Security :: Proftp Log MAC Address?
Mar 11, 2011how do you configure proftp to log MAC address on LAN, not just IP?
View 4 Replies
ADVERTISEMENT
Security :: Setup Proftp For Sftp Only?
Mar 31, 2010I have tried, to set this up, but failed what kind of ftp would you guys recomend, as i have been having slight problems over recent days, with unknowns logging onto my annon ftp server, delt with mind.
I am thinking about a proper login even for the annon account, fairly easy to setup.
Security :: Address Space Randomization On 2.6.28-15-generic Ubuntu 9.04 - Finding Base Address?
Sep 14, 2009Im an academic (university networks and security lecturer) studying/teaching network and operating system security, and inspired by the work of Hovav Shacham set about testing ASLR on linux. Principley I did this by performing a brute force buffer overflow attack on Fedora 10 and Ubuntu 9. I did this by writting a little concurrent server daemon which accidently on purpose didnt do bounds checking.
I then wrote a client to send it a malicious string brute forcing guessed addresses which caused a return-to-libc to the function usleep with a parameter of 16m causing a delay of 16 seconds as laid out in [URL] Once I hit the delay I new I had found the function and could calculate delta_mmap allowing me to create a standard chained ret-to-libc attack. All of that works fine. However .... To complete my understanding I am trying establish where I can find the standard base address for ubuntu 9 (and other distros) for the following, taken from Shacham:-
Quote:
[code]....
/proc/uid/maps gives me some information but not the base address ldd also gives me the randomised starting address for sections in the user address space but neither gives me the base address. Intrestingly ... when a run ldd with aslr on for over (about) 100 times and checked the start point of libc I determined that the last 3 (least significant) hex digits were always 0's and the fist 4 (most significant) where between 0xB7D7 and 0xB7F9. To me this indicated that bits 22-31 were fixed and bits 12-21 were randomized with bits 11-0 fixed. Although even that doesnt define the boundaries observed correctly.
Note: I am replicating the attack to provide signatures to detect it using IDS, and for teaching purposes. I am NOT a hacker and if needed to could reply from my .ac.uk email address as verification.
Ubuntu Security :: Is Posting The Hardware Address A Security Risk
Feb 28, 2011When posting results from ifconfig, it shows the hardware address of etho, etc. Would you consider that to be a security risk ?
View 9 Replies View RelatedSecurity :: Can I Allow SFTP For ANY But SSH For Some IP Address
Jul 20, 2010Can I allow SFTP for ANY , but SSH for some IP address
View 6 Replies View RelatedServer :: Proftp Can't Connect To Ftp Client?
Feb 3, 2011I am running CentOS release 5.5 (Final) with PROFTP installed.
I am able to connect to the ftp server from local, but when I try it from dream weaver CS5 it can't connect to the server. I ran a port scan and 21 seems to be open:
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
53/tcp open domain
[Code]....
Server :: ProFTP: Disable Account After 3 Tries?
Nov 9, 2010I'm running a ProFTP 1.3.3 server on a CentOS 5.5.What has come to my mind in terms of security is to have the server disabling / deactivating account that enters the wrong password, lets say three times.Using MaxLoginAttempts only limits the possible retries on a open connection.
View 2 Replies View RelatedUbuntu Security :: Use Address Not Ip In Iptables?
Jul 24, 2010i need to open this address ftp.nai.com, is there a way to use address not ip in iptables?
View 7 Replies View RelatedSecurity :: Netstat Output Has No Address?
Apr 19, 2011I've never seen the type of output from netstat and don't have a clue what it means.Quote:
tcp 0 0 :::8009 :::* LISTEN 31673/java
tcp 0 0 :::22 :::* LISTEN
[code]...
Software :: Setup Proftp And Apache On Debian?
Apr 22, 2010I setup proftp and apache on debian linux. I can go to [URL] and see the it works page but do not know where to beginn with proftp. how do I check to see if the ftp works.
View 8 Replies View RelatedSoftware :: Several Weird Logins From Localhost In Proftp
Feb 17, 2011I am using Debian 4 with proftp 1.3.1 The log file shows lots of successful logins from localhost. I never accessed ftp from localhost. Is this normal to happen?
Code:
Feb 14 11:27:22 mymachine proftpd[2453] mymachine.mydomain.com (localhost.localdomain[127.0.0.1]): USER ftpuser: Login successful.
Feb 14 14:27:22 mymachine proftpd[2453] mymachine.mydomain.com (localhost.localdomain[127.0.0.1]): Preparing to chroot to directory '/home/comunicacao/portal'
[code]....
