similar to: IPMASQ and lock-up of all terminals

In article <27BC18174C3CD2118F6000A0C99E423E026A17F3@CRPHEX02.NAVSSES.NAVY.MIL>, <MeriwetherDJ@nswccd.navy.mil> wrote: >Well, last night, my box was hit again.. same symptoms: > >All attempts to connect remotely receive a connection, but a login prompt >never comes up. What about other servers that this machine is running? Do they all hang, or can you get a response from

Well, last night, my box was hit again.. same symptoms: All attempts to connect remotely receive a connection, but a login prompt never comes up. When I went to the console and turned on the monitor, I had the login prompt, but written on to the screen was the message IPMASQ: Reverse ICMP: Checksum error from xxx.xxx.xxx.xxx So, on this occasion, I thought I would post a summary of the

Hello, Since the ipmasq package has been dropped from debian I decided to migrate to shorewall. My setup is pretty simple: [DSL Modem] -eth0- [shorwall/gateway] -eth1- [local network] ipmasq required that I set the MTU on eth0 to 1492. Migrating to shorewall went well, but a small number of web sites would load slow or not at all. Setting the MTU on eth0 to 1492 and setting CLAMPMSS=Yes

Hi, I had installed squid with ntlm authentication and content filtering from this tutorial: http://www.howtoforge.com/dansguardian-with-multi-group-filtering-and-squid-with-ntlm-auth-on-debian-etch. Next to last point is firewall configuration by ipmasq but I have installed shorewall. This is content of I89tproxy.rul file: #!/bin/sh # # redirect http requests to non-local hosts to the

Marek Michalkiewicz <marekm@I17LINUXB.ISTS.PWR.WROC.PL> wrote: : It seems that most of the RedHat 5.3.12 security patches are in the : standard 5.4.17, except for the patch below. Also, there are more : (different) fixes in 5.4.18 (check h_length against sizeof(sin_addr) : in inet/rcmd.c and inet/rexec.c). : + { : +

I was looking into the reporting features in puppet today and realized that though I want the reports I don''t want to bog my puppetmasters down with the task of generating the rrd and png files. Also I already have a server set up to do reporting on various other things that already has the space/CPU cycles and that''s where everyone already goes to look for information. Plus we

On Tue, 14 Jul 1998, cfb wrote: > The main problem seems to be with the way that debian starts bind using > the script /etc/init.d/bind. I thought it would be really neat to just > change the #!/bin/sh at the top of the script to something like : > #!/usr/sbin/chroot /chroot-dns/ /bin/sh > or > #!/usr/sbin/chroot /chroot-dns/ /chroot-dns/bin/sh try changing

Hi. I don''t know if this one is known, but I can''t recall seeing anything about it. If it is old news I apologize. I discovered a bug in the inetd that comes with NetKit-B-0-08 and older. If a single SYN is sent to port 13 of the server, inetd will die of Broken Pipe: write(3, "Sun Jan 12 21:50:35 1997\r\n", 26) = -1 EPIPE (Broken pipe) --- SIGPIPE (Broken pipe) ---

I am interested in opinions regarding the use of xinetd versus the use of tcp wrappers. The two programs have similar functionality, but I find xinetd suits my needs better. The biggest problem is the age of xinetd, and AFAIK it is no longer being kept up. Are there any known security issues with xinetd? Another issue is that xinetd makes use of a non-standard inetd.conf layout, but

[Mod: forwarded from BUGTRAQ -- alex] ---------- Forwarded message ---------- Date: Sun, 6 Jun 1999 19:15:05 +0000 From: noc-wage <wage@IDIRECT.CA> To: BUGTRAQ@NETSPACE.ORG Subject: RedHat 6.0, /dev/pts permissions bug when using xterm Once again I''ve come up with another trivial Denial of Service flaw, (wow, I seem to be good at this Conseal Firewall, +++ath0, ppp byte-stuffing)

I was wondering if anyone here has or knows how to implement ttysnoop w/ssh ?

--------------------------------------------------------------------- Red Hat, Inc. Security Advisory Synopsis: Denial of service attack in syslogd Advisory ID: RHSA-1999:055-01 Issue date: 1999-11-19 Updated on: 1999-11-19 Keywords: syslogd sysklogd stream socket Cross references: bugtraq id #809 --------------------------------------------------------------------- 1. Topic: A

I just had a remote root break-in on my machine (x86 running Red Hat Linux 5.0 with all the updates except for kernel-2.0.32-3) this morning at 06:03:28 EDT. From what I''ve been able to gather, it appears to have been through snmpd, which I missed when I was weeding out unused daemons. Sorry for the feeble message, but all I know (or at least strongly suspect) is that there''s a

Hi, There is a severe problem with the db-1.85.4 library''s Linux port that can be found on sunsite.unc.edu under /pub/Linux/libs/db-1.85.4-src.tar.gz (sp?): This library contains a "snprintf" function which breaks down to a common sprintf, ignoring the size parameter. Obviously, this was thought to be a terribly bad work-around for C libraries which don''t contain an

-----BEGIN PGP SIGNED MESSAGE----- > Date: Fri, 2 May 1997 12:33:00 -0500 > From: "Thomas H. Ptacek" <tqbf@ENTERACT.COM> > On almost all Unix operating systems, having superuser access in a > chroot() jail is still dangerous. In some recent revisions of 4.4BSD > operating systems, root can trivially escape chroot(), as well. I was thinking about possible attacks

I''d like to hear some suggestions about securely administering a system remotely. Here''s the application: a project is going to scatter some server machines around the US. The server machines will be running Linux, with the only network servers being a custom application. Ignoring the separate question of physical security, how can I remotely check the system''s

Hi, I''ve been writing a login application to utilize the features of both PAM and libpwdb. Not surprisingly, this has meant looking at some old code.. The following denial of service attack seems to work quite nicely on my ancient Red Hat 3.0.3 system with the standard login application. Perhaps this is not a problem with 4.0? Does anyone know about other distributions? joe$ nvi

Hi- I heard about a bug in ipchains, could you please tell me what to do? Thanks

Hi all, I'm just looking at using smbtar to backup the Win95 PC's on my network, and would like usability ideas please. The tape drive I intend to use is in our RS6000 and has a capacity of 20GB before compression which means that I will be able to fit plenty of PC's onto one tape as all the PC's have <3GB HD's on them. The problem I have is how do I get multiple

If it''s any help, here''s a sed script that is reasonably good at pulling out suspicious-looking items generated by various daemons. Fix appropriately... _H* ========== # this should match a buncha different stuff / [Pp]ermi/b ff / PERMI/b ff / [Rr]efuse/b ff / REFUSE/b ff / [Dd]en[yi]/b ff / DEN[YI]/b ff /[Rr]eject/b ff /REJECT/b ff /[Bb]ogus/b ff /[Pp]assw/b ff /PASSW/b ff