Hi all, just to remind some of the lazy ones out there: the ssh crc32 compensation attack is (again) actively being exploitet. From one attack I have actively monitored, there were about 10 machines compromized in one night, after being scanned some days before. I phoned some of the admins, and most of them knowed that the problem exists (most of them were running SuSE 7.0), but were too lazy to fix it. See: http://www.suse.de/de/support/security/2001_045_openssh_txt.txt http://www.suse.de/de/support/security/2001_044_openssh_txt.txt http://www.suse.de/de/support/security/adv004_ssh.txt http://www.suse.de/de/support/security/2000_047_openssh_txt.txt http://defaced.alldas.de/mirror/2002/01/10/accounting.nordwest.net/ http://defaced.alldas.de/mirror/2002/01/10/custmx.ingolstadt-online.net/ http://defaced.alldas.de/mirror/2001/12/30/spider.tmag.de/ Cu, Thomas
The exploit code works great, and still has a ton of victims to hit =). I've been scanned a whack of times already on my cablemodem, dsl and cohosted machines (i.e. it's pretty active). Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/ ----- Original Message ----- From: "Thomas Lamy" <Thomas.Lamy@netwake.de> To: <suse-security@suse.com> Sent: Sunday, January 13, 2002 10:51 PM Subject: [suse-security] ssh reminder
Hi all,
just to remind some of the lazy ones out there: the ssh crc32 compensation attack is (again) actively being exploitet. From one attack I have actively monitored, there were about 10 machines compromized in one night, after being scanned some days before. I phoned some of the admins, and most of them knowed that the problem exists (most of them were running SuSE 7.0), but were too lazy to fix it.
See: http://www.suse.de/de/support/security/2001_045_openssh_txt.txt http://www.suse.de/de/support/security/2001_044_openssh_txt.txt http://www.suse.de/de/support/security/adv004_ssh.txt http://www.suse.de/de/support/security/2000_047_openssh_txt.txt http://defaced.alldas.de/mirror/2002/01/10/accounting.nordwest.net/ http://defaced.alldas.de/mirror/2002/01/10/custmx.ingolstadt-online.net/ http://defaced.alldas.de/mirror/2001/12/30/spider.tmag.de/
Cu, Thomas
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi all, first post to the group, so bear with me :) I am trying to setup an encryptet way to enable myself and my company an encryted communication with our external mail server. So far i have gotten the following: Suse 7.3 with qpopper 4.x and sslwrap 2.10 Entry in the inetd.conf file - pop3s stream tcp nowait root /usr/sbin/popper -s /usr/sbin/sslwrap -cert /usr/ssl/certs/certificatename.pem -port 110 Error i get in /var/log/mail Jan 14 07:50:12 eoel -s[6075]: (null) at line-zh-103-029.adsl.xxx.xx (x.x.x.x): -ERR POP EOF or I/O Error [popper.c:794] This concludes to me, that i've been doing something wrong :) Now if someone has done this before, would it be possible to englighten me, as i cannot really find the same information on the web. And while we're at it, i would lke to do the same thing for the smtp protocol using sendmail. regards Evert oot: if someone knows a link where setup of sendmail with user authentication is explained.. i will be thankful for the rest of my life ;)
do not use sslwrap. use stunnel, it works much better and is actively maintained and what most people use. Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/ ----- Original Message ----- From: "Evert Smit" <admin@sidhe.net> To: <suse-security@suse.com> Sent: Sunday, January 13, 2002 11:53 PM Subject: [suse-security] POP3S using qpopper and sslwrapper
Hi all,
first post to the group, so bear with me :)
I am trying to setup an encryptet way to enable myself and my company an encryted communication with our external mail server.
So far i have gotten the following: Suse 7.3 with qpopper 4.x and sslwrap 2.10 Entry in the inetd.conf file - pop3s stream tcp nowait root /usr/sbin/popper -s /usr/sbin/sslwrap -cert /usr/ssl/certs/certificatename.pem -port 110
Error i get in /var/log/mail Jan 14 07:50:12 eoel -s[6075]: (null) at line-zh-103-029.adsl.xxx.xx (x.x.x.x): -ERR POP EOF or I/O Error [popper.c:794]
This concludes to me, that i've been doing something wrong :) Now if someone has done this before, would it be possible to englighten me, as i cannot really find the same information on the web. And while we're at it, i would lke to do the same thing for the smtp protocol using sendmail.
