Hello list. I would like to get your opinion on what is a safe multi-user environment. The scenario: We would like to offer to some customers of ours some sort of network backup/archive. They would put daily or weekly backups from their local machine on our server using rsync and SSH. Therefore, they all have a user account on our server. However, we must ensure that they would absolutely not be

Of course, I wanted to say not OPTION but CHOICE :-) Peter Rosa ----- Original Message ----- From: "Peter Rosa" <prosa@pro.sk> To: <matthew@starbreaker.net> Cc: "FreeBSD Questions" <freebsd-questions@freebsd.org> Sent: Saturday, July 26, 2003 7:33 PM Subject: Re: suid bit files and securing FreeBSD > Hello Matthew, > > thank you very much.

Zitat von Remko Lodder <remko at freebsd.org>: Hi Remko, > Emails can only be read if they are authenticated / authorized in > someway to access the store. That means you might need to share the > info@ credentials with the other > people so that they can read it over imap or webmail etc. That is self-evident and it is not a problem. I can't understand what you

> On 16 Sep 2015, at 19:10, Mark Foley <mfoley at ohprs.org> wrote: > > Does the Dovecot NTLM mechanism work with MS Outlook? > > [ ] YES > [ ] NO > > Please check one ... anybody. > > ?Mark The URL on the wiki, which had probably been shared before with you; http://wiki2.dovecot.org/HowTo/ActiveDirectoryNtlm suggests it does. The URL quotes: Step 5.

Maybe you could not delete the message instantly, but keep track of last seen UID. UIDs increase monotonically, so you can rest assured that next arriving email has larger UID. Then you can bulk delete mails that are older than one day. Aki > On October 20, 2017 at 8:01 PM Remko Lodder <remko at FreeBSD.org> wrote: > > > Hi, > > Anyone has suggestions? The situation

Hi People, I recently setup a replication service within dovecot between two machines in different datacenters, which has the following configuration; (yes it is hashed out, because I needed to) #service replicator { # unix_listener replicator-doveadm { # mode = 0666 # } # process_min_avail = 1 #} # #service aggregator { # fifo_listener replication-notify-fifo { # mode = 0666 #

Quoting Remko Lodder <remko at freebsd.org>: >> On 11 Jul 2016, at 17:36, Rick Romero <rick at havokmon.com> wrote: >> >> Quoting "William L. Thomson Jr." <wlt-ml at o-sinc.com>: >> >>> You are not alone! >>> >>> On Wednesday, July 06, 2016 01:15:34 PM Remko Lodder wrote: >>>> Dear list, >>>>

In my recent security email, I got the following errors: cantona.dnswatchdog.com login failures: Aug 20 02:37:19 cantona sshd[9444]: fatal: Write failed: Operation not permitted Aug 20 04:30:42 cantona sshd[16142]: fatal: Write failed: Operation not permitted Aug 20 21:21:51 cantona sshd[45716]: fatal: Write failed: Operation not permitted So three questions: What is it? Should I be worried?

On 31. May 2018, at 18:09, Remko Lodder <remko at FreeBSD.org> wrote: >> On 31 May 2018, at 17:52, Michael Grimm <trashcan at ellael.org> wrote: >> I would love to get some feedback from the developers regarding: >> >> #) are commercial customers of yours running 2.3 master-master replication without those issues reported in this thread? >> #) do you get

Still not quite right for me. Jun 7 15:11:33 thunderstorm.reub.net dovecot: doveadm: Error: dsync(lightning.reub.net): I/O has stalled, no activity for 600 seconds (last sent=mail, last recv=mail (EOL)) Jun 7 15:11:33 thunderstorm.reub.net dovecot: doveadm: Error: Timeout during state=sync_mails (send=mails recv=recv_last_common) I'm not sure if there is an underlying replication error

We have the same problem, with a twist. When Thunderbird deletes a folder, it is still shown by the GUI. Dovecot deleted the folder correctly, and the sunscriptions file is also correct. Some other times, on shared folders, Thunderbird refuses to delete; in this case, apple mail on iphone can delete successfully. This suggests that the problem is in Thunderbird's code. R On Mon, Feb 5, 2018