Software :: Use Symlinks In Annon Ftp Dir And Proftp - Error 550
Jan 9, 2010I wanted to use symlinks, in my annon ftp dir. I was running vsftp, but everyone says it can't be done. So I have changed to proftpd. I link to the annon ftp server on my website. I get the dir listing, with symlinks, but try to follow them I get error 550, it don't exist. I have read [URL], but after following the advice here. I get the same error. I have not tried the mount bind option, as I want symlinks or hard links either will do.
View 3 Replies View RelatedFedora Security :: 'send' Address Can Be Spoofed
Oct 16, 2009I'm behind a modem router with firewall and SElinux enabled by default - but checking my mail this morning I noticed several ' delivery failures ' ( allegedly ) from hotmail referring to mail I hadn't sent. When I checked the spam folder for the on-line side of my mail account there were more failure notices. Two points that may be relevant, one is the recent Hotmail exploit, the other is that this only occurred with the address I use for railway matters, and some people cc to everybody, so it's odds on that address is on a good few computers. On one occassion when I checked my spam folder on-line I found spam which claimed to be from myself, so I know the ' send ' address can be spoofed, is this the explanation, or is it a new kind of attack linked to the Hotmail exploit?
View 13 Replies View RelatedFedora Security :: Blocking And Allowing IP Address For FTP?
Jul 15, 2010I want to ask about securing the FTP connection... I have one server that Installed with Redhat Linux Fedora 6.
And now, i want to securing the FTP access, so only the selected IP will be allowed to connect. Do anyone know how to do this?
Another thing is, my server using Webmin 1.3 to manage the server and there not installed / not configured yet with Frox FTP, ProFTPD Server, WU-FTP Server... even there is such thing in my Webmin...
Can i make use one of the three FTP i mention above, and if yes, will it be affecting the current FTP access?
Fedora Security :: Blocking Ip Address Range?
Dec 31, 2010I'm assuming that the following should block the complete 178.123.xxx.xxx address range.
Code:
iptables -I INPUT -s 178.123.0.0/24 -j DROP
Then I believe that I need to save this change.
Code:
service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
However, I'm not so sure that it is actually working based on the fact that there continues to be access to my wiki from that address range. The following is after I made the firewall change.
Quote:
178.123.177.61 - - [31/Dec/2010:04:24:40 -0500] "GET /mywiki/Opera%20Web%20Browser?action=edit&editor=text HTTP/1.1" 200 6346 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
code....
Let me state that I'm new at this iptables thing. I did some reading and decided that I need to make the above change to the firewall but it doesn't seem to make a difference.
Fedora Security :: Any Way To Block IP Address Access?
Jul 27, 2011I recently set up a web server at home, using a non-standard port, due to my ISP blocking 80. I just checked my log files, and I see a TON of entries indicating that a file was not found "proxy-1.php", "proxyheader.php", etc. I do not have these files, not intend to have them as part of my website. I did a whois looking by IP address for several of these, and they all seem to come from an ISP in China. Is there a way to BLOCK any IP address outside the US (that is somewhat simple to do?)
View 5 Replies View RelatedUbuntu Security :: How To Reset / Allocate IP Address
May 19, 2011For a while now, I have been trying to reset my IP address in Ubuntu but I have had no luck. The reasons why I want to reset it and get a new one is because my service provider waits weeks to change it. I am concerned it has fallen into some unsavory hands. Also, can you be hacked if the would-be attacker is unaware of your IP address? Are there other means of locating your computer on the web without an IP address or webserver?
View 6 Replies View RelatedUbuntu Security :: Allow Foreign IP Address In Hosts?
May 30, 2011I found this IP address in my hosts.allowQuote:ALL: 119.42.68.232I cannot find any other evidence of intrusion.
View 4 Replies View RelatedSecurity :: Blocking A Specific IP Address From Server?
May 8, 2010I would like to COMPLETELY block a specific IP address using iptables. I found this one:
Code:
iptables -A INPUT -p tcp -s xxx.xxx.xxx.xxx -j REJECT --reject-with tcp-reset
Will this work? How do I undo the changes later?
Security :: Blocking An Ip Address Range Within Iptables?
Mar 30, 2009I am setting up a iptables firewall on one of our servers, and I would like to block a range of addresses from getting into the system. I am using a script that does a BLACKIN and BLACKOUT methodology for specific addresses. One example is the following:
Code:
$IPTABLES -A BLACKIN -s 202.109.114.147 -j DROP
...
$IPTABLES -A BLACKOUT -d 202.109.114.117 -j DROP
What would be the correct syntax to use if I wanted to block an entire remote subnet from getting into the server?
Security :: Properly Set Up Ssh To Only Allow One IP Address To Login Remotely?
Apr 6, 2010properly set up ssh to only allow one IP address to login remotely
View 2 Replies View RelatedSecurity :: Block Any IP Address Who Failed To Connect More Than 3 Ssh
Mar 25, 2010how to block any IP address who failed to connect more than 3 ssh?
View 5 Replies View RelatedSecurity :: Racoon Address Bind Failure?
Mar 11, 2010I did not use below configuration in my racoon conf,
remote anonymous {
exchange_mode main;
lifetime time 1 hour;
proposal {
encryption_algorithm 3des;
hash_algorithm md5;
[Code]...
I've pruned your post from where you originally posted. In the future, please check the dates on threads which you're thinking about posting in. If you see they are dead (inactive for a few months or more) just let them rest in peace and start your own thread. You can always include links to reference the dead thread if you need to, as I've done here.
Security :: The Server Was Hacked From So Called Tor IP Address?
Nov 14, 2010I always use professional services to secure my servers. Everything was fine for years but a week ago my server got hacked.I don't know how the hacker got my username/password - it was not something like admin, password.9 months ago my PC was infected with some virus which connected to the FTP server by using password which was saved in CuteFTP and infected all index files with some javascript. Then I changed the user/FTP password and didn't save it anymore in Cute FTP. Of course, I checked all the folders and re-uploaded all infected files. Is it possible that this virus uploaded some hidden file which was able to get the new password for this account?
The server was hacked from so called Tor IP address. I am tiref of worrying about server security and now have an idea to get a static IP address from my ISP and to allow logins only from this IP address. What do you think about it? This idea looks good for me but are there any risks to lose access to the server. Can ISP provider change the static IP address for some reason?
Ubuntu Servers :: TLS With ProFTP - Server Seems To Be Terminating The Session
Sep 1, 2011I have been using proftp for about 8 months. After getting the configuration right, it worked perfectly. It is only used intermittently, so I don't know for sure when the problems started, but I suspect it was triggered by a recent OS upgrade to Ubuntu 10.04 (64 bit). I have proftp set up so that TLS is required on both the data and control channels. The problem is that, after successful login, the server seems to be terminating the session because the client (FileZilla) is attempting to renegotiate something (probably the TLS). The client settings didn't change, nor did the server settings.
I have tried switching off the TLSRequired flag, and am then able to establish a non-secure FTP session which works (but that does not meet my requirements). I wondered whether the OS upgrade had somehow invalidated my TLS certificates, but the symptoms don't seem consistent with that cause. The TLS part of my proftpd.conf file is:
[Code]...
Software :: Removed All Folder And Files Linked To Proftp
Sep 18, 2010I installed proftpd once before, but i had removed it due to some errors I removed all folder and files linked to proftp, probley not the best thing to do How ever I'm trying to reinstall it againbut it doesn't seem to be installing every thing. My webmin did have it on the server rigth hand panel but now doesn't show How do I install all files needed again
[Code]....
Fedora Security :: Block Some Ip Address That Are Attacking Server?
Aug 26, 2009I want to block some ip address that are attacking my server and making my ssh port busy. On searching the google, I found
Code:
iptables -A INPUT -s ip_address -j DROP
I will add this rule in iptables. My questions are:
1) do I have to do
Code:
chkconfig iptables on
so that it load the iptables at boot. I am wondering why do I need this because iptables is already modified and it loads the iptables at boot time if firewall is enabled.
2) When we add the above rule, which file is modified? Another way, where are this rules stored? It is not in /etc/sysconfig/iptables and /etc/sysconfig/iptables_config.
Ubuntu Security :: Block Device By Bluetooth Address?
Apr 22, 2010Is it possible somehow to block some bluetooth device with specif address (mac) ?
(like iptables block by mac)?
Security :: Block Computer From Connecting To A Specific IP Address?
Feb 13, 2010I was taking a peek at the active connections shown by the Firestarter GUI and noticed the following (the source is my computer):
SourceDestinationPortServiceProgram
192.168.0.11266.235.133.4280HTTP
I closed all Internet related apps and the connection persisted. After a reboot it did not reconnect (yet).The IP address appears to belong to esomniture.com - some sort of web analytics company. How do I prevent my computer from connecting to these rascals. I have found a lot of documentation regarding stopping inbound connections to services on my computer but not the other way. I have various filtering addons installed in Firefox however, this connection seems to be at a lower level as no program is specified as being responsible for the connection.
Fedora Servers :: Proftp Behind A Router - List The User Dir It Freeze
Jun 9, 2009I got Fedora 10 and I installed a proftpd server it works in local network but not from outside. Actually I can see it checks for user and pass but when it has to list the user dir it freeze. The server is behind a router. I am using passive ports 60000-60100 and I forwarded all connections to and from 21 to 60000-60100 onto internal (192.168.0.109) IP address.
[Code]...