regards Evert
oot: if someone knows a link where setup of sendmail with user authentication is explained.. i will be thankful for the rest of my life ;)
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Tried your hintm not working Installed stunnel-3.14-123 following line in inetd.conf pop3s stream tcp nowait root /usr/sbin/stunnel stunnel -l /usr/sbin/popper popper -s server.pem and mycert.pem in /etc/stunnel/ dir NOt working, but not giving any errors :) What do i di wrong? regards Evert -----Original Message----- From: Kurt Seifried [mailto:listuser@seifried.org] Sent: Monday, January 14, 2002 8:06 AM To: suse-security@suse.com Subject: Re: [suse-security] POP3S using qpopper and sslwrapper do not use sslwrap. use stunnel, it works much better and is actively maintained and what most people use. Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/ ----- Original Message ----- From: "Evert Smit" <admin@sidhe.net> To: <suse-security@suse.com> Sent: Sunday, January 13, 2002 11:53 PM Subject: [suse-security] POP3S using qpopper and sslwrapper
Hi all,
first post to the group, so bear with me :)
I am trying to setup an encryptet way to enable myself and my company an encryted communication with our external mail server.
So far i have gotten the following: Suse 7.3 with qpopper 4.x and sslwrap 2.10 Entry in the inetd.conf file - pop3s stream tcp nowait root /usr/sbin/popper -s /usr/sbin/sslwrap -cert /usr/ssl/certs/certificatename.pem -port 110
Error i get in /var/log/mail Jan 14 07:50:12 eoel -s[6075]: (null) at line-zh-103-029.adsl.xxx.xx (x.x.x.x): -ERR POP EOF or I/O Error [popper.c:794]
This concludes to me, that i've been doing something wrong :) Now if someone has done this before, would it be possible to englighten me, as i cannot really find the same information on the web. And while we're at it, i would lke to do the same thing for the smtp protocol using sendmail.
regards Evert
oot: if someone knows a link where setup of sendmail with user authentication is explained.. i will be thankful for the rest of my life ;)
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Evert Smit wrote:
Hi all,
first post to the group, so bear with me :)
I am trying to setup an encryptet way to enable myself and my company an encryted communication with our external mail server.
So far i have gotten the following: Suse 7.3 with qpopper 4.x and sslwrap 2.10 Entry in the inetd.conf file - pop3s stream tcp nowait root /usr/sbin/popper -s /usr/sbin/sslwrap -cert /usr/ssl/certs/certificatename.pem -port 110
Error i get in /var/log/mail Jan 14 07:50:12 eoel -s[6075]: (null) at line-zh-103-029.adsl.xxx.xx (x.x.x.x): -ERR POP EOF or I/O Error [popper.c:794]
This concludes to me, that i've been doing something wrong :) Now if someone has done this before, would it be possible to englighten me, as i cannot really find the same information on the web. And while we're at it, i would lke to do the same thing for the smtp protocol using sendmail.
regards Evert
oot: if someone knows a link where setup of sendmail with user authentication is explained.. i will be thankful for the rest of my life ;)
Hi Evert, POP3S works on port 995 try this: inetd.conf: pop3 stream tcp nowait root /usr/sbin/tcpd /opt/popper/sbin/popper -s -d ## port 110 pop3s stream tcp nowait root /usr/sbin/tcpd /opt/popper/sbin/popper -f <POPPER-CFG-FILE> ## port 995 ## (you can use both in parallel) <POPPER-CFG-FILE>: set clear-text-password = ssl set tls-support = alternate-port set tls-version = all set tls-server-cert-file = <MAIL-SERVER-CERTIFICATE> see the documentation how to generate your own certificate (with openssl): http://www.eudora.com/qpopper/ hth, stephan.
Hoi Stephan, I tried your input and here is the result in the mail log, i believe this is due to the rpm install. yould you know how to change this? Jan 14 08:28:25 eoel popper[7136]: The "tls-support" option cannot be used because a required compile-time option was not set. See the Administrator's Guide for more information (line 2 of config file /etc/qpopper.cnf) [pop_config.c:1408] regards -----Original Message----- From: Stephan Krause [mailto:Stephan.Krause@eurogate.de] Sent: Monday, January 14, 2002 8:19 AM To: Evert Smit Cc: suse-security@suse.com Subject: Re: [suse-security] POP3S using qpopper and sslwrapper Evert Smit wrote:
Hi all,
first post to the group, so bear with me :)
I am trying to setup an encryptet way to enable myself and my company an encryted communication with our external mail server.
