From owner-securedistros@humbolt.nl.linux.org Thu Jul 1 23:08:45 1999 Received: by humbolt.nl.linux.org id ; Thu, 1 Jul 1999 23:06:35 +0200 Received: from mail.reseau.nl ([193.78.174.65]:3110 "EHLO ra.reseau.nl") by humbolt.nl.linux.org with ESMTP id ; Thu, 1 Jul 1999 23:06:08 +0200 Received: from localhost (rik@localhost) by ra.reseau.nl (8.8.7/8.8.7) with ESMTP id XAA11607 for ; Thu, 1 Jul 1999 23:10:06 +0200 Date: Thu, 1 Jul 1999 23:10:05 +0200 (MEST) From: Rik van Riel To: securedistros@humbolt.nl.linux.org Subject: help save packet storm Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Hi all, now that packet storm has been removed from the net and backups have (allegedly) been destroyed, it is time for all sysadmins/programmers/etc to put together all documents they downloaded and saved from packetstorm. In order to make this recovery possible I have setup an FTP incoming directory on my server (NL.linux.org) where people can put the packetstorm documents they might have on their disks. For UPloading: ftp://ftp.nl.linux.org/incoming/packetstorm/ For viewing/saving what's been uploaded: http://packetstorm.nl.linux.org/ This is a call for help to anybody who might have a packetstorm document nearby -- please upload it to the above repository. I have 2GB of free disk space so we should be able to save at least the most important security documents. Even if that doesn't save Ken's school career, it can save his professional career. The "show me the code" attitude combined with the best info packetstorm has produced will safeguard Ken's future. IMHO, that's the least we can do to thank Ken for the enormous effort he has put into Packetstorm and the security community over the last years. Please, upload your valuables and recreate the security archive that was... regards, Rik -- Open Source: you deserve to be in control of your data. +-------------------------------------------------------------------+ | Le Reseau netwerksystemen BV: http://www.reseau.nl/ | | Linux Memory Management site: http://humbolt.geo.uu.nl/Linux-MM/ | | Nederlandse Linux documentatie: http://www.nl.linux.org/ | +-------------------------------------------------------------------+ - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Thu Jul 1 23:25:40 1999 Received: by humbolt.nl.linux.org id ; Thu, 1 Jul 1999 23:22:52 +0200 Received: from [12.18.70.50] ([12.18.70.50]:64014 "EHLO catbert.l-3security.com") by humbolt.nl.linux.org with ESMTP id ; Thu, 1 Jul 1999 23:22:16 +0200 Received: by catbert.l-3security.com with Internet Mail Service (5.5.2232.9) id ; Thu, 1 Jul 1999 16:16:55 -0500 Message-ID: From: "Navarro, Nick" To: "'securedistros@humbolt.nl.linux.org'" Subject: RE: help save packet storm Date: Thu, 1 Jul 1999 16:16:55 -0500 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.5.2232.9) Content-Type: text/plain; charset="iso-8859-1" Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Gosh, I really wish I had something to add. A while back I did a recursive get with wget -r -l 0 -D genocide2600.com www.genocide2600.com/~tattooman, or something to that effect. This worked even though he denies direct links which don't have a referer URL from his site, because wget replaced the referer with the place I started from. I spent about a week downloading most of the stuff off my measly little 28.8 modem. I accidentally deleted it (coincidentally) and figured I'd just get EVERYTHING on the site when I had some real bandwidth which just became available today. How convenient. Anyway, someone MUST'VE thought of this idea during packetstorm's lifetime. wget pretty much allowed you to rip everything and even update based on timestamps. -----Original Message----- From: Rik van Riel [mailto:rik@ra.reseau.nl] Sent: Thursday, July 01, 1999 4:10 PM To: securedistros@humbolt.nl.linux.org Subject: help save packet storm Hi all, now that packet storm has been removed from the net and backups have (allegedly) been destroyed, it is time for all sysadmins/programmers/etc to put together all documents they downloaded and saved from packetstorm. In order to make this recovery possible I have setup an FTP incoming directory on my server (NL.linux.org) where people can put the packetstorm documents they might have on their disks. For UPloading: ftp://ftp.nl.linux.org/incoming/packetstorm/ For viewing/saving what's been uploaded: http://packetstorm.nl.linux.org/ This is a call for help to anybody who might have a packetstorm document nearby -- please upload it to the above repository. I have 2GB of free disk space so we should be able to save at least the most important security documents. Even if that doesn't save Ken's school career, it can save his professional career. The "show me the code" attitude combined with the best info packetstorm has produced will safeguard Ken's future. IMHO, that's the least we can do to thank Ken for the enormous effort he has put into Packetstorm and the security community over the last years. Please, upload your valuables and recreate the security archive that was... regards, Rik -- Open Source: you deserve to be in control of your data. +-------------------------------------------------------------------+ | Le Reseau netwerksystemen BV: http://www.reseau.nl/ | | Linux Memory Management site: http://humbolt.geo.uu.nl/Linux-MM/ | | Nederlandse Linux documentatie: http://www.nl.linux.org/ | +-------------------------------------------------------------------+ - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 2 01:03:21 1999 Received: by humbolt.nl.linux.org id ; Fri, 2 Jul 1999 01:01:25 +0200 Received: from legend.idworld.net ([209.142.64.2]:49668 "EHLO legend.idworld.net") by humbolt.nl.linux.org with ESMTP id ; Fri, 2 Jul 1999 01:00:58 +0200 Received: from legend.idworld.net (mdfranz@legend.idworld.net [209.142.64.2]) by legend.idworld.net (8.9.3/8.9.3) with ESMTP id SAA15195 for ; Thu, 1 Jul 1999 18:00:54 -0500 (CDT) Date: Thu, 1 Jul 1999 18:00:54 -0500 (CDT) From: Matthew Franz X-Sender: mdfranz@legend.idworld.net To: "'securedistros@humbolt.nl.linux.org'" Subject: RE: help save packet storm In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Rik, I should have most of the exploits (up to about a month ago) and many of the UNIX tools on my own archive at home that