similar to: possible compromise?

> From: Zoran Kolic <kolicz@eunet.yu> > Subject: about nmap > To: freebsd-security@freebsd.org > Message-ID: <20040808053526.GA652@kolic.net> > Content-Type: text/plain; charset=us-ascii > > Dear all! > Last evening I've noticed that > my 5.2 box had strange result > about nmap search. One port is > randomly open when I look from > user account.

Dear list! I have a little problem, trying to enable logging of deny rule. I have enabled it via kernel: options IPFIREWALL options IPFIREWALL_VERBOSE options IPFIREWALL_VERBOSE_LIMIT=3 It is ipfw2. After that, my inten- tion was to use syslogd and !ipfw *.* /var/log/ipfw.log and newsyslog with /var/log/ipfw.log 600 3 100 * J In rc.conf I have firewall_enable="YES"

Hello! Attempt to scan a network with any method except plain ping results in an error: truss nmap -sT -p 21 '172.19.17.*' [...] sendto(0x4,0x8094200,0,0x0,{ AF_INET 172.19.17.0:0 },0x10) ERR#49 'Can't assign requested address' [...] What's strange that man on send(2) doesn't state that EADDRNOTAVAIL can ever be returned from sendto(). Quick look at nmap's site

Dear list! I'd like to know if some- one has experience with system running no mta (aka sendmail). I have single comp, not server, not lan. Yes! Sendmail is nice, but it is too big for simple tasks I have for it. My intention is to use apps small as possible. This letter gone from mutt directly to ssmtp, that processed it to my isp. (Setting option for sendmail as

Dear folks! Using f-prot, I've found "unix/abyoos.a" in one pure ascii file. Simple googling didn't reveal any special info about. Is it something I should be aware of? What parts of it could I find on the system, if any? Best regards Zoran

Dear FreeBSD! On my home machine I`ve tried to compile custom kernel for 5_0 release. In a script commented out all scsi, raid, ethernet, nfs options, I had not. So I`ve included atapicam options and "device pcm" for AC97 sound chip. After all, result was an error: linking kernel if.o: In function 'if_setlladdr': if.o(.text+0x2725): undefined reference to 'arp_ifinit'

Yeah but if you are uncertain about your own box my VERY STRONG advise is that you reinstall. IF your host is indeed owned, then you are a lot further away then just reinstalling, god knows what issues can arrise when a cracker exploits the system to do bogus tasks.. Then i say: Too bad for your time, sorry but it's like that -- Kind regards, Remko Lodder Elvandar.org/DSINet.org

Dear FreeBSD! I would like to use custom rules file with ipfw2. My computer goes to the net via dial-up modem and kernel ppp type. Since I don't have experience with dinamic rules, but want to, reading tutorials stranded me somewhere in the middle. In this moment I need recall of known links to docs about topic. Provider gives new address every time when connected. One machine. Via ppp...

that only works when you are presuming that the host was not hacked already because i would clear those logs when i hacked a system :) but indeed it's a try, If you remain unsure, it is best to reinstall the system to be sure that a fresh and newly updated (yeah update it when installed :)) system is not compromised at that time.. loads of work, but it gives you some relief to know that

Hi all! After installing 5.3 I've noticed some change in firewall logging. Prior (on 5.2) rules gave me what I needed: trimed to 3 of the same connection. Every new connection on the same rule gave new log line up to 3. I have in kernel: FIREWALL FIREWALL_VERBOSE FIREWALL_VERBOSE_LIMIT=3 Now, all connections on the same rule are trimed to 3. Is it possib- le on 5.3 to have all

Dear list! I've tried to compile tripwire-2.3.1-2 port on my 5.2 release. Two diffe- rent tarballs have failed with message, that port was broken, all in one sentence. No any details. Well! Makefile has so- mething like: .if ${OSVERSION} >= 500000 BROKEN= "Fails to build inder 5.X" .endif One more: USE_GMAKE= yes Has someone compiled it successfully? Is it for a good

I am not sure if I had a compromise but I am not sure I wanted some other input. I noticed in this in my daily security run output: pc1 setuid diffs: 19c19 < 365635 -rwsr-xr-x 1 root wheel 204232 Sep 27 21:23:19 2003 /usr/X11R6/bin/xscreensaver --- > 365781 -rwsr-xr-x 1 root wheel 205320 Dec 4 07:55:59 2003 /usr/X11R6/bin/xscreensaver It was the only file listed and I didn't

Dear all! I'd like to know if something changed for pgp263i on amd64. In ports, archs recommended are i386 and alpha. Has someone used gpg-idea port (with idea and rsa) to circum- vent pgp <-> gpg missmetch? Best regards Zoran

Asterisk Project Security Advisory - AST-2010-003 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Invalid parsing of ACL rules can compromise | | | security

Asterisk Project Security Advisory - AST-2010-003 +------------------------------------------------------------------------+ | Product | Asterisk | |--------------------+---------------------------------------------------| | Summary | Invalid parsing of ACL rules can compromise | | | security

Hi All As many may have noticed the GNU Project's FTP server had been compromised as outlined in this CERT advisory[1]. I felt the urge to quickly hack together a small perl script to check my distfiles against the published md5 sums from FSF. Using this file as reference: ftp://ftp.gnu.org/before-2003-08-01.md5sums.asc (Check and Verify the PGP signature ![1]) [1] Full CERT advisory :

It might sound stupid, but I'd like to know if there's any difference. Are those 3 line the same? WITH_KMS=YES WITH_KMS="YES" WITH_KMS=yes Best regards Zoran

FYI >Mailing-List: contact vulnwatch-help@vulnwatch.org; run by ezmlm >List-Post: <mailto:vulnwatch@vulnwatch.org> >List-Help: <mailto:vulnwatch-help@vulnwatch.org> >List-Unsubscribe: <mailto:vulnwatch-unsubscribe@vulnwatch.org> >List-Subscribe: <mailto:vulnwatch-subscribe@vulnwatch.org> >Delivered-To: mailing list vulnwatch@vulnwatch.org

Hello! With this email we release an extension to OpenSSH that was initially developed as project for our studies at the Univerity of Applied Sciences in Hagenberg. First we would like to describe the purpose of using Zero-Knowledge (ZK) for user authentication. Traditional authentication methods like challenge-response with passwords or public keys leak information about the credentials of

Recent proftpd security vulnerability release FYI. Ports has latest patched proftpd distribution. -- Jez http://www.munk.nu/ -------------- next part -------------- An embedded message was scrubbed... From: Dave Ahmad <da@securityfocus.com> Subject: ISS Security Brief: ProFTPD ASCII File Remote Compromise Vulnerability (fwd) Date: Tue, 23 Sep 2003 10:25:54 -0600 (MDT) Size: 4588 Url: