similar to: masquerading

I was wondering if anyone here has or knows how to implement ttysnoop w/ssh ?

Are there any known vulnerabilities in portmap (redhat''s portmap-4.0-7b)? I''ve been receiving a lot of attempts to access the portmap port on some linuxppc machines I administer by various machines which clearly have no business with mine, and I wonder if this is an attempt to break in to my machines. I''ve searched some archives, but I haven''t yet found any

-----BEGIN PGP SIGNED MESSAGE----- Hi everyone - Someone I''m working with has a requirement to map ethernet card addresses to unique IP addresses, and then have a Linux IP masquerade server know of this mapping list and not allow any data to pass from any ethernet card that a) it doesn''t know about, or b) isn''t assigned the right IP. Ideally it would also log this

Hello, I just made available a beta version of a port scan detector that I''ve been working on. The program, called Abacus Sentry, is a port scan/probe detector that offers what I think are a number of unique and useful features: - Runs on TCP or UDP sockets. Configurable by the user to bind to multiples of sockets for increased detection coverage. - Adjustable scan detection value with

I''ve kept this one on the back burner for a while, waiting for it to mature before attempting to use it, and now having seen OpenBSD ship with IPSec I''m getting a bit impatient =). What is the status of IPSec for Linux (and more specifically RedHat)? By this I mean I just did some www browsing/etc and found about a half dozen different implimentations, ranging from NRL, to a

Hi, I have the following Problem: My Rootserver stands at a hoster, I run a debian sarge and installed Xen 3 there latetly. I booted the xen Kernel - everything ok. However: when I started xend, the server instantly stopped responding. My Hosters Support said, that was due to a sort of mac spoofing protection in the switch, which disabled the Port, to which my server is connected, because there

I'm seeing strings of failed POP3 login attempts with obvious bogus usernames coming from different IP addresses. Today's originated from 216.31.146.19 (which resolves to neovisionlabs.com). This looks like a botnet attack. I got a similar probe a couple days ago. Is anyone else seeing these? The attack involves trying about 20 different names, about 3-4 seconds apart. Here's a

Hi, I was wondering how a linux box configured as a firewall stacked up against some of the commercial products like checkpoint-1 and gauntlet. Can someone direct me to a good book or online doc that compares linux to some other firewall methods? Mind you, I''m not talking about a firewall in the classical sense, ie ip forwarding turned off and used as a proxy, but the typical Linux box

I have chunk of data that I need for the life of the session. I am going to use it for selects through out my app. Is the best place to keep this data in the session? Is the session easily spoofed or cracked? While viewing the data is not critical in itself, spoofing it could cause me massive headaches. -- Posted via http://www.ruby-forum.com/.

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Is there a way to prevent hwaddr/mac address spoofing between DomU''s? So in a way ''binding'' a mac-address on boot time with a virtual interface? (with something like ebtables/arptables/etc?) Stefan -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.7 (GNU/Linux) Comment: Using GnuPG with Mozilla -

RH4.2 Linux Intel Last night I got three of these log messages: Two in a row, one a bit later. May 8 00:35:15 osg-gw imapd[4307]: warning: can''t get client address: Connectio n reset by peer May 8 00:35:15 osg-gw imapd[4307]: refused connect from unknown Now, I have imapd blocked to non-local users using tcpd wrappers, so tcpd is trying to find the address of the remote machine (all

On Sat, 29 May 2004 12:00:52 -0700 (PDT), <freebsd-security-request@freebsd.org> wrote: Hello ! Today i see in snort logs : [**] [1:528:4] BAD-TRAFFIC loopback traffic [**] [Classification: Potentially Bad Traffic] [Priority: 2] 06/07-09:44:39.044590 127.0.0.1:80 -> 10.6.148.173:1566 TCP TTL:128 TOS:0x0 ID:577 IpLen:20 DgmLen:40 ***A*R** Seq: 0x0 Ack: 0x75830001 Win: 0x0 TcpLen:

I've just upgraded my rsync server to 2.5.1 (before, I was using 2.4.6), without changing anything in /etc/rsyncd.conf, and now, I have this logs each time a client connect to server: 2002/01/07 18:33:03 [10432] rsync: reverse name lookup mismatch on fd3 - spoofed address? 2002/01/07 18:33:03 [10432] rsync on admin/sbin/padmin_update.sh from UNKNOWN (172.16.65.14) 2002/01/07 18:33:03 [10432]

I am currently suffering various SIP attacks. I am using the following extension to record the caller's IP address: exten => h,n,set(CDR(srcip)=${CHANNEL(recvip)}) However, in recent attacks, this IP address is not correct, and I believe that they are spoofing it. I am using asterisk 1.6.2.15. Does the CHANNEL(recvip) variable record IP show in the SIP header instead of the real, UDP

My firewall is using shorewall 3.0.x and CentOS Recently, I found that firewall is attaching from ARP spoofing.. There are a lot of "out of socket memory" in messages log ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and

On http://grc.com/default.htm I've found some bad news on the above service. It's true that if your windows network expose shared resources AND it is connect to Internet it can be bombed by hacker's attacks ? If yes, how to prevent it thru Linux-Samba ?

hi all, I need to generate ssh authorize keys for a list of users hosted on different servers.the users are active and each one has its public key (id_rsa.pub) hosted in 1 server. now what i need to do is to generate the authorize keys from each of their public key. the key is easily generating if public key hosted on the Node but my problem is that all public keys are hosted in 1 machine with a

Hi, I have dovecot with Maildir installed and running. No problems. I use kmail on both desktop and laptop with cachedimap configuration. kmail is configured to look for new mail every two minutes. Now my question: When both maschines are running and kmail is started then two clients access the same Maildir on the server at the same time. Is this possible or can this corrupt the Maildir

On 4 May 2015 at 20:53, Anne-Gwenn Kettunen <anwen at asphodelium.eu> wrote: > We started to take a look about that, and apparently, it seems that the IP > in the public key is taken into account when a client connects to a gateway. > Spoofing at that level doesn't seem easy, because the IP address seems to be > part of the authentication process. I'm having trouble

Hi, I have asterisk installed on centos with phpagi. Also I have PRI card connect to it. it's possible to show the sip number when calling from sip number to external number thru the PRI, instead of showing the PRI number show the sip number ? Regards -Hadi.Salem