I can burn on a CD-ROM (its around 300-400mb or more) if you'll give me a snailmail address, I don't have the bandwidth to somebody. Nor did I save all the JP stuff. -mdf ________________________________________________________________________ Matthew D. Franz mdfranz@txdirect.net http://www.trinux.org Trinux: A Linux Security Toolkit http://www.opensec.net OpenSEC: Open Security Solutions http://www.tds.com Trident Data Systems - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 2 01:14:10 1999 Received: by humbolt.nl.linux.org id ; Fri, 2 Jul 1999 01:12:15 +0200 Received: by humbolt.nl.linux.org with ESMTP id ; Fri, 2 Jul 1999 01:11:52 +0200 Date: Fri, 2 Jul 1999 01:11:52 +0200 (CEST) From: Rik van Riel To: Matthew Franz cc: "'securedistros@humbolt.nl.linux.org'" Subject: RE: help save packet storm In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list On Thu, 1 Jul 1999, Matthew Franz wrote: > I should have most of the exploits (up to about a month ago) and many > of the UNIX tools on my own archive at home that I can burn on a > CD-ROM (its around 300-400mb or more) if you'll give me a snailmail > address, I don't have the bandwidth to somebody. The tools collection would be great. You can send it to the company address of Le Reseau (where I'll take care of the rest). Rik -- Open Source: you deserve to be in control of your data. +-------------------------------------------------------------------+ | Le Reseau netwerksystemen BV: http://www.reseau.nl/ | | Linux Memory Management site: http://www.linux.eu.org/Linux-MM/ | | Nederlandse Linux documentatie: http://www.nl.linux.org/ | +-------------------------------------------------------------------+ - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 2 02:40:25 1999 Received: by humbolt.nl.linux.org id ; Fri, 2 Jul 1999 02:38:15 +0200 Received: from inconnu.isu.edu ([134.50.8.55]:35376 "EHLO inconnu.isu.edu") by humbolt.nl.linux.org with ESMTP id ; Fri, 2 Jul 1999 02:37:43 +0200 Received: from localhost (skunky@localhost) by inconnu.isu.edu (8.8.7/8.8.7) with SMTP id SAA06041 for ; Thu, 1 Jul 1999 18:37:39 -0600 Date: Thu, 1 Jul 1999 18:37:38 -0600 (MDT) From: Cute Skunk To: securedistros@humbolt.nl.linux.org Subject: Re: help save packet storm In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list I have a recursive wget of packetstorm from four days ago (Jun 27-28) but because I was short of space the last few days I only accepted *.?html files. This is at least enough information to know what is missing and what needs to be refound. It will also help in reorgnizing everything back into the structure it was in. I've already uploaded a tgz of these pages to ftp://ftp.nl.linux.org/incomming/packetstorm/packetstorm-html.tar.gz This can be used as the skeleton for rebuilding the archive. In addition I also have everything under the /cryptography directory from a few months ago (when it was still on genocide2600) and I suppose I could upload that too, though it might end up using half the space available on nl.linux.org I think I also have many of the files on packetstorm that were duplicated from other sites, that I could sort out and upload back into place as well. - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 2 06:06:42 1999 Received: by humbolt.nl.linux.org id ; Fri, 2 Jul 1999 06:04:20 +0200 Received: from dokter.multiweb.net ([195.114.239.234]:38406 "EHLO dokter.multiweb.nl") by humbolt.nl.linux.org with ESMTP id ; Fri, 2 Jul 1999 06:03:51 +0200 Received: from master ( [192.168.1.4]) by dokter.multiweb.nl (8.8.7/8.8.7) with SMTP id GAA21165; Fri, 2 Jul 1999 06:08:23 +0200 Posted-Date: Fri, 2 Jul 1999 06:08:23 +0200 X-Comment1: This mail was send using sendmail at X-Comment2: dokter.multiweb.nl If this was send unsolicited, X-Comment3: please reply to abuse@dokter.multiweb.nl X-Comment4: The best is to find a solution to your problem, X-Comment5: As You might notice mailing abuse doesn't get results. X-Comment6: Please reply the original sender and share your ideas X-Comment7: against spam, or just press delete and forget about it. Message-ID: <003a01bec43f$fa766740$0401a8c0@master.dokter.multiweb.nl> From: "Gerrie" To: Cc: , Subject: Re: help save packet storm Date: Fri, 2 Jul 1999 06:04:26 +0200 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list -----Oorspronkelijk bericht----- Van: Rik van Riel Aan: securedistros@humbolt.nl.linux.org Datum: donderdag 1 juli 1999 23:16 Onderwerp: help save packet storm Dear Rik, just a few minutes ago I red about packet storm, at the same moment I mailed the head sponsor of HIT2000 -Multiaccess- and asked them off I may offer packetstorm a sponsership by Multiaccess under there own domainname -packetstorm.net or .org -. Multiaccess will IMHO -if there a wise- probaly sponsor them. I hope that the problems for packetstorm will be solved for once and for always. gtx, Gerrie fun & secure http://www.hit2000.org btw: I cc'ed this mail 2 maillinglist 2 multiaccess. - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 2 06:31:04 1999 Received: by humbolt.nl.linux.org id ; Fri, 2 Jul 1999 06:28:05 +0200 Received: from oto.gate.net ([199.227.254.133]:43020 "EHLO oto.gate.net") by humbolt.nl.linux.org with ESMTP id ; Fri, 2 Jul 1999 06:27:33 +0200 Received: (from fooz@localhost) by oto.gate.net (8.9.3/8.9.0.Beta3) id AAA12665 for securedistros@humbolt.nl.linux.org; Fri, 2 Jul 1999 00:27:30 -0400 Date: Fri, 2 Jul 1999 00:27:30 -0400 From: Illuminatus Primus To: securedistros@humbolt.nl.linux.org Subject: Update on Packet Storm Message-ID: <19990702002729.X21459@oto.valueweb.net> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Mailer: Mutt 0.95.3i In-Reply-To: ; from Rik van Riel on Thu, Jul 01, 1999 at 11:10:05PM +0200 Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list +----[ On Thu, Jul 01, at 11:10PM(+0200), Rik van Riel wrote: ]-------------- | now that packet storm has been removed from the net and | backups have (allegedly) been destroyed, it is time for Maybe not! According to this Slashdot post (which can certainly be 100% false), the Packet Storm files are being returned: http://slashdot.org/comments.pl?sid=99/07/01/1551244&threshold=-1&commentsort=3&mode=thread&cid=262 Harvard Statement (Score:3, Informative) by Gartmeister (dangartner