|
Security Server Information
2
|
> HOW do I "set the sticky bit" of /tmp?
It is indicated by a t in the executable bit of the ls listing
drwxrwxrwt 6 root root 1024 May 28 00:04 /tmp
^ small `t' mean sticky and executable
and you set it chmod as usual.
chmod o+t /tmp
See the chmod man page for more information.To enable plain-text passwords:
1. Start->Run.
2. Type regedit.
3. Add the DWORD value to the
Registry entry EnablePlainTextPassword (reg Dword) 1 in the following
Registry location:
Win98:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSETUP
WinNT:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters
NOTE: In the string "EnablePlainTextPassword"there are no spaces and case is important.
A system of simultaneous linear equations is written
Ax = b
where A is the coefficient matrix, b is the right hand side, and x is the solution. A is assumed to be a square matrix of order n, but some of the individual routines allow A to be rectangular. If there are several right hand sides, the system is
AX = B
where the columns of B are the individual right hand sides, and the columns of X are the corresponding solutions. The basic task is to compute X, given A and B.
http://sourceware.cygnus.com/gsl/
djbdns is a DNS package by DJ Bernstein that consists of
From: werner@visaw.rus.uni-stuttgart.de (Andreas Werner)
Newsgroups: comp.sys.sgi.admin
Subject: Re: sshd
Date: 8 Apr 2000 19:42:51 GMT
Organization: Comp.Center (RUS), U of Stuttgart, FRG
there are lots of ways to do this, but the SGI typical way is:
1. Create a file /etc/init.d/sshd containing the following:
====================================
#! /bin/sh
#
# start up ssh server at boot
#
case "$1" in
'start')
if /sbin/chkconfig sshd ; then
if test -x /usr/local/sbin/sshd; then
/usr/local/sbin/sshd
fi
fi
;;
'stop')
/sbin/killall sshd sshd1
;;
*)
echo "usage: $0 {start|stop}"
;;
esac
#
====================================
2. Create two links:
# ln -s ../init.d/sshd /etc/rc0.d/K01sshd
# ln -s ../init.d/sshd /etc/rc2.d/S99sshd
3. Create a config variable:
# chkconfig -f sshd on
That's all, including the possibility to configure the daemon
on or off woth the 'chkconfig' command.
For the experts: Yes, I know that the 'killall' command will
kill user ssh daemons, too, but that's exactly the thing I want
when the machine shuts down ;-)To: Exploit-Dev
Subject: Re: ssh-1.2.27 remote buffer overflow - exploitable
Date: Mon Nov 08 1999 21:24:17
Author: Daniel Jacobowitz
Message-ID: [19991109112417.A30046@drow.res.cmu.edu]
On Tue, Nov 09, 1999 at 01:48:53AM -0000, Frank wrote:
> This is submitted to the Freebsd bug tracking system, although there
> are doubtless other vendors who leave this package, despite the
> existence of the ssh-2.X. While Debian appears to be immune, I was
> able to crash my ssh daemon (much to my dismay), and there appears
> the potential to execute arbitrary code, as long as you encrypt it
> first...
>
> Here is the freebsd report.. it describes the method to crash a
> remote Ssh daemon (lets hope you ran sshd from your xinetd, etc).
>
> http://www.freebsd.org/cgi/query-pr.cgi?pr=14749
>
And here's a patch. Not tested, as I don't use the rsaref glue on any
machine here.
Dan
/--------------------------------\ /--------------------------------\
| Daniel Jacobowitz |__| SCS Class of 2002 |
| Debian GNU/Linux Developer __ Carnegie Mellon University |
| dan@debian.org | | dmj+@andrew.cmu.edu |
\--------------------------------/ \--------------------------------/
--- rsaglue.c.orig Tue Nov 9 11:12:32 1999
+++ rsaglue.c Tue Nov 9 11:17:58 1999
@@ -139,6 +139,10 @@
input_bits = mpz_sizeinbase(input, 2);
input_len = (input_bits + 7) / 8;
+ if(input_bits > MAX_RSA_MODULUS_BITS)
+ fatal("Attempted to encrypt a block too large (%d bits, %d max) (malicious?).",
+ input_bits, MAX_RSA_MODULUS_BITS);
+
gmp_to_rsaref(input_data, input_len, input);
rsaref_public_key(&public_key, key);
@@ -172,6 +176,10 @@
input_bits = mpz_sizeinbase(input, 2);
input_len = (input_bits + 7) / 8;
+ if(input_bits > MAX_RSA_MODULUS_BITS)
+ fatal("Received session key too long (%d bits, %d max) (malicious?).",
+ input_bits, MAX_RSA_MODULUS_BITS);
+
gmp_to_rsaref(input_data, input_len, input);
rsaref_private_key(&private_key, key);
So you can install the bzipped JDE, obtain bzip2 and install this extraction software.
Summary posted on the WGET Mailing List
SUMMARY:
Any strength encryption can be exported without a license to anybody
except governments in all countries but the terrorist 7 (Cuba, Iran,
Iraq, North Korea, Libya, Syria, Sudan).
"Government" is limited to entities performing governmental functions or
producing munitions.
"Retail" products can be exported to Governments without a license.
"Retail" products now include web-based products with equivalent
functionality to those you would traditionally consider to be retail
(generally available, and not easily morphed into something or so
complicated that you need a service agreement--but this standard
doesn't apply to web-based products, so long as the functionality is
equivalent)
Publically available source code can be downloaded without restriction
(you have to give the Bureau of Export Administration (BXA) the url),
but if you enter into an license to allow someone to commercially
develop a product based on the software AND you charge a royalty or
license fee, you have to report the name, address and description of
the intended product to BXA.
You can sell anything to ISPs and telcos without a license, and they
can provide services based on this to all entities except governments.
A license is required if the ISP or telco wants to provide a non-retail
service specific to government end-users.
There are certain review and reporting requirements, which should be
reviewed with the full text of the regulation at:
http://www.bxa.doc.gov/Encryption/pdfs/Crypto.pdf
Most companies implement a Reverse DNS check to see where the download
is coming from and compare that against a Restricted Countries and Parties
("terrorist" countries and known terrorists). This mechanism can certainly
be spoofed, but it is a best effort approach. Kinda silly in some cases,
but it is U.S. Export Law.
|
5.6. Can I use ssh to protect services like FTP or POP?If you want to avoid sending FTP passwords in cleartext over the net, you can use ssh to encrypt your command channel. This will still leave your data channel open to all attacks on TCP, and will not work through a firewall. You can either use ftpsshd by Per-Erik Martin at http://www.docs.uu.se/~pem/hacks/ for SSH1, or you can do this by hand. SSH1: Suppose you are on a host called myhost and want to initiate a ftp connection to ftphost. On myhost, you do myhost$ ssh -L 1234:ftphost.example.com:21 ssh-serverThis logs you on to ftphost and also forwards connections to 1234 on myhost to ftphost. Note: You need to use -g if you're forwarding to localhost (SSH1 only). Then, in another window, you do myhost$ ftp localhost 1234 220 ftphost FTP server (Foonix 08/15) ready. Name: (myhost:yourname): 331 Password required for yourname Password: 230 User yourname logged in.This works if the remote ftp daemon accepts PORT commands which specify a different host from the one the command channel appears to come from, and if the ftp client always uses PORT. This is true for vanilla UNIX ftp client and ftpd servers; it may not work for more advanced ftpds, such as wu-ftpd. For servers which do not accept this, you can see wether you ftp client supports passive mode, and wether the ftp server accepts PASV. Note, however, that unencrypted ftp data connections are still vulnerable to session hijacking and snooping. SSH2: Just use sftp instead. :-) For POP, Stephane Bortzmeyer (bortzmeyer@pasteur.fr) has written a script which protects the mail transfer and passwords ussing ssh. It requires no modification to existing POP servers or clients, and is available from ftp://ftp.internatif.org/pub/unix/gwpop/ . Or, you can use similar means for secure POP: myhost$ ssh -L 1234:popserver.example.com:110 ssh-server Other services could be secured by similar means. 5.7. Can I use ssh across a Socks firewall?Socks 4 and 5 support should work in 1.2.16 or later. Socks support in
version 2.0.11 and later should work.
|
Newsgroups: comp.security.unix Subject: Re: secure pop from sniffing From: [bglbv@my-deja.com] X-Newsreader: Gnus v5.7/Emacs 20.6 Date: 06 Jun 2000 20:29:54 +0100 "Bernd Dürrer" [duerrer@ika.ruhr-uni-bochum.de] writes: > "kukulkan" [isman@fsksm.utm.my] schrieb im Newsbeitrag > news:393C65B2.5A676C14@fsksm.utm.my... > > any software/methods to secure pop(esp. Eudora users) from being sniff?I > > have ssh here to protect remote login and file transfer, but still it > > has no meaning If I cannot have the pop to be secure .. > You want to use the port forwarding capabilities of SSH: Have a look at > http://www.employees.org/~satch/ssh/faq/ssh-faq-5.html#ss5.6 > > If this doesn't help you, please post what SSH implementation on what OS > your pop users are using. I don't think Eudora supports the SSH protocol at all. What it might support is: (a) APOP (Authenticated POP), which involves transmitting a (non-replayable) hash of the POP password and of a challenge sent by the POP server. The POP password is distinct from the password used for interactive logins. (b) POP over an SSL tunnel (to port 995 rather than 110). If I remember correctly, Eudora can do (a) but not (b), while Netscape Messenger can do (b) [but not (a)?]. It's probably wise to support both. And to make the POP passwords different from the login passwords in any case. Also make sure your POP server has no known security holes. (Some versions of Qpopper are to be avoided, for example.) |
From: eitz@weh.rwth-aachen.de (Holger Eitzenberger) Newsgroups: comp.security.unix Subject: Re: secure pop from sniffing Date: 7 Jun 2000 09:22:00 GMT Organization: RWTH Aachen Lines: 16 On Tue, 06 Jun 2000 10:45:06 +0800, isman@fsksm.utm.my (kukulkan) wrote: >any software/methods to secure pop(esp. Eudora users) from being sniff?I >have ssh here to protect remote login and file transfer, but still it >has no meaning If I cannot have the pop to be secure .. You may want to use APOP (authenticated POP3), which i use also. Both QPopper (on server side) and fetchmail (on client side) support it. APOP uses an encrypted one-time key to get mail. Holger -- + GnuPG Public Key -> finger eitz@jonathan.weh.rwth-aachen.de + |
| Using APOP at NCSA - What is APOP?
|
http://www.cert.org/incident_notes/IN-99-01.html Automated Scanning and Exploitation http://www.cert.org/incident_notes/IN-98-06.html Probes with Spoofed IP Addresses http://www.cert.org/incident_notes/IN-98-05.html Advanced Scanning http://www.cert.org/incident_notes/IN-98.04.html New Tools Used for Widespread Scans http://www.cert.org/incident_notes/IN-98.02.html The most frequent reports involve well-known vulnerabilities in mountd, IMAP, and POP3. These services are installed and enabled by default in some operating systems. See the following advisories for more information: sunrpc (TCP port 111) and mountd (635) http://www.cert.org/advisories/CA-98.12.mountd.html IMAP (TCP port 143) http://www.cert.org/advisories/CA-98.09.imapd.html POP3 (TCP port 110) http://www.cert.org/advisories/CA-98.08.qpopper_vul.html
(23) telnet (53) dns (79) finger (80) web (110) pop (111) SunRPC & NFS (UDP and TCP) (143) imap (1080) socks (2049) nfs (UDP) (6000) X
From: Barry Margolin [barmar@bbnplanet.com] Newsgroups: comp.security.unix Subject: Re: Port Numbers List. Enjoy. In article [37de9d3b.528020403@news1.cal.metronet.ca], Jim Hutchison [Jim Hutchison] wrote: >There's a few posters wanting to know what services are associated >with certain port numbers. Here's a list I've been working with that >has been a great help. What's the Yes/No at the end of each line? >0 ICMP Click attack Yes ICMP doesn't have a port number, since it's not TCP or UDP. >19 UDP Chargen Yes >21 TCP Detects if someone is trying to FTP to you. No >23 TCP Detects if someone is trying to Telnet to you. No >53 TCP DNS Yes >129 TCP Password Generator Protocol Yes >137 TCP Netbios name (DoS attacks) Yes >138 TCP Netbios datagram (DoS attacks) Yes >139 TCP Netbios session (DoS attacks) Yes >555 TCP Stealth Spy - Beta 3 No >666 TCP Attack FTP No >1027 TCP ICQ Yes >1029 TCP ICQ Yes >1032 TCP ICQ Yes >1080 TCP Used to detect Wingate sniffers. Yes >1243 TCP Sub Seven (Also see TCP 6776 and TCP 6711) No >1981 TCP Shockrave No >2140 UDP Deep Throat No >2989 UDP Rat No >3150 UDP Deep Throat No >5000 2 TCP Detects & blocks Sokets de Trois v1. Yes >5001 TCP Detects & blocks Sokets de Trois v1. Yes >6711 TCP Sub Seven (Also see TCP 1243 and TCP 6776) No >6776 TCP Sub Seven (Also see TCP 1243 and TCP 6711) No >6969 TCP Gate Crasher No >7300 TCP Net Monitor No >7301 TCP Net Monitor No >10067 UDP Portal of Doom No >10167 UDP Portal of Doom No >12076 TCP GJamer No >12345 TCP Netbus No >12346 TCP Netbus No >20000 TCP Millennium No >20001 TCP Millennium No >21554 TCP GirlFriend No >23456 TCP EvilFTP No >30100 TCP NetSphere No >30102 TCP NetSphere No >31337 UDP Backorifice (BO) No >31337 TCP Netpatch No >31338 UDP Deep BO No >31785 TCP Hack'a'Tack No >31789 UDP Hack'a'Tack No >31791 UDP Hack'a'Tack No >40421 TCP Master's Paradise - Hacked No >40422 TCP Master's Paradise - Hacked No >40423 TCP Master's Paradise - Hacked No >40425 TCP Master's Paradise - Hacked No >50505 TCP Detects & blocks Sokets de Trois v2. No >54320 TCP Backorifice 2000 No >54321 UDP Backorifice 2000 No >65000 TCP Devil No
7777 Unreal, Klingon Honor Guard 22450 Sin 26000 Quake 26900 Hexen 2 26950 HexenWorld 27015 Half-life 27500 QuakeWorld 27910 Quake 2 28910 Heretic 2
"You can diagnose most memory leaks with Performance Monitor and several Microsoft Windows NT Server 4.0 Resource Kit utilities. (For a list of resource kit tools, see the sidebar "Resource Kit Tools for Diagnosing and Monitoring Memory Leaks.")"
The TNEF implementation defines several TNEF-specific attributes, each of which corresponds to a particular MAPI property. These attributes are used to encode their respective MAPI properties into the TNEF stream. In addition, a special attribute is defined that can be used to encapsulate any MAPI property that does not have a specific attribute corresponding to it. The reason these attributes are defined instead of simply using a uniform encoding method for all MAPI properties is to enable backward compatibility with non-MAPI-compliant software that is using TNEF such as Microsoft Mail 3.x and its transport providers.
The remainder of this appendix describes the structure and syntax of a TNEF stream, the mapping between MAPI properties and TNEF attributes, and important considerations for certain TNEF attributes."