Hi there!
Is there already an update for the new openssh (2.5.2p2) version
which includes various security fixes?
Best wishes
Norbert
--
ciao
norb
+-------------------------------------------------------------------+
| Norbert Preining http://www.logic.at/people/preining |
| University of Technology Vienna, Austria preining(a)logic.at |
| DSA: 0x09C5B094 (RSA: 0xCF1FA165) mail subject: get [DSA|RSA]-key |
+-------------------------------------------------------------------+
I must agree ;-)
.-.
/v\ L I N U X
// \\ >Phear the Penguin<
/( )\
^^-^^
"Reckhard,
Tobias" To: SuSE <suse-security(a)suse.de>
<Reckhard@sec cc:
unet.de> Subject: RE: [suse-security] AW: Squid on Firewall?
27.03.2001
07:44
> AFAIK you should NEVER use a
> proxy etc. on any firewall due to the buffer-
> overflow-problem. sorry...
>
Huh? Get real, man, with that attitude you shouldn't connect anything to an
untrusted network, as any application could be susceptible to buffer
overflows. And check out the literature on firewalls whenever you have a
bit
of spare time, I recommend the 2nd edition of 'Building Internet Firewalls'
by Chapman, Cooper and Zwicky. Most, if not all, of the firewall people
prefer application layer gateways, aka application proxies, over packet
filters when constructing firewalls. And I'd much rather have only one
application, the proxy, to watch for a compromise than the entire number of
client applications..
Cheers,
Tobias
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe(a)suse.com
For additional commands, e-mail: suse-security-help(a)suse.com
Hello people of the list! Just a quick question here:
To get BasiliX PHP based webmail (www.basilix.org) running on my SuSE 7
up-to-date box I have to set "safe_mode = Off" in my /etc/httpd/php.ini.
Since this sounds like a security risk, is it really? Or doesn't it matter
since I'm the only one using php pages and nobody has shell access etc.
Thanx in advance and sorry for my poor english.
--
Ralf Vroomen.
Hi everyone,
I have installed the snort.rpm from the 7.1 DVD however on the snort site I have found new rules. After I downloaded the rules file the way they are listed are different than the ones that were provided by the SuSE rpm. Forexample in suse there is a overflow-lib while I could not find the overflow.rules.
Where does SuSE get the rules/libs so that When I add rules I will stay compatible in a future update
--
Togan Muftuoglu
> Hi list, and amar, from "Down Under"
>
> Amarendra GODBOLE wrote:
> >
> > On Mon, Mar 26, 2001, the greycells of Ron Perry expressed:
> >
> > > Hi All,
> > >
> > > Running squid on the firewall. External interface eth0
> > >
> > > I've used this redirect before setting up any other chain.
> > > This catches all internal traffic to port 80 and redirects to 3128
> > >
> > > ipchains -A input -i ! eth0 -p tcp -s 0/0 -d 0/0 80 -j
> REDIRECT 3128
> > >
> > > It seems I still need to allow connections to port 80
> or/and 3128 from
> > > the internal interfaces.
> >
> > Hi,
> >
> > AFAIK, the 'REDIRECT' option does not if you are using Squid to
> > authenticate. Never checked this out. Raf ?
> >
> I'm not using squid to authenticate.
>
> I'm now thinking that I need to ACCEPT port 3128 before I REDIRECT to
> port 3128. And the redirect 80 should not be ACCEPTED.
>
> Any comments?
Yes. If you're not sure (as I'm not right now) try to log the packets by
denying and logging the rules. messages and firewall logfiles will tell you
what you have to do. You can also use tcpdump but better iptraf to analyze
your problem.
HTH
Philipp
> TIA
> Ron
> ronk(a)sunux.com.au
>
ALERT! A DANGEROUS NEW WORM IS SPREADING ON THE INTERNET
March 23, 2001 7:00 AM
Late last night, the SANS Institute (through its Global Incident
Analysis Center) uncovered a dangerous new worm that appears to be
spreading rapidly across the Internet. It scans the Internet looking
for Linux computers with a known vulnerability. It infects the
vulnerable machines, steals the password file (sending it to a
China.com site), installs other hacking tools, and forces the newly
infected machine to begin scanning the Internet looking for other
victims.
Several experts from the security community worked through the night to
decompose the worm's code and engineer a utility to help you discover
if the Lion worm has affected your organization.
Updates to this announcement will be posted at the SANS web site,
http://www.sans.org
--
--
----/ / _ Fred A. Miller
---/ / (_)__ __ ____ __ Systems Administrator
--/ /__/ / _ \/ // /\ \/ / Cornell Univ. Press Services
-/____/_/_//_/\_,_/ /_/\_\ fm(a)cupserv.org
Hi,
the SuSEfirewall 4.4 seems to work fine with my dial-up connection.
But there are still 2 things bothering me:
1) If I call openports then I get something like "ipchains returns errors,
no default route defined?" or something like that. What did I wrong at
that point?
2) On my comp I have only the start script phase 1/3 (close fw) installed
and the stop script (stop fw), since the start 2/3 and 3/3 always throw
'failed' during booting.
-> I still didn't get this: as long as I am not yet dialed-up to my
provider, why should I call "SuSEfirewall start", meaning why to
run those init scripts 2/3 and 3/3???
=> As far as I can see everything works well just with half of the init
scripts, because when I dial-up the ip-up script contains the
necessary call of the firewall script, doesn't it!?!
Please respond if I am wrong about that!
Regards,
Marko
--
O _ O
0 0
------------------m-\o/-m------------------------------------------
Dr. Marko K"aning Tel/Fax: +49-3834 554 442 / -3834 554 301
INP Greifswald email : kaening(a)inp-greifswald.de
I would like to start using a network analyzer and I heard about snort.
Could someone give some advise/opinion and maybe point me in the
direction of documentation. I am currently only watching
/var/log/messages, but would like to get a better handle on the traffic
that is coming to/from my cable modem. TIA