at mediaone dot net) on Thursday July 01, @05:46PM EDT (#262) (User Info) http://people.ce.mediaone.net/dangartner Dont know if this was posted already or not: ======================= * S T A T E M E N T * As a service to the Internet community, Harvard agreed to host a Packet Storm Security Website for security-related materials only. Without Harvard's knowledge, unrelated content was put on the Harvard server, including sexually-related material and personal attacks on an individual not affiliated with the University. A Harvard administrative site focused on security issues is not the forum for this type of material. We are returning the content on the site and hope that Packet Storm will make its security tools available through its own Website. Joe Wrinn Director Office of News and Public Affairs Seems to me that harvard is giving Ken his site back. -If you can, be happy. If you can't, fuck shit up. -=-=- It's probably a good idea to keep whatever copies of files anyone has until this "statement" is confirmed.. I think it's a bit suspicious that the author didn't provide the source of the text. We'll see! Let's hope for the best.. and if it comes back, set up several mirrors world-wide. - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 2 08:27:31 1999 Received: by humbolt.nl.linux.org id ; Fri, 2 Jul 1999 08:23:30 +0200 Received: from [202.102.249.7] ([202.102.249.7]:24325 "HELO mx1.371.net") by humbolt.nl.linux.org with SMTP id ; Fri, 2 Jul 1999 08:22:52 +0200 Received: (fmail 1288 invoked from network); 2 Jul 1999 06:26:59 -0000 Received: from unknown (HELO center) (203.93.88.88) by 202.102.249.7 with SMTP; 2 Jul 1999 06:26:59 -0000 Date: Fri, 2 Jul 1999 14:34:27 +0800 From: liuvictor To: securedistros@humbolt.nl.linux.org Subject: Re: Re: help save packet storm X-mailer: FoxMail 2.1 [cn] Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Message-Id: <19990702062252Z92165-170+426@humbolt.nl.linux.org> Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list hi, thank u . not importent who am i , u are doing good thing for us . thank u > >Dear Rik, > >just a few minutes ago I red about packet storm, >at the same moment I mailed the head sponsor of HIT2000 -Multiaccess- and >asked them off I may offer >packetstorm a sponsership by Multiaccess under there own >domainname -packetstorm.net or .org -. > >Multiaccess will IMHO -if there a wise- probaly sponsor them. > >I hope that the problems for packetstorm will be solved for once and for >always. > >gtx, >Gerrie >fun & secure >http://www.hit2000.org > >btw: I cc'ed this mail 2 maillinglist 2 multiaccess. > > >- >Securedistros: A common list for all secured Linux distributions >Archive: http://humbolt.nl.linux.org/lists/ > > - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 2 10:54:09 1999 Received: by humbolt.nl.linux.org id ; Fri, 2 Jul 1999 10:38:35 +0200 Received: from galileu.oninet.es ([195.77.138.18]:46351 "EHLO linux.oninet.es") by humbolt.nl.linux.org with ESMTP id ; Fri, 2 Jul 1999 10:36:18 +0200 Received: from localhost (javipolo@localhost) by linux.oninet.es (8.9.3/8.9.2) with ESMTP id KAA21772 for ; Fri, 2 Jul 1999 10:39:06 -0400 Date: Fri, 2 Jul 1999 10:39:06 -0400 (EDT) From: Javi Polo To: "'securedistros@humbolt.nl.linux.org'" Subject: RE: help save packet storm In-Reply-To: Message-ID: X-Mailer: The Trojaned Oninet Mailer MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list On Thu, 1 Jul 1999, Navarro, Nick wrote: > Anyway, someone MUST'VE thought of this idea during packetstorm's lifetime. > wget pretty much allowed you to rip everything and even update based on > timestamps. I did it about 2 months ago, but my HD crashed and I lost everything .. :(((((( Ta Despues ... Oh my God! They killed Kenny!!!!!! Javi Polo ;) Me puedes encontrar en fido en 2:347/13.4 AUTOPISTA NO!!!!!!!!!!! No a l'autopista de llevant - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 2 11:50:22 1999 Received: by humbolt.nl.linux.org id ; Fri, 2 Jul 1999 11:42:57 +0200 Received: by humbolt.nl.linux.org with ESMTP id ; Fri, 2 Jul 1999 11:41:42 +0200 Date: Fri, 2 Jul 1999 11:41:38 +0200 (CEST) From: Rik van Riel To: securedistros@humbolt.nl.linux.org Subject: Re: Update on Packet Storm In-Reply-To: <19990702002729.X21459@oto.valueweb.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list On Fri, 2 Jul 1999, Illuminatus Primus wrote: > +----[ On Thu, Jul 01, at 11:10PM(+0200), Rik van Riel wrote: ]-------------- > | now that packet storm has been removed from the net and > | backups have (allegedly) been destroyed, it is time for > > Maybe not! > It's probably a good idea to keep whatever copies of files anyone has > until this "statement" is confirmed.. Exactly my reasoning. I know about the data maybe being returned, but I am still actively collecting packet storm files just-in-case... > We'll see! Let's hope for the best.. and if it comes back, set up > several mirrors world-wide. I'm willing to take care of something like that. regards, Rik -- Open Source: you deserve to be in control of your data. +-------------------------------------------------------------------+ | Le Reseau netwerksystemen BV: http://www.reseau.nl/ | | Linux Memory Management site: http://www.linux.eu.org/Linux-MM/ | | Nederlandse Linux documentatie: http://www.nl.linux.org/ | +-------------------------------------------------------------------+ - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 2 12:03:37 1999 Received: by humbolt.nl.linux.org id ; Fri, 2 Jul 1999 11:52:17 +0200 Received: by humbolt.nl.linux.org with ESMTP id ; Fri, 2 Jul 1999 11:50:20 +0200 Date: Fri, 2 Jul 1999 11:50:14 +0200 (CEST) From: Rik van Riel To: securedistros@humbolt.nl.linux.org cc: rise@admin.big-orange.net, paladin@home.big-orange.net Subject: Re: help save packet storm In-Reply-To: <003a01bec43f$fa766740$0401a8c0@master.dokter.multiweb.nl> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list On Fri, 2 Jul 1999, Gerrie wrote: > just a few minutes ago I red about packet storm, at the same moment I > mailed the head sponsor of HIT2000 -Multiaccess- and asked them off I > may offer packetstorm a sponsership by Multiaccess under there own > domainname -packetstorm.net or .org -. > > Multiaccess will IMHO -if there a wise- probaly sponsor them. I do hope that Multiaccess is aware of the fact that packetstorm was/is generating 8GB+ of traffic a DAY. A kernel.org like mirror system probably is the only viable way to sustain packet storm in the future, and for that much traffic we're probably looking at 50+ mirrors that are automatically upgraded by rsync. regards, Rik -- Open Source: you deserve to be in control of your data. +-------------------------------------------------------------------+ | Le Reseau netwerksystemen BV: http://www.reseau.nl/ | | Linux Memory Management site: http://www.linux.eu.org/Linux-MM/ | | Nederlandse Linux documentatie: http://www.nl.linux.org/ | +-------------------------------------------------------------------+ - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 2 14:49:19 1999 Received: by humbolt.nl.linux.org id ; Fri, 2 Jul 1999 14:45:46 +0200 Received: from mta10-acc.tin.it ([212.216.176.41]:28575 "EHLO fep10-svc.tin.it") by humbolt.nl.linux.org with ESMTP id ; Fri, 2 Jul 1999 14:44:05 +0200 Received: from a-er1-23.tin.it ([212.216.56.54]) by fep10-svc.tin.it (InterMail v4.0 201-221-105) with ESMTP id <19990702124354.PLVQ29314.fep10-svc@a-er1-23.tin.it> for ; Fri, 2 Jul 1999 14:43:54 +0200 Date: Fri, 2 Jul 1999 14:38:28 +0200 (CEST) From: Emanuele Busuito X-Sender: root@Punk-RESEARCH.r00t.org To: securedistros@humbolt.nl.linux.org Subject: Re: help save packet storm In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Hi at all, I have in my home machine and in my server this: - PacketStorm mirror (2 weeks ago) 59M - ftp.technotronic.com mirror 78M - www.dislessici.org mirror 46M If needed i can bzip it and put in your ftp server. Ciao, Emanuele -- Hi Echelon!, none of your business. ntf@ircnet/ircity -- ntf@DISLESSICI.ORG The punk is not sad -- www.dislessici.org/ntf Key fingerprint = 8E60 7060 E132 BA7F 711B CBEF 6D99 84B4 35DC 8EED - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 2 16:15:38 1999 Received: by humbolt.nl.linux.org id ; Fri, 2 Jul 1999 16:07:49 +0200 Received: from attic.replay.com ([192.87.30.19]:22644 "EHLO attic.replay.com") by humbolt.nl.linux.org with ESMTP id ; Fri, 2 Jul 1999 16:07:04 +0200 Received: (from usura@localhost) by attic.replay.com (8.9.2/8.9.2/Replay Associates) id PAA08953; Fri, 2 Jul 1999 15:14:15 +0200 (CEST) From: Alex de Joode Message-Id: <199907021314.PAA08953@attic.replay.com> Subject: Re: help save packet storm To: securedistros@humbolt.nl.linux.org Date: Fri, 2 Jul 1999 15:14:15 +0200 (CEST) Cc: rise@admin.big-orange.net, paladin@home.big-orange.net In-Reply-To: from "Rik van Riel" at Jul 2, 99 11:50:14 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list > > On Fri, 2 Jul 1999, Gerrie wrote: > > > just a few minutes ago I red about packet storm, at the same moment I > > mailed the head sponsor of HIT2000 -Multiaccess- and asked them off I > > may offer packetstorm a sponsership by Multiaccess under there own > > domainname -packetstorm.net or .org -. > > > > Multiaccess will IMHO -if there a wise- probaly sponsor them. > > I do hope that Multiaccess is aware of the fact that packetstorm > was/is generating 8GB+ of traffic a DAY. A kernel.org like mirror > system probably is the only viable way to sustain packet storm in > the future, and for that much traffic we're probably looking at > 50+ mirrors that are automatically upgraded by rsync. > Looks we have some room ;) Filesystem 1024-blocks Used Available Capacity Mounted on /dev/sdc1 8089583 2850200 5239383 35% /pub -aj- - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 2 16:22:30 1999 Received: by humbolt.nl.linux.org id ; Fri, 2 Jul 1999 16:09:21 +0200 Received: from CDR16-24.accesscable.net ([24.138.16.24]:9308 "HELO theverge.com") by humbolt.nl.linux.org with SMTP id ; Fri, 2 Jul 1999 16:08:24 +0200 Received: (qmail 4019 invoked from network); 2 Jul 1999 14:03:45 -0000 Received: from go2.theverge.com (HELO theverge.com) (24.138.16.23) by go2.theverge.com with SMTP; 2 Jul 1999 14:03:45 -0000 Date: Fri, 2 Jul 1999 11:03:44 -0300 (ADT) From: Charles To: securedistros@humbolt.nl.linux.org Subject: Re: securedistros V1 #9 In-Reply-To: <19990702043108Z92165-168+456@humbolt.nl.linux.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Is there a way to have the securedistros digest to list the subjects at the begining? - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 2 18:54:06 1999 Received: by humbolt.nl.linux.org id ; Fri, 2 Jul 1999 18:37:52 +0200 Received: from netralink.hotlink.com.br ([200.249.243.1]:35561 "HELO netralink.hotlink.com.br") by humbolt.nl.linux.org with SMTP id ; Fri, 2 Jul 1999 18:35:32 +0200 Received: (qmail 21982 invoked from network); 2 Jul 1999 16:35:59 -0000 Received: from netralink.hotlink.com.br (HELO netralink) (200.249.243.1) by netralink.hotlink.com.br with SMTP; 2 Jul 1999 16:35:59 -0000 Date: Fri, 2 Jul 1999 13:35:59 -0300 (EST) From: Cristiano Lincoln Mattos To: securedistros@humbolt.nl.linux.org Subject: Re: Update on Packet Storm In-Reply-To: <19990702002729.X21459@oto.valueweb.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list The source is HNN : www.hackernews.com Cristiano Lincoln Mattos Recife / Brazil On Fri, 2 Jul 1999, Illuminatus Primus wrote: > +----[ On Thu, Jul 01, at 11:10PM(+0200), Rik van Riel wrote: ]-------------- > | now that packet storm has been removed from the net and > | backups have (allegedly) been destroyed, it is time for > > Maybe not! > > According to this Slashdot post (which can certainly be 100% false), > the Packet Storm files are being returned: > > http://slashdot.org/comments.pl?sid=99/07/01/1551244&threshold=-1&commentsort=3&mode=thread&cid=262 > > Harvard Statement (Score:3, Informative) > by Gartmeister (dangartner at mediaone dot net) > on Thursday July 01, @05:46PM EDT (#262) > (User Info) http://people.ce.mediaone.net/dangartner > > Dont know if this was posted already or not: > > ======================= > * S T A T E M E N T * > > As a service to the Internet community, Harvard agreed to > host a Packet Storm Security Website for security-related > materials only. Without Harvard's knowledge, unrelated > content was put on the Harvard server, including > sexually-related material and personal attacks on an > individual not affiliated with the University. A Harvard > administrative site focused on security issues is not the > forum for this type of material. We are returning the content > on the site and hope that Packet Storm will make its > security tools available through its own Website. > > Joe Wrinn > Director > Office of News and Public Affairs > > Seems to me that harvard is giving Ken his site back. > > -If you can, be happy. If you can't, fuck shit up. > -=-=- > It's probably a good idea to keep whatever copies of files anyone has > until this "statement" is confirmed.. I think it's a bit suspicious > that the author didn't provide the source of the text. > > We'll see! Let's hope for the best.. and if it comes back, set up > several mirrors world-wide. > - > Securedistros: A common list for all secured Linux distributions > Archive: http://humbolt.nl.linux.org/lists/ > - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 2 23:15:11 1999 Received: by humbolt.nl.linux.org id ; Fri, 2 Jul 1999 23:10:55 +0200 Received: from post-10.mail.nl.demon.net ([194.159.73.20]:14744 "EHLO post.mail.nl.demon.net") by humbolt.nl.linux.org with ESMTP id ; Fri, 2 Jul 1999 23:10:12 +0200 Received: from [212.238.108.69] (helo=agratax.demon.nl) by post.mail.nl.demon.net with esmtp (Exim 2.02 #1) id 110AZS-0003iv-00 for securedistros@nl.linux.org; Fri, 2 Jul 1999 21:10:06 +0000 Received: from mirkwood.nl.linux.org ([10.0.0.1]:25605 "EHLO mirkwood.nl.linux.org") by mirkwood.nl.linux.org with ESMTP id ; Fri, 2 Jul 1999 23:08:35 +0200 Date: Fri, 2 Jul 1999 22:50:37 +0200 (CEST) From: Rik van Riel To: jkwilli2@unity.ncsu.edu cc: bugtraq@netspace.org, packetstorm@humbolt.nl.linux.org, webmaster@hackernews.com, webmaster@securityportal.com Subject: friends of packetstorm mailing list Message-ID: X-Search-Engine-Bait: http://humbolt.nl.linux.org/ X-My-Own-Server: http://www.nl.linux.org/ MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Hi, now that it has become somewhat apparent that packetstorm shouldn't be left vulnerable to anything (yesterday it was harvard, who knows what will happen tomorrow) I have setup an informal mailing list for the friends of packetstorm. packetstorm@nl.linux.org It's a majordomo-managed list, this means you can subscribe by typing the following command on your prompt: $ echo subscribe packetstorm | mail majordomo@nl.linux.org This list is in no way meant to question Ken's authority, it's just there to make it possible to better organize the packetstorm community. It's not going to be easy to find someone willing to host a 8+ GB/day site, so Ken will need all the help he can get in finding someone or setting up an alternative solution... regards, Rik -- Open Source: you deserve to be in control of your data. +-------------------------------------------------------------------+ | Le Reseau netwerksystemen BV: http://www.reseau.nl/ | | Linux Memory Management site: http://www.linux.eu.org/Linux-MM/ | | Nederlandse Linux documentatie: http://www.nl.linux.org/ | +-------------------------------------------------------------------+ - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Sat Jul 3 06:02:50 1999 Received: by humbolt.nl.linux.org id ; Sat, 3 Jul 1999 06:00:16 +0200 Received: from dokter.multiweb.net ([195.114.239.234]:44040 "EHLO dokter.multiweb.nl") by humbolt.nl.linux.org with ESMTP id ; Sat, 3 Jul 1999 05:59:33 +0200 Received: from master ( [192.168.1.4]) by dokter.multiweb.nl (8.8.7/8.8.7) with SMTP id GAA21618 for ; Sat, 3 Jul 1999 06:04:34 +0200 Posted-Date: Sat, 3 Jul 1999 06:04:34 +0200 X-Comment1: This mail was send using sendmail at X-Comment2: dokter.multiweb.nl If this was send unsolicited, X-Comment3: please reply to abuse@dokter.multiweb.nl X-Comment4: The best is to find a solution to your problem, X-Comment5: As You might notice mailing abuse doesn't get results. X-Comment6: Please reply the original sender and share your ideas X-Comment7: against spam, or just press delete and forget about it. Message-ID: <00d801bec508$92cbe9c0$0401a8c0@master.dokter.multiweb.nl> From: "Gerrie" To: Subject: Re: friends of packetstorm mailing list Date: Sat, 3 Jul 1999 06:00:21 +0200 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list -----Oorspronkelijk bericht----- Van: Rik van Riel ^^^^^^ dutch version of the Evil empires mail client sucks :-) > >It's not going to be easy to find someone willing to host a >8+ GB/day site, so Ken will need all the help he can get in >finding someone or setting up an alternative solution... > I think that the head sponsor off HIT2000 still have to discus about it intern -I haven't heard off them yet- But they have the ability off hosting that kind of traffic sites. I hope that they give us all a break, and host packetstorm. gtx, Gerrie Fun & secure http://www.hit2000.org - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Sat Jul 3 06:29:57 1999 Received: by humbolt.nl.linux.org id ; Sat, 3 Jul 1999 06:27:53 +0200 Received: from dokter.multiweb.net ([195.114.239.234]:12809 "EHLO dokter.multiweb.nl") by humbolt.nl.linux.org with ESMTP id ; Sat, 3 Jul 1999 06:27:28 +0200 Received: from master ( [192.168.1.4]) by dokter.multiweb.nl (8.8.7/8.8.7) with SMTP id GAA21635 for ; Sat, 3 Jul 1999 06:32:21 +0200 Posted-Date: Sat, 3 Jul 1999 06:32:21 +0200 X-Comment1: This mail was send using sendmail at X-Comment2: dokter.multiweb.nl If this was send unsolicited, X-Comment3: please reply to abuse@dokter.multiweb.nl X-Comment4: The best is to find a solution to your problem, X-Comment5: As You might notice mailing abuse doesn't get results. X-Comment6: Please reply the original sender and share your ideas X-Comment7: against spam, or just press delete and forget about it. Message-ID: <015501bec50c$77382440$0401a8c0@master.dokter.multiweb.nl> From: "Gerrie" To: Subject: Re: help save packet storm Date: Sat, 3 Jul 1999 06:28:08 +0200 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list -----Oorspronkelijk bericht----- Van: Alex de Joode Aan: securedistros@humbolt.nl.linux.org >> >> On Fri, 2 Jul 1999, Gerrie wrote: >> >> > just a few minutes ago I red about packet storm, at the same moment I >> > mailed the head sponsor of HIT2000 -Multiaccess- and asked them off I >> > may offer packetstorm a sponsership by Multiaccess under there own >> > domainname -packetstorm.net or .org -. >> > >> > Multiaccess will IMHO -if there a wise- probaly sponsor them. >> >> I do hope that Multiaccess is aware of the fact that packetstorm >> was/is generating 8GB+ of traffic a DAY. A kernel.org like mirror >> system probably is the only viable way to sustain packet storm in >> the future, and for that much traffic we're probably looking at >> 50+ mirrors that are automatically upgraded by rsync. >> > >Looks we have some room ;) > >Filesystem 1024-blocks Used Available Capacity Mounted on >/dev/sdc1 8089583 2850200 5239383 35% /pub > > We ? Do you work at Multiaccess? gtx, Gerrie - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Sat Jul 3 06:36:13 1999 Received: by humbolt.nl.linux.org id ; Sat, 3 Jul 1999 06:29:21 +0200 Received: from dokter.multiweb.net ([195.114.239.234]:13321 "EHLO dokter.multiweb.nl") by humbolt.nl.linux.org with ESMTP id ; Sat, 3 Jul 1999 06:28:54 +0200 Received: from master ( [192.168.1.4]) by dokter.multiweb.nl (8.8.7/8.8.7) with SMTP id GAA21639 for ; Sat, 3 Jul 1999 06:33:55 +0200 Posted-Date: Sat, 3 Jul 1999 06:33:55 +0200 X-Comment1: This mail was send using sendmail at X-Comment2: dokter.multiweb.nl If this was send unsolicited, X-Comment3: please reply to abuse@dokter.multiweb.nl X-Comment4: The best is to find a solution to your problem, X-Comment5: As You might notice mailing abuse doesn't get results. X-Comment6: Please reply the original sender and share your ideas X-Comment7: against spam, or just press delete and forget about it. Message-ID: <015801bec50c$abed7d20$0401a8c0@master.dokter.multiweb.nl> From: "Gerrie" To: Subject: Re: help save packet storm Date: Sat, 3 Jul 1999 06:29:41 +0200 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 4.72.3155.0 X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0 Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list -----Oorspronkelijk bericht----- Van: Emanuele Busuito Aan: securedistros@humbolt.nl.linux.org Datum: vrijdag 2 juli 1999 14:58 Onderwerp: Re: help save packet storm >Hi at all, > > I have in my home machine and in my server this: > > - PacketStorm mirror (2 weeks ago) 59M > - ftp.technotronic.com mirror 78M Shit don't tell them about technotronic :-)) technotronic is to handy :-) FTP is avaible under every OS, even a shell on a wintendo NT system :-) gtx, Gerrie - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Sat Jul 3 09:39:11 1999 Received: by humbolt.nl.linux.org id ; Sat, 3 Jul 1999 09:37:04 +0200 Received: from wahalla.worldonline.nl ([195.240.77.251]:33540 "EHLO wahalla.worldonline.nl") by humbolt.nl.linux.org with ESMTP id ; Sat, 3 Jul 1999 09:36:41 +0200 Received: from wahalla.worldonline.nl (nivo@hysteria.localnet.org [192.168.1.5]) by wahalla.worldonline.nl (8.8.7/8.8.7) with ESMTP id JAA12916 for ; Sat, 3 Jul 1999 09:41:07 +0200 Message-ID: <377DBDF4.490F52D4@wahalla.worldonline.nl> Date: Sat, 03 Jul 1999 09:38:28 +0200 From: Nils Vogels Organization: Unorganised :) X-Mailer: Mozilla 4.51 [en] (X11; I; Linux 2.2.10 i686) X-Accept-Language: en MIME-Version: 1.0 To: securedistros@humbolt.nl.linux.org Subject: Re: help save packet storm References: <015501bec50c$77382440$0401a8c0@master.dokter.multiweb.nl> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Gerrie wrote: > > -----Oorspronkelijk bericht----- > Van: Alex de Joode > Aan: securedistros@humbolt.nl.linux.org > > >> > >> On Fri, 2 Jul 1999, Gerrie wrote: > >> > >> > just a few minutes ago I red about packet storm, at the same moment I > >> > mailed the head sponsor of HIT2000 -Multiaccess- and asked them off I > >> > may offer packetstorm a sponsership by Multiaccess under there own > >> > domainname -packetstorm.net or .org -. > >> > > >> > Multiaccess will IMHO -if there a wise- probaly sponsor them. > >> > >> I do hope that Multiaccess is aware of the fact that packetstorm > >> was/is generating 8GB+ of traffic a DAY. A kernel.org like mirror > >> system probably is the only viable way to sustain packet storm in > >> the future, and for that much traffic we're probably looking at > >> 50+ mirrors that are automatically upgraded by rsync. > >> > > > >Looks we have some room ;) > > > >Filesystem 1024-blocks Used Available Capacity Mounted on > >/dev/sdc1 8089583 2850200 5239383 35% /pub > > > > > We ? Do you work at Multiaccess? > > gtx, > Gerrie > > - > Securedistros: A common list for all secured Linux distributions > Archive: http://humbolt.nl.linux.org/lists/ I will ask my employer (WorldOnline, ISP in Holland) if we are willing to run a mirror when the main site comes available. We will not be able to run the main site, since it was stated clearly it would run on a box that would have to run Linux, and we have Solaris as our choice of OS. A mirror would be no problem I guess.. Space and speed won't be the problem Filesystem kbytes used avail capacity Mounted on /dev/dsk/c1t0d0s3 38785000 5007657 29898843 15% /home Grtz, Nils Vogels System Administrator WAN/LAN World Online BV. -- * And the wonder of it all, is that you just don't realise... - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 9 15:08:55 1999 Received: by humbolt.nl.linux.org id ; Fri, 9 Jul 1999 15:07:16 +0200 Received: from smtp.wirehub.nl ([195.86.25.80]:7693 "EHLO smtp.wirehub.nl") by humbolt.nl.linux.org with ESMTP id ; Fri, 9 Jul 1999 15:06:35 +0200 Received: from hvdberg.veenendaal.nrcc.nl (ip195-86-48-20.dyn.wirehub.net [195.86.48.20]) by smtp.wirehub.nl (8.8.8/8.8.8) with ESMTP id PAA08696 for ; Fri, 9 Jul 1999 15:06:31 +0200 (CEST) Date: Fri, 9 Jul 1999 15:05:56 +0200 (Romance Daylight Time) From: Hugo Van den Berg To: securedistros@humbolt.nl.linux.org Subject: Identifiers Message-ID: X-X-Sender: hvdberg@mail.wirehub.nl MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Maybe something to think about if it's useful. VMS used to have the concept of identifiers. Identifiers could be associated with rights on the system, both rights to files and kernel rights. Identifiers could be given to users at login and to installed images. I don't think we should bring installed images back, because Linux has better mechanisms for sharing code, but we could attach them to executables, kind of like SGID, but with the ability to attach more than one, and you would not just set the identifier but