| |
| |
| |
|
Page: 1 2 3 4 5 6 7 8
Comments:
<0> its over
<1> annnd it sover
<2> hehe =D :P
<1> luckely i use shift
<1> i hate rebooting :{
<3> Ah. Never lasts quite long enough does it?
<1> it started out as a hour, but that was a biiit to long
<2> Lol :P
<2> But seriously
<2> Can you guys learn me to hack whitehouse.gov?
<3> ziller|jo, actually having linux installed is always a start
<2> Yeah i got it
<3> Are you in it?
<2> yeah
<2> on my left comptuer
<2> computer
<3> Your 'left' computer?
<2> got 3 computers, 1 on left. 1 middle, 1 right
<2> my left has debian on it
<2> my right is mac
<2> and my middle is this
<3> So why aren't you posting from the debian box?
<4> Well now, how do i hack?
<0> God I love Debian
<0> it is just the very best Linux distribution for deploying in production
<5> me too
<0> everything else is laughable
<0> even RHEL
<0> up2dateJSDERRORRRRRR *slaps it with yum*
<3> /especially/ rhel.
<0> hehe
<6> Napta: agreed!
<0> I think everyone in here agrees ;)
<0> Some of the largest sites in the world run debian linux, which is nice.
<6> It's certainly the easiest to maintain.
<7> hi folks
<7> so I'm having a really stupid moment (one of many)
<7> I'm not getting what "stateful" means with stateful firewalls
<8> What of them?
<9> punani: iptables?
<10> i heard iptables is the user-space process used to administer iptables kernel parts on top of netfilter, somewhat like ipchains was in 2.2.. NOT a virgin, see ipchains, or ask me about <netfilter docs>, or at http://netfilter.samba.org/.(check it out because iptables (2.4.x) has some security holes) See also: masq, or try #iptables for help, or and a nice script to make a basic iptables script is at http://www.e3.com.au/firewall/index.php
<7> ok, so I've set up my nice shiny firewall using firehol
<7> (which rocks)
<7> and iptables -L tells me there's lots of firewall goodness happening
<7> but then when I nmap the box, it shows all the open ports and tells me lots of (scarily accurate) information about my server
<7> I thought "stateful" meant that things like portscanners would just see nothing
<7> or does it only refer to multiple packets during the same session (ie. connection) ?
<7> in which case, what options are there for cloaking myself from portscanners in debian?
<11> hmm
<11> do you need to run public services?
<7> yep
<7> smtp, imap/s, http/s, ssh
<11> there isnt really much to do then
<7> ok, as long as I know that, I'll stop trying to solve it :)
<7> just that I was sure there were some special pixies that would detect portscanning and Do Something (TM)
<11> yeah
<11> thats possible
<11> theres snort plugins which block via iptables
<11> but is portscanning really that harmfull to you?
<0> a firewall, and Apache ServerTokens directive
<11> security trough obscurity?
<0> security by patching your box and keeping up to ate?
<0> s/ate/date
<0> tastapod: You can code (or download?) scripts to troll log files and take action against attackers.. e.g if somebody gets 5 bad login attempts via ssh, add their IP to iptables
<0> of course, they should _never_ be able to get in via SSH, but it's one more layer of protection
<12> techicanlly you can't cloak from portscanners
<12> you can, however, block the most brutal port scans quite easily
<12> except for maybe the first couple of ports, depending on your system
<13> sshdfilter and portsentry :P
<12> but I would have to say that doing that is more h***le than it's worth.
<12> people can still portscan you unless you develop a way of looking into the future
<12> you can't have the door unlocked and locked at the same time, basicly
<13> port scans get blocked on my servers at the first few ports scanned
<0> The biggest threat I find these days are attacks on the web application layer
<0> e.g. XSS/SQL Injection, general PHP badness
<12> Spfy: that's just the most obvious ones
<1> PHP is still too insecure
<12> Napta: I completly agree.
<13> Hostname: Xeon - OS: Linux 2.6.17.6-cks1-hrt-dyntick5-grsec-Xeon/i686 - Distro: Debian 4.1 - CPU: 4 x Intel(R) Xeon(TM) (2658.251 MHz) - Processes: 180 - Uptime: 51d 22h 46m - Users: 4 - Load Average: 0.20 - Memory Usage: 380.77MB/2021.30MB (18.84%)
<12> php isn't insecure.
<2> a great way to stop port scan. if 10 ports are tried opened in 10 sec you know something is wront then block the ip
<12> but the **** people make using php is insecure
<1> 4.1? O_O
<13> It works tho, bans their ip for good.
<11> php is very secure
<0> You can harden your php installation.. but you do have to trust programmers not to be retarded and allow their sites to be taken over
<0> you don't need to compromise the SERVER
<0> just the APPLICATION
<0> ie.. myspace
<0> ;)
<12> exactly
<11> you can harden my cokc
<11> please
<1> :p
<1> no ty
<13> lol
<0> you guys missed CAPS hour :(
<0> well, caps 10mins
<11> yeah
<0> we need a bette rname
<11> i was in a m***age
<1> anywayz, bbl, gotta babysit my sisters kids
<0> **** YOU SUN KEYBOARD
<0> later Tsunami
<13> :P
<11> maybe tribute to C64
<0> ok.. my disk just spun down
<12> Spfy: do you realise that most portscans originate from unknowing zombies ?
<0> it heard me
<11> Kristian: im not unknown, bitch
<13> Yup, I'm aware of that. :)
<12> rza: ah, but you ARE a zombie ?
<11> no u
<0> just zombie looking
<0> :D
<12> Spfy: and do you realise they more often than not are using dynamic ip adresses ?
<0> how was the m***age, rza?
<0> did you feel the ladys butt ?
<11> it was fine
<11> no happy ending :(
<0> :(
<13> Yeah, I just leave them banned, no reason for them to be unbanned.
<0> most ladies at my old m***age place give "extra services" if you wanted them
<0> to you.. and your partner
<12> Spfy: ah, I like that
<13> I hsot free shell accounts so its important to do so.
<12> hey guys, who want's to spoof some ip's and dos Spfy's servers ?
<0> check this..
<13> hehe you can try it. :P
<12> don't you realise you've set yourself up for a DoS ?
<11> its not hard to spoof ip
<13> Its not like people haven't tried before. :P
<0> hmm, there are no blocked badguys in my ipfw today.
<0> usually atleast 5 or so
<11> if you dont need the packets to return
<13> I'm not going anywhere... lol
<13> I get too bored. :P
<0> free shell accounts?
<0> jesus christ you are brave
<0> I wrote a paper on shells a few years ago
<11> i know
<13> Its a fun hobby. :)
<0> and I basicly wrote..
<11> im quite brave
<12> jes I belive jesus christ is quite brave
<0> PEOPLE ONLY BUY SHELL ACCOUNTS TO DO ILLEGAL ACTIVITIES THAT THEY WOULDN'T DARE DO ON THEIR OWN CONNECTION
<13> FireEgl and I both do.
<13> Our shells are very limited.
<0> I used to run a free shell service, quite a small operation. but it was so much effort
<0> everyone was out to hack you
Return to
#debian
or
Go to some related
logs:
#beginner
#tcl
kn00n mirc compiler .de
suburbanamateurs + pass
#stocks
#photoshop
translated ATA stat/error 0x51/40
#ubuntu
efnet xxxpasswordl
#worldcup
|
|