similar to: possible compromise or just misreading logs

JohnG <mcsjgs@cox.net> wrote: > I run OS X 10.3.7 on a PowerMac MDD G4 on a cable broadband connection. > I have reason to think my system has been tampered with. Security > features in Mac OS X have been left unlocked (Preference Pane - Users) OSX is substantially different from FreeBSD (even without netinfo) despite having some of the same source code. I doubt you'll find

Does anyone know of a way to rate limit ssh connections from an IP address ? We are starting to see more and more brute force attempts to guess simple passwords "/usr/sbin/inetd -wWl -C 10" is nice for slowing down attempts to services launched via inetd. Is there an equiv method for doing this to sshd? Running from inetd has some issues supposedly. ---Mike

Vitelity seems to be offline to both IP and voice traffic. Is there any place to find out what their status is? Roger Marquis

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ============================================================================= FreeBSD-SA-03:12 Security Advisory FreeBSD, Inc. Topic: OpenSSH buffer management error Category: core, ports Module: openssh, ports_openssh,

Hi all, this is the first time I post to this list. If I am wrong, sorry. I have been trying for three weeks to update openssl-stable, but I cannot beacause of this message: ===> Cleaning for openssl-stable-0.9.7k # # this ports conflicts with your base system # please undefine OPENSSL_OVERWRITE_PORT # and use WITH_OPENSSL_BASE=yes instead. # *** Error code 1 I do not know how to act. Bye

Hi all, I have two prodction servers with FreeBSD 5.4 (all security patches are applied). They running some services like dns, ssh, http, ftp, etc. But I woukd like to encrypt some services for some hosts with ipsec when it is accessed. For example: - DNS resolution: not encrypted. - DNS replication master-slave: encrypted by ipsec. - Telnet: encrypted by ipsec for some hosts. Deny

I have a grown list of IPs that I am "deny ip from ###.### to any". Infected machines, hackers, etc.. Is there a way to have this list outside of rc.firewall and just read it in?

Heya.. Yesterday someone "attacked" by box by connection to several ports.. In other words, a simple portscan.. yet, since my box has "log_in_vain" enabled, so it tries to log everything to /var/log/messages, since the logfile got full and the size went over 100K, it tried to rotate the log to save diskspace. (Apr 16 21:00:00 omikron newsyslog[32137]: logfile turned over due

Hi, I have a 4.9-STABLE FreeBSD box apparently hacked! Yesterday I ran chkrootkit-0.41 and I don't like some of the outputs. Those are: chfn ... INFECTED chsh ... INFECTED date ... INFECTED ls ... INFECTED ps ... INFECTED But all the rest is NOT PROMISC, NOT INFECTED, NOTHING FOUND, NOTHING DELETED, or NOTHING DETECTED. I know by the FreeBSD-Security archives that

I'm dying to use the 1.0 capability to use more than one mysql user pasword database. However, I'm too chicken to use 1.0-test in a production environment. Does anyone know if there is a planned release date for 1.0? Or can anyone say how risky it is to use 1.0-test?

Good Day! I think we have a serious problem. One of our old server running FreeBSD 4.9 have been compromised and is now connected to an ircd server.. 195.204.1.132.6667 ESTABLISHED However, we still haven't brought the server down in an attempt to track the intruder down. Right now we are clueless as to what we need to do.. Most of our servers are running legacy operating systems(old

When I sent the original note, I had it configured this way: [realms] HIJ.KLM.COM <http://hij.klm.com/> = { kdc = ad1.hij.klm.com kdc = ad2.hij.klm.com admin_server = ad.hij.klm.com default_domain = hij.klm.com } [domain_realm] .xyz.hij.klm.com = HIJ.KLM.COM <http://hij.klm.com/> .hij.klm.com = HIJ.KLM.COM <http://hij.klm.com/> But then after reading about kerberos on the

Greetings, Long-time but very occasional samba user here with a new challenge (well for me at least). The basics are that on the domain join, the computer account gets created but throws the dns error which based on my searching seems non-fatal. wbinfo -t gives me a succeeded, wbinfo -a klm.com\\me --ntlmv2 works fine but yet the net ads testjoin fails. Logs on the domain controller show

I made a mistake setting my shell and have set the root users shell to /bin/bash instead of /bin/sh. I am curiuos if anyone knows how to fix this. The machines is FreeBSD 4.8-RELEASE-p4 and does not have sudo only su.

Hi Louis, Thanks for the reply. Upon checking the URL you sent, I'm not finding which stanzas you're referring to as being samba3 - my smb.conf looks remarkably similar to the sample I see there. Could you perhaps be more specific? Thanks, --Schuyler On Tue, Nov 17, 2015 at 11:23 AM L.P.H. van Belle <belle at bazuin.nl> wrote: > Your using a samba3 config on a samba 4. >

Interesting. So would having the account I'm creating it with in the same subdomain fix the potential trust issues, or is samba's function in a subdomain in general in question? On Tue, Nov 17, 2015 at 3:25 PM Rowland Penny <rowlandpenny241155 at gmail.com> wrote: > On 17/11/15 19:32, Schuyler Bishop wrote: > > Hi Rowland, > > > > Thanks for the response. I

Running freeBSD 6.1 After changing chkrootkit to the latest version V. 0.47 and compiling it then running it I get the following: ==================<SNIPPIT>================ Searching for anomalies in shell history files... nothing found Checking `asp'... not infected Checking `bindshell'... INFECTED (PORTS: 6667) Checking `lkm'... You have 131 process hidden for readdir

Hi expeRts, I would like to calculate weighted mean by two factors. My code is as follows: R> tmp <- by(re$meta.sales.lkm[, c("pc", "sales")], re$meta.sales.lkm[, c("size", "yr")], function(x) weighted.mean(x[,1], x[,2])) The result is as follows: R> tmp size: micro yr: 1994 [1] 1.090

Dear R gurus How do I do simple string concatenation in R? For example: A = "klm" B = "jjj" How can I assign a value to C such that C == "klmjjj" is True? Thank you Arie [[alternative HTML version deleted]]

How can I be sure if it is LKM or not? Today I've run chkrootkit and it gave me: Checking `lkm'... You have 179 process hidden for readdir command You have 179 process hidden for ps command chkproc: Warning: Possible LKM Trojan installed Checking `chkutmp'... The tty of the following user process(es) were not found in /var/run/utmp ! ! RUID PID TTY CMD ! root