also the associated rights. The big advantage IMHO is the ease of administration. If for example ping and traceroute need the same rights you only need to create a single identifier and attach that to both executables. If something changes in the required rights you only need one change. This would also allow controlled access to files and directories, i.e. only certain programs can gain access to certain locations. The use of identifiers or something similar would require some kernel changes, the ACL code in ext2fs for one thing, but I think it can be done without losing compatibility. Maybe a modifiction to group handling would even suffice. Ciao, Hugo. ---------------------------------------------------------------- Hugo Van den Berg - h.vandenberg@nrcc.nl Network Resource Consultants and Company BV Plesmanstraat 62 3905 KZ Veenendaal Postbus 67 3900 AB Veenendaal Tel: +31 318 555 059 Fax: +31 318 517276 Visit us at http://www.nrcc.nl ---------------------------------------------------------------- - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Fri Jul 9 16:09:10 1999 Received: by humbolt.nl.linux.org id ; Fri, 9 Jul 1999 16:07:19 +0200 Received: from imap0.glue.umd.edu ([128.8.10.158]:46748 "EHLO imap0.glue.umd.edu") by humbolt.nl.linux.org with ESMTP id ; Fri, 9 Jul 1999 16:06:52 +0200 Received: from y.glue.umd.edu (wgriffin@y.glue.umd.edu [128.8.10.68]) by imap0.glue.umd.edu (8.9.3/8.9.3) with ESMTP id KAA03511 for ; Fri, 9 Jul 1999 10:06:48 -0400 (EDT) Date: Fri, 9 Jul 1999 10:06:48 -0400 (EDT) From: wes To: securedistros@humbolt.nl.linux.org Subject: Re: Identifiers In-Reply-To: Message-ID: Organization: no thank you MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Work on something very similar to this is already in progess. It's the Linux-Privs project. The website I know of is: http://www.kernel.org/pub/linux/libs/security/linux-privs/ Today, Hugo Van den Berg wrote: :Maybe something to think about if it's useful. VMS used to have the :concept of identifiers. Identifiers could be associated with rights on the :system, both rights to files and kernel rights. Identifiers could be given :to users at login and to installed images. I don't think we should bring :installed images back, because Linux has better mechanisms for sharing :code, but we could attach them to executables, kind of like SGID, but with :the ability to attach more than one, and you would not just set the :identifier but also the associated rights. - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Sun Jul 11 22:59:24 1999 Received: by humbolt.nl.linux.org id ; Sun, 11 Jul 1999 22:57:34 +0200 Received: from mail.colenso.co.nz ([210.48.111.226]:24840 "EHLO colenso.co.nz") by humbolt.nl.linux.org with ESMTP id ; Sun, 11 Jul 1999 22:57:04 +0200 Received: from coaexchg1.colenso.co.nz ([202.27.136.82]) by coagate.colenso.co.nz with ESMTP id <27778>; Mon, 12 Jul 1999 08:55:45 +1200 Received: by COAEXCHG1 with Internet Mail Service (5.0.1460.8) id ; Mon, 12 Jul 1999 08:58:06 +1200 Message-ID: From: Tony Gurnick To: "'securedistros@humbolt.nl.linux.org'" Subject: RE: Identifiers Date: Mon, 12 Jul 1999 08:58:05 +1200 MIME-Version: 1.0 X-Mailer: Internet Mail Service (5.0.1460.8) Content-Type: text/plain Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list could someone point me to a FAQ that explains the current set of Linux/unix security mechanisms/issues in detail? What I am looking for is how they work, not just holes that have come up as a result of how they work > -----Original Message----- > From: Hugo Van den Berg [SMTP:H.VandenBerg@nrcc.nl] > Sent: Saturday, July 10, 1999 1:06 AM > To: securedistros@humbolt.nl.linux.org > Subject: Identifiers > > Maybe something to think about if it's useful. VMS used to have the > concept of identifiers. Identifiers could be associated with rights on the > system, both rights to files and kernel rights. Identifiers could be given > to users at login and to installed images. I don't think we should bring > installed images back, because Linux has better mechanisms for sharing > code, but we could attach them to executables, kind of like SGID, but with > the ability to attach more than one, and you would not just set the > identifier but also the associated rights. > > The big advantage IMHO is the ease of administration. If for example ping > and traceroute need the same rights you only need to create a single > identifier and attach that to both executables. If something changes in > the required rights you only need one change. > > This would also allow controlled access to files and directories, i.e. > only certain programs can gain access to certain locations. > > The use of identifiers or something similar would require some kernel > changes, the ACL code in ext2fs for one thing, but I think it can be done > without losing compatibility. Maybe a modifiction to group handling would > even suffice. > > Ciao, > > Hugo. > > ---------------------------------------------------------------- > Hugo Van den Berg - h.vandenberg@nrcc.nl > Network Resource Consultants and Company BV > Plesmanstraat 62 3905 KZ Veenendaal > Postbus 67 3900 AB Veenendaal > Tel: +31 318 555 059 Fax: +31 318 517276 > Visit us at http://www.nrcc.nl > ---------------------------------------------------------------- > > - > Securedistros: A common list for all secured Linux distributions > Archive: http://humbolt.nl.linux.org/lists/ - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Mon Jul 12 15:03:41 1999 Received: by humbolt.nl.linux.org id ; Mon, 12 Jul 1999 15:01:43 +0200 Received: from odel.on.ca ([209.167.177.162]:6011 "HELO redpenguin.odel.on.ca") by humbolt.nl.linux.org with SMTP id ; Mon, 12 Jul 1999 15:01:16 +0200 Received: (qmail 15791 invoked from network); 12 Jul 1999 13:10:30 -0000 Received: from odel.on.ca (HELO redpenguin.odel.on.ca) (209.167.177.162) by odel.on.ca with SMTP; 12 Jul 1999 13:10:30 -0000 Date: Mon, 12 Jul 1999 09:10:29 -0400 (EDT) From: Louis Bertrand To: "'securedistros@humbolt.nl.linux.org'" Subject: RE: Identifiers In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Secure UNIX Programming FAQ http://www.whitefang.com/sup/ --Louis -- Louis Bertrand O'Dell Engineering Ltd. Tel: 519-740-8620 Fax: 519-740-9483 OpenBSD: Secure by