| |
| |
| |
|
Page: 1 2 3 4 5 6 7
Comments:
<0> no
<1> cool.
<1> thats what I thought.
<2> obscure means hide or hidden
<0> version of the program, the older it is, the more chance that there is an exploit
<0> banner is only the advertised version/name... most script kiddy run automated attack that blindly try an attack...
<0> obscurity: you don't see it
<1> yea but if the attacker doesn't know if your running apache or IIS or what version of ssh your useing they pretty much have to do a noisy attack by trying everything.
<0> and usually also mean you can't reach it
<0> hence why that a good security mesure will be: GOOD configuration with chroot jail, log analysis, update schedule and some kind of obscurity when it's possible
<0> i.e. a web server that only need to be accessed from this and that ip should be securised by config, and I would hide it from all the other ip too
<1> http://en.wikipedia.org/wiki/Security_through_obscurity <-- this was my understanding of it. Probably since I always though of it in encryption
<0> people that don't know that it exists need to find it somehow first
<1> use secrecy (of design, implementation, etc.)
<1> if you consider getting back an RST as being hidden.
<0> it all depend on how you do it...
<0> unfortunatelly, they talk mostly about an braindead admin who know that there is some vulnerability and hide them
<1> is getting an RST back suitable for you a****aka or do you insist the server act as a black hole when unacceptable SYNs come in.
<1> who is they thats "talking"?
<0> scan my comp I have sshd running, you will never see it
<0> I configured iptables to reply with a port closed
<0> the reason why sshd is running is that I sometime have to access it from the outside
<0> from a static ip
<0> that ip is allowed, the others are blocked
<0> so the only way to break in is to find a bug in iptables or find which one of the unique ip I use, hack it then hack me
<0> but
<0> if I would rely only on that I would be stupid
<0> if iptables fall, then my sshd is still strong enought to handle the attack
<1> is iptables suid root?
<1> is it in the kernel?
<1> where is it
<0> kernel module
<1> well if you can't trust the kernel whats the point lol. I guess your safe.
<0> iptables "should" be bugfree
<0> if it's exploitable then about all linux machine and many home router will be affected
<3> nothing will ever be bug free, were only human
<0> NetBSD: I have a good question for you
<1> yea I agree
<3> ok
<0> if you make a robot that know how to program
<0> and you make it correct it's own code
<0> would it be bugfree?
<3> will still have human errors because a human built the bot
<1> NP complete
<1> problem
<0> after all, it got written by an human
<0> but recoded by a bugged program
<3> errors are a part or life, we learn by them, therefor improving
<1> if a robot can program itself I'm heading for the hills
<0> now.. let it recorrect himself...
<0> after let's say 10 generation
<0> will there still be a bug?
<3> A****aka, in the end it was still programmed by a human
<0> yes, but what cause the bug? attention error
<0> so I wonder after a few generation if all the bug would go away
<1> its hard to answer that since we don't know how AI will play out. It the robot's ai as at a human level then it will get closer to bug free code after each generation provided your not adding features.
<3> A****aka, possibly, this is something i dunno untill they try it
<3> for all we know it till be "Terminator" but for real, lol
<3> judgement day
<0> crc: yeah.... but then if the robot itself then add those features after a few generations...
<0> like it could code it's own off-by-one error detector
<0> (which is very comon)
<1> Perhaps if you force the robot to use algo proving when building its code (It certainly has more short term memory to do so) then it can write pure code.
<0> buffer overflow possibility detector and all
<3> yeah but what are you? human, so there will be bugs in that part aswell =P
<0> NetBSD: yup, but I wonder how many generation they will be totally gone
<0> imagine a robot that learn
<1> no no have the robot keep its data and code seperate so you never have the possability of a buffer overflow.
<0> feed him all the complete documentation..
<3> i gotta start rebuilding my router soon, it needs a new cpu/ram and kernel :/
<1> your turning a PC into a router?
<3> yeah
<3> my linksys finally died
<1> an edge router?
<1> maby I'm too paranoid
<1> or maby I just don't know ipchains
<3> im still doing alot of reading on iptables
<1> you got a URL?
<3> but aparently i didnt build it into the 2.6.8 kernel
<3> well i started the system with http://www.gentoo.org/doc/en/home-router-howto.xml
<3> then im on google bout iptables
<1> cool.
<1> I did google on ipchains a few months ago but got miffed when the docs I kept finding wouden't discretly define a chain or a table except that one is apart of the othert
<1> what was that URL again?
<0> ipchains is dead
<0> http://www.gentoo.org/doc/en/home-router-howto.xml
<0> it'S iptables now
<3> thanks A****aka
<1> really? Oh thats right iptables is the newer one
<0> ipchain died in the 2.2.x or so
<1> thanks for correcting me.
<3> crc, i really dont care about my systems, if someone really wants to root these boxes for its useless data let them, just gives me a reason to get off the internet and go outside :)
<3> ill try to protect it the best i can tho
<1> When I saw ipchains (obsolete) I was thinking Oh great a 3rd version is comming out?
<0> I try to protect my box as much as it's possible
<0> the way I do it is simple: try to make the local service only available on the local interface, listen only to it
<1> I try to protect my boxes up to and before the point where they become useless
<0> if I can't then I firewall it
<1> example of "the local service"?
<3> wow my server kernel is really outdated, im on 2.6.8 and 2.6.14-r5 is out :/
<4> mortzii masii de redirect
<1> yea we understand that.
<0> stay on 2.6
<0> err
<0> 2.6.8
<4> you now i curse no?
<3> i need to recompile anyway
<0> 2.6.9 and up have a OOM killer issue
<3> i forgot iptables in 2.6.8
<1> me no under stand you
<4> i cand understand on some forums tell me how to do it but don;t work
<3> ive used 2.6.14 before
<0> I have 2.6.14
<0> and the OOM killer kick in often :/
<3> i never had a problem
<0> but only when vmware and azureus run
<1> me neither.
<3> yeah i had vmware problems, thats it
<1> but why would the OOM killer still be around after discover in 2.6.9
<0> ask linus...
<0> it's time for linux to retire...
<0> err
<0> linus
<0> he want to add more feature
<0> he don'T care about bugs
<3> why, so the kernel is even bigger?
<1> try_to_free_pages()
<1> I like the name of that
<0> NetBSD: no, so more hardware work
<5> I don't think I would let OOM killer stop me from upgrading my kernel :)
<1> I don't know. Sounds scarey now that I'm reading it.
<3> A****aka, theres only a handfull that dont work tho isnt there
<1> Shoulden't the system just shutdown gracefully
<0> NetBSD: true and false
<0> only a small part don't work
<0> but in what work there is only a small part that fully work
<0> my soundcard work, but no hardware mixing and no midi
<0> mpu401 work, but no record
<0> recently they added wave recording
<3> i never felt the need for that stuff, aslong as i could code/play mp3's/watch movies i was good
<0> my 2 wireless nic have alpha drivers
<3> wireless is one thing i didnt mess with yet on linux
<0> try to run winmodem
<3> ive tried getting a winmodem working once
<3> i gave that up quick
<0> my inkjet printer, I can'T use the full resolution
<0> I'm supposed to be able to do 2400x1200
<0> I can only do 600x600
<3> see i never tried all that stuff, all of that is on the windows box
<0> and I can't calibrate it
Return to
#gentoo
or
Go to some related
logs:
#linux
ifup command not found
ro mintix
java.util.Arrays.mergeSort(Unknown Source) classcastexception
#AllNiteCafe
#apache
casio gs-shock
#chatzone
#linuxhelp
Scandinavian country boasts the world's highest per capita rate of borrowing fro
|
|