So far i have gotten the following: Suse 7.3 with qpopper 4.x and sslwrap 2.10 Entry in the inetd.conf file - pop3s stream tcp nowait root /usr/sbin/popper -s /usr/sbin/sslwrap -cert /usr/ssl/certs/certificatename.pem -port 110
Error i get in /var/log/mail Jan 14 07:50:12 eoel -s[6075]: (null) at line-zh-103-029.adsl.xxx.xx (x.x.x.x): -ERR POP EOF or I/O Error [popper.c:794]
This concludes to me, that i've been doing something wrong :) Now if someone has done this before, would it be possible to englighten me, as i cannot really find the same information on the web. And while we're at it, i would lke to do the same thing for the smtp protocol using sendmail.
regards Evert
oot: if someone knows a link where setup of sendmail with user authentication is explained.. i will be thankful for the rest of my life ;)
Hi Evert, POP3S works on port 995 try this: inetd.conf: pop3 stream tcp nowait root /usr/sbin/tcpd /opt/popper/sbin/popper -s -d ## port 110 pop3s stream tcp nowait root /usr/sbin/tcpd /opt/popper/sbin/popper -f <POPPER-CFG-FILE> ## port 995 ## (you can use both in parallel) <POPPER-CFG-FILE>: set clear-text-password = ssl set tls-support = alternate-port set tls-version = all set tls-server-cert-file = <MAIL-SERVER-CERTIFICATE> see the documentation how to generate your own certificate (with openssl): http://www.eudora.com/qpopper/ hth, stephan.
Evert Smit wrote:
Hoi Stephan,
I tried your input and here is the result in the mail log, i believe this is due to the rpm install. yould you know how to change this?
Jan 14 08:28:25 eoel popper[7136]: The "tls-support" option cannot be used because a required compile-time option was not set. See the Administrator's Guide for more information (line 2 of config file /etc/qpopper.cnf) [pop_config.c:1408]
regards
Hi Evert, you have to compile ssl-support into the executable <QPOPPER-SRC-DIR>/configure <YOUR-OPTIONS> --with-openssl The sources you get at www.qualcomm.com/qpopper btw, we do not use ssl-wrapper. much luck and success, stephan.
i switched to imap/pop server, as compiling the qualcom source code didn't really work :( here is my config, based on the past input i used stunnel, pointet to my pem file pop3s stream tcp nowait root /usr/sbin/stunnel ipop3d -p /usr/local/ssl/certs/mail.pem -l /usr/sbin/ipop3d ipop3d Here the error Message Jan 14 10:15:26 eoel stunnel[13909]: Using 'ipop3d' as tcpwrapper service name Jan 14 10:15:26 eoel stunnel[13909]: stunnel 3.14 on i386-suse-linux PTHREAD Jan 14 10:15:26 eoel stunnel[13909]: ipop3d connected from 212.53.103.29:14388 Jan 14 10:15:26 eoel stunnel[13909]: SSL_accept: error:00000000:lib(0):func(0):reason(0) So it seems that stunnel works, but something goes wrong with the SSL I use outlook 2000 to check this mailbox and create this error the ssl file is in the right location with root.wheel 700 setting any input? because i am terribly lost ;) thanks Evert
i switched to imap/pop server, as compiling the qualcom source code didn't really work :(
On Mon, Jan 14, 2002 at 10:22:27AM +0100, Evert Smit wrote: pitty. the uw-ipop3d (package imap) has ssl compiled in, no need to use wrappers. you just have to add pop3s stream tcp nowait.100 root /usr/sbin/ipop3d ipop3d to /etc/inetd.con and make sure there is an entry pop3s 995/tcp spop3 # pop3 protocol over TLS/SSL in /etc/services. there is a hint not to use tcpd wraper for this since it does not work, who knows wy? and you have to put your certificate/key into /usr/src/openssl-0.9.6/certs/ipop3d.pem in *contrast to what the docs say*, probably an packaging error (c)by suse... but then it works. hope that helps... lars
participants (5)
-
Evert Smit -
Kurt Seifried -
l.g.e@web.de -
Stephan Krause -
Thomas Lamy