default On Mon, 12 Jul 1999, Tony Gurnick wrote: > could someone point me to a FAQ that explains the current set of Linux/unix > security mechanisms/issues in detail? > > > What I am looking for is how they work, not just holes that have > come up as a result of how they work > > > > -----Original Message----- > > From: Hugo Van den Berg [SMTP:H.VandenBerg@nrcc.nl] > > Sent: Saturday, July 10, 1999 1:06 AM > > To: securedistros@humbolt.nl.linux.org > > Subject: Identifiers > > > > Maybe something to think about if it's useful. VMS used to have the > > concept of identifiers. Identifiers could be associated with rights on the > > system, both rights to files and kernel rights. Identifiers could be given > > to users at login and to installed images. I don't think we should bring > > installed images back, because Linux has better mechanisms for sharing > > code, but we could attach them to executables, kind of like SGID, but with > > the ability to attach more than one, and you would not just set the > > identifier but also the associated rights. > > > > The big advantage IMHO is the ease of administration. If for example ping > > and traceroute need the same rights you only need to create a single > > identifier and attach that to both executables. If something changes in > > the required rights you only need one change. > > > > This would also allow controlled access to files and directories, i.e. > > only certain programs can gain access to certain locations. > > > > The use of identifiers or something similar would require some kernel > > changes, the ACL code in ext2fs for one thing, but I think it can be done > > without losing compatibility. Maybe a modifiction to group handling would > > even suffice. > > > > Ciao, > > > > Hugo. > > > > ---------------------------------------------------------------- > > Hugo Van den Berg - h.vandenberg@nrcc.nl > > Network Resource Consultants and Company BV > > Plesmanstraat 62 3905 KZ Veenendaal > > Postbus 67 3900 AB Veenendaal > > Tel: +31 318 555 059 Fax: +31 318 517276 > > Visit us at http://www.nrcc.nl > > ---------------------------------------------------------------- > > > > - > > Securedistros: A common list for all secured Linux distributions > > Archive: http://humbolt.nl.linux.org/lists/ > - > Securedistros: A common list for all secured Linux distributions > Archive: http://humbolt.nl.linux.org/lists/ > - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Mon Jul 12 17:55:05 1999 Received: by humbolt.nl.linux.org id ; Mon, 12 Jul 1999 17:51:48 +0200 Received: from zor.hut.fi ([130.233.242.65]:5730 "EHLO zor.hut.fi") by humbolt.nl.linux.org with ESMTP id ; Mon, 12 Jul 1999 17:51:22 +0200 Received: from localhost (waste@localhost) by zor.hut.fi (8.9.1/8.9.1) with ESMTP id SAA23627 for ; Mon, 12 Jul 1999 18:53:06 +0300 Date: Mon, 12 Jul 1999 18:53:06 +0300 (EEST) From: Zombie Cow To: securedistros@humbolt.nl.linux.org Subject: Re: tripwire database handling (WAS:Re: hacked boxes / countermeasures) Message-ID: X-URL: http://jya.com/usa-rfa.htm X-URL: http://www.iptvreports.mcmail.com/ic2kreport.htm X-no-archive: Yes MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list Anyone have a workable systems security strategy and planned countermeasures that would include consideration and operation guidelines in case of compromise for all of these nasties? Are there any tools for verifying codes inside programmable chips? Can you trust what the chips tell you? Maybe an FAQ to go with the distribution on issues such as this would be good? ---------- Forwarded message ---------- Date: Mon, 12 Jul 1999 17:58:30 +0300 (EEST) Cc: INCIDENTS@SECURITYFOCUS.COM Subject: Re: tripwire database handling (WAS:Re: hacked boxes / countermeasures) And what of the programmable chips on most new systems? Could some of them be altered to "edit" the read programs before they're run? What if the BIOS has been altered? How can you trust a processor with re-writeable microcode? ( Especially when Intel has had close dealings with NSA and also does loads of US military hardware, AFAIK. http://caq.com/cryptogate http://www.iptvreports.mcmail.com/ic2kreport.htm ) ---------- Forwarded message ---------- Date: Fri, 9 Jul 1999 20:16:35 +0200 From: Joel Eriksson To: INCIDENTS@SECURITYFOCUS.COM Subject: Re: tripwire database handling (WAS:Re: hacked boxes / countermeasures) On Thu, Jul 08, 1999 at 12:39:18PM +0200, Joakim Rastberg wrote: > On Wed, 7 Jul 1999, blind to the present wrote: > >Tripwire can also be worse than useless (if an admin assumes that no > >database change means no system compromise, and if they implement > >it poorly out of ignorance or laziness). > > (de-lurk) > > I work as a contractor at a big Swedish company, running boxen and trying > to convince other sysadmins that security is A Good Thing (tm). The main > complaint the admins have about tripwire was the manual work > when rebuilding and doing off-machine storage of the tripwire database. > > The solution I came up with was this: do a "-initialize" every night and > email the result (without storing it anywhere) to a hardened machine > running only smapd and a secured webserver.. This other machine compares > the output with yesterdays result and email/pages the admin(s) if any > changes are detected (or no email showed up). Creative, but unfortunately it's no secure setup. Ways around this include at least: - An attacker could just do a "tripwire -initialize" by himself, save the results, and arrange so the saved copy instead of the new database is e-mailed every night instead. - An attacker could make a wrapper for tripwire that modifies the database after tripwire has been run. This could be done with simple shellscripts. - An attacker could trojan tripwire itself and for example make sure that the cryptographic checksums for the backdoors, trojans, etc is hardcoded to the original ones and the rest are calculated as usual. This way it's also possible to escape detection when change in the databases is _expected_ (when installing new software, etc.), and even when the trojaned binaries are replaced when new versions are installed if the saved checksums only are used when the new checksums matches the checksums of the trojan / backdoor. - An attacker could modify the open