Re: RE: [suse-security] how to handle attacks by abused systems
Not that being ignored in these cases is common, and at least in my (not so big) experience a mail has been more than enough to have the offending computer secured. Anyway, a lot of what you can do in these circumstances depends on the laws of the state(s) where you and your unwillful attacker live: in Italy for example is perfeclty legal/plausible to inform the police authorities of the attack and have them handle the case (and in some universities sysadmins are required to do this). Obviosly doing this isn't very polite ;) , but if an Italian sysadmin continues to ignore my warnings and I continue to get attacked by his computers, then that's another option I have. A question to all listmembers: in your state, are there laws that allow you to sue an attacker, or otherwise allow you to seek police assistance, even when *no damages* have been done to your systems? A cross reference could be useful, since if I know that (for example) in France there are similar laws that disallow the use of computers as intrusion devices, then I could "escalate the problem" to the police even for extranational attacks from there (they should contact their colleagues in the other state, as long as there are collaboration treaties). CIao, Roberto.
Does SuSE have any plans to implement the following patch in their "standard" dhcp server dhcpd? It allows you to easily run the dhcpd server as a non root user and chrooted, just like BIND. If not I'd be curious to know why (if you already are I'll just shutup and wait for my copy of SuSE before I post anymore things like this =). http://users.phri.nyu.edu/~edelkind/custom/public/patches/dhcp-2.0+paranoia. patch Kurt Seifried, seifried@securityportal.com SecurityPortal - your focal point for security on the 'net
Hi. On Tue, 28 Nov 2000, Kurt Seifried wrote:
Does SuSE have any plans to implement the following patch in their "standard" dhcp server dhcpd? It allows you to easily run the dhcpd server as a non root user and chrooted, just like BIND. If not I'd be curious to know why (if you already are I'll just shutup and wait for my copy of SuSE before I post anymore things like this =).
http://users.phri.nyu.edu/~edelkind/custom/public/patches/dhcp-2.0+paranoia. patch
Thanks for the hint - this patch has not been added yet. However, I have filed a bug/enhancement report about that, so it should be added for the next release. LenZ -- ------------------------------------------------------------------ Lenz Grimmer SuSE GmbH mailto:grimmer@suse.de Schanzaeckerstr. 10 http://www.suse.de/~grimmer/ 90443 Nuernberg, Germany Pain is a part of all life. Misery is at your option.
Thanks for the hint - this patch has not been added yet. However, I have filed a bug/enhancement report about that, so it should be added for the next release.
Excellent, it took me about 10 minutes to modify the stock redhat rpm for dhcp, mostly spent trying to find an error (made a typo in the spec file, heh) and it works perfectly (I'm mostly interested in the non root aspect, chroot is useless 9 times out of 10). I will be bugging other vendors to do this to =).
LenZ
-Kurt
On Tue, Nov 28, 2000 at 02:15 -0700, Kurt Seifried wrote:
[ ... patch to run dhcpd non-privileged ... ]
I will be bugging other vendors to do this to =).
Like the ISC team themselves? :> The best way of spreading these extensions might be the source they all derive from or which they deliver / import unmodified. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.
Like the ISC team themselves? :> The best way of spreading these extensions might be the source they all derive from or which they deliver / import unmodified.
If they were willing to do it they would have done it a LONG time ago. I assume Bind 9 is their sexy priority right now, plus if vendors are shipping this patch with their stock version it gives me more ammunition when I got to them. In other words I'm learning how to massage the system =) -Kurt
Hi, On Tue, 28 Nov 2000, Kurt Seifried wrote:
If they were willing to do it they would have done it a LONG time ago. I assume Bind 9 is their sexy priority right now, plus if vendors are shipping this patch with their stock version it gives me more ammunition when I got to them.
In other words I'm learning how to massage the system =)
You will now have some more ammo: the patch has been applied. If the tests look good, we will provide an updated package on the ftp Server. Thanks for the hint! LenZ -- ------------------------------------------------------------------ Lenz Grimmer SuSE GmbH mailto:grimmer@suse.de Schanzaeckerstr. 10 http://www.suse.de/~grimmer/ 90443 Nuernberg, Germany Your future, with the Maker or the Baker is up to you.
You will now have some more ammo: the patch has been applied. If the tests look good, we will provide an updated package on the ftp Server.
Thanks for the hint!
One better: http://www.securityportal.com/closet/ this weeks closet covers DHCPD, prolly should be read by anyone here using dhcpd =).
LenZ
-Kurt
On Tue, 28 Nov 2000, Kurt Seifried wrote:
Does SuSE have any plans to implement the following patch in their "standard" dhcp server dhcpd? It allows you to easily run the dhcpd server as a non root user and chrooted, just like BIND. If not I'd be curious to know why (if you already are I'll just shutup and wait for my copy of SuSE before I post anymore things like this =).
http://users.phri.nyu.edu/~edelkind/custom/public/patches/dhcp-2.0+paranoia. patch
it looks more secure then the last time you asked about it, but it still missed to call initgroups(). the author should add initgroups()! Bye, Thomas -- Thomas Biege, SuSE GmbH, Schanzaeckerstr. 10, 90443 Nuernberg E@mail: thomas@suse.de Function: Security Support & Auditing "lynx -source http://www.suse.de/~thomas/thomas.pgp | pgp -fka" Key fingerprint = 09 48 F2 FD 81 F7 E7 98 6D C7 36 F1 96 6A 12 47
participants (5)
-
Gerhard Sittig -
Kurt Seifried -
Lenz Grimmer -
r.maurizzi@gvs.it -
Thomas Biege