mail archive

Security issues members-only posting

freebsd-security.freebsd.org
(List home) (Recent threads) (174 other FreeBSD lists)

Subscription Options

RSS or Atom: Read-only subscription using a browser or aggregator. This is the recommended way if you don't need to send messages to the list. You can learn more about feed syndication and clients here.
Conventional: All messages are delivered to your mail address, and you can reply. To subscribe, send an email to the list's subscribe address with "subscribe" in the subject line, or visit the list's homepage here.

Low traffic list: less than 3 messages per day
This list contains about 36,175 messages, beginning Feb 1995
0 messages added yesterday

Security issues members-only posting

December 2000 - page 1

NATD: failed to write packet back (Permission denied) (32 Replies)

Nuno Teixeira — 97562958401 Dec 2000* Hello to all, I have a dialup firewall working ok ( I follow the FreeBSD Dialup Firewall example). In my fwrule I have a "$fwcmd add 65435 allow ...

Re: ipfw dynamic firewall opening Large amounts of dynamic rules normal?

Aaron D.Gifford — 97563938401 Dec 2000 What you are seeing is current ACTIVE dynamic rules AND inactive expired rules whose place in the table (I assume it's a hash table for quick look...

fics (47 Replies)

Buliwyf McGraw — 97564613301 Dec 2000* Anybody knows about a trojan or something bad called "fics"??? I found this in one pc on my intranet: Interesting ports on (192.168.20.50): ...

health and saftey

Zandrea&John Norman — 97564780701 Dec 2000 may I be on your mailing list please...

Mail cored

Christoph Kukulies — 97565664701 Dec 2000 Yesterday, Nov. 30th, my root security logs say that the Mail program dumped core. In the same course I saw an ftpd connection which got refused from ...

RE: Important!! Vulnerability in standard ftpd (1 Reply)

Matjaz Martincic — 97566843401 Dec 2000* Hi Alexandr, >No, I had only trusted non-anonymous ftp accounts. And sure, very-trusted shellnetwork. Well, that seems like a problem then. What re...

Important!! Vulnerability in standard ftpd (7 Replies)

Nevermind — 97566948701 Dec 2000* Hello! The parallel thread are discussing suspicious drwxr-xr-x ftp/staff 0 Jul 31 00:04 2000 incoming/* dirs. I'm 100% sure that it is hack. I...

FreeBSD Firewall - Help please (8 Replies)

Roberto Samarone Araujo (RSA) — 97566982501 Dec 2000* Hi, I've set up a FreeBSD 4.1.1 firewall that deny everything by default. I opened some ports that I need but, I'm having some problems with t...

FreeBSD Firewall - Help Please - Part II

Roberto Samarone Araujo (RSA) — 97568265501 Dec 2000 Sorry but, the rules that I put here yesterday didn't work right :/ The services still didn't work when I try to access them, for exemple DNS,...

RE: Important!! Vulnerability in standard ftpd (4 Replies)

Matjaz Martincic — 97568609201 Dec 2000* If that is really a remote vulnerability, that is definitely not good at all. Are you having any local accounts on your machine Alexandr? That gives m...

Re[2]: 137/udp

Bob Johnson — 97569858201 Dec 2000 Port 137/udp packets are not necessarily hostile. See http://www.robertgraham.com/pubs/firewall-see... for a discussion of this.If you are connected t...

Brad Mace — 97570042301 Dec 2000 query freebsd-security To Unsubscribe: send mail to with "unsubscribe freebsd-security" in the body of the message...

Danger Ports (20 Replies)

Jonathan M. Slivko — 97570046701 Dec 2000* Can someone tell me what are the "danger" ports on FreeBSD, ports that perhaps need to be blocked because they are insecure? I would like to...

RE: Defeating SYN flood attacks (1 Reply)

Jason DiCioccio — 97570164701 Dec 2000* 3.3.4? is that 3.3 or 3.4? - -JD- - --- Jason DiCioccio Evil Genius Unix BOFH 415-593-2761 Direct & Fax 415-593-2900 Main Epylon Corporation 645 H...

Dialup access and KAME IPSEC

Michael Robinson — 97573348602 Dec 2000 A while ago I posted on the problem of creating dialup VPNs with KAME IPSEC (because KAME has no facility to update SPD entries with dynamic IP addres...

which ftpd (11 Replies)

Christoph Kukulies — 97573686002 Dec 2000* I want to keep anonymous ftp on one of my machines but I'm not sure whether I should use wuftpd or the stock distributed ftpd. I want to have logg...

137/udp (15 Replies)

Melon — 97575377402 Dec 2000* Hello, All network administrator may always see rejected 137/udp packet... I want to know how these udp packets are occured? I expect some stupid kids...

RE: Move along, nothing to see here. Re: Important!! Vulnerabili ty in standard ftpd (5 Replies)

Garrett Gregory Cntr AMC/LGXI — 97577059302 Dec 2000* Speaking from experience in a related case: I have had my website system hacked twice in the last year - BOTH times it happened because the hacker got...

Defeating SYN flood attacks (15 Replies)

Umesh Krishnaswamy — 97577314602 Dec 2000* Hi Folks, I wanted to double-check which version of FreeBSD (if any) can address a SYN flooding DoS attack. The latest FreeBSD sources (tcp_input.c an...

Rate Limiting syn-ack's (2 Replies)

Holtor — 97580688203 Dec 2000* Hi all, Is there anyway I can limit outgoing syn-ack packets my computer sends? I had a large syn flood which was about 7 mbps incomming. The server a...

tcsh-6.09.03_1 package

Igor Roshchin — 97581893303 Dec 2000 Hello! This question might be better suited to -ports, but this package was recently discussed here, due to its vulnerability. On Nov. 30, I downloade...

The "to" keyword in IP-filter

Andrey V. Sokolov — 97591534204 Dec 2000 Hi! I have FreeBSD router running under 4.1-RELEASE with IP-filter 3.4.13. After upgrading to 4.2-RELEASE, the "to" method (in IP-filter) se...

RE: Hacker Warning

Nathan Paquin — 97595132604 Dec 2000 sending spam to a freeBSD security list cant be good... -Original Message- From: GalaxyFree [mailto:] Sent: Monday, December 04, 2000 12:28 PM To: Sub...

ipfw/dummy: memory leak or what? (2 Replies)

mouss — 97596890104 Dec 2000* Hi guys, while looking at the ip_input code, and more particularly at the dummy net stuff in the start, I saw the m = m->m_next; given that m is su...

Re: ipfw/dummy: memory leak or what?

Jonathan Lemon — 97597027404 Dec 2000 This isn't (theoretically) a leak. Dummynet works by prepending a private data structure onto the mbuf chain; this structure is not an mbuf, and s...

RE: IDIOT

Jason DiCioccio — 97598214205 Dec 2000 Yes, his reply was indeed uncalled for.. And especially from an anonymous email address, he must've known that it was, which leads me to beleive t...

Hacker Warning (5 Replies)

GalaxyFree — 97598554305 Dec 2000* ...

NAPTHA/RAZOR response. (5 Replies)

Alfred Perlstein — 97599706205 Dec 2000* Ok, I can't believe what a bunch of hosers these RAZOR/bindview guys are, thier "advisory" is nothing new, there was a news article abou...

Fw: IDIOT (2 Replies)

John Howie — 97600780905 Dec 2000* To the cowardly subscriber of this list who sent me the following email from an anonymous account I'd like to point out that MSN stands for the Mi...

Email of FreeBSD security check (5 Replies)

Roberto Samarone Araujo (RSA) — 97601203605 Dec 2000* Hi, Every day a receive 2 emails from my FreeBSD 3.5 box about security, this emails says something about backup passwords and group files, disk statu...

Search Engine Optimization Kit-2001 24123

tom — 97608029606 Dec 2000 Get Top 10 Positions With The Search Engine Optimization Kit-2001 No hype ... no gimmicks ... just the facts ... and only $59! **Hello Friend,** We cr...

Do Your Own Background Checks!

LikeOnTV — 97609521406 Dec 2000 THIS NEW AMAZING SOFTWARE TOOL HELPS YOU FIND OUT ALMOST ANYTHING ABOUT ANYONE - CLICK ON URL BELOW TO VISIT OUR WEBSITE http://home.netcitizen.com/ne...

0 (2 Replies)

Arthur W. Neilson III — 97610036006 Dec 2000* Hey guys, take a look at the headers from this posting to freebsd-security. It apparently is from however there is no "tom" at pilikia.net, ...

Fw: NAPTHA Advisory Updated - BindView RAZOR (20 Replies)

John Howie — 97611890606 Dec 2000* Folks, Take note of how FreeBSD failed... john... - Original Message - From: "Steve Manzuik" To: Sent: Monday, December 04, 2000 3:09 PM Sub...

rx list (4 Replies)

Sebastiaan van Erk — 97611962406 Dec 2000* Good morning everybody!! I have a question. Yesterday two production firewalls were (probably) attacked using a DoS attack. One of them is running 4.1...

All this SPAM... (6 Replies)

Vladimir Dubrovin — 97612816006 Dec 2000* Hello freebsd-security, Since the amount of SPAM in the list exceeds amount of useful information, may be it's a time to make this list slightly m...

(No Subject) (1 Reply)

Henley, Wayne — 97613606406 Dec 2000* unsubscribe freebsd-security To Unsubscribe: send mail to with "unsubscribe freebsd-security" in the body of the message From owner-freebsd-...

Too much spam! (2 Replies)

Jonathan M. Slivko — 97614684606 Dec 2000* To the list owners/maintainers: Could you guys please do a little something about the volume of spam we have been receiving in our e-mail boxes as a r...

mrtg through firewall (4 Replies)

Brad Mace — 97622842907 Dec 2000* I've been trying to setup my firewall rules to allow mrtg to run. It seems to use different udp ports each time. Is there a way i can allow it wit...

CTM: checksums? (2 Replies)

David Talkington — 97625493408 Dec 2000* Hi folks -- The handbook mentions future plans for some sort of authentication for CTM updates. A PGP key'd be wonderful ... meantime, I'd sur...

pipsecd+ipfw fwd

John F Cuzzola — 97626304108 Dec 2000 Hello all, I'm using pipsecd from the ports collection and it seems to do the job (for my purposes anyway). I've noticed however that when con...

Re: toor account (4 Replies)

Hyunseog Ryu — 97628801408 Dec 2000* Yes, and if you prefer, you can use toor account as backup account of root just in case of forgetting root password. ;> Hyun ~~~~~~~~~~~~~~~~~~~~~~...

Please review a change to lock(1) (3 Replies)

J Wunsch — 97629616908 Dec 2000* Hi, i think everybody's happy when seeing those dead processes running around forever, eating up all CPU time -- since they are too stupid to noti...

Re: pipsecd+ipfw fwd

Patrick Bihan-Faou — 97630239408 Dec 2000 Hi, It sounds to me that you would be better served by configuring the IP routing tables rather than doing this with ipfw fwd rules. Also for the PMTU...

TIS Firewall Tookit (6 Replies)

Alexander Gavrilov — 97630760908 Dec 2000* Hi people! What do you think about TIS Firewall Toolkit? Thanks. To Unsubscribe: send mail to with "unsubscribe freebsd-security" in the bod...

toor account (5 Replies)

Matt Chew Spence — 97631505908 Dec 2000* If: 1) I am running a relatively fast machine (no vaxen here) 2) I am not worried about forgetting the root password or corrupting root's shell 3)...

Buffer vulnerability in BitchX irc client (3 Replies)

Roman Shterenzon — 97650735311 Dec 2000* Hi, Aparently securityfocus has some information about this: http://www.securityfocus.com/bid/2087 There are some explanations in the helot.c - the ex...

RCA cable modem (1 Reply)

harold barker — 97654016411 Dec 2000* Anyone care to share the default ip address and password that @home uses for the RCA modems. I am looking to grab the stats, so that i can help the cl...

MAC Address (26 Replies)

David Erickson — 97656784011 Dec 2000* Is it possible to change the MAC address on a NIC through ifconfig or any other means or do I have to get a specific NIC that supports this functional...

Can't remove uid "nobody" files... (1 Reply)

Anil Jangity — 97662248812 Dec 2000* IHAU who created some files (don't know how) but I can't seem to remove them: id: uid=1527(roki) gid=1000(shell) groups=1000(shell) FreeBSD ma...

Home | About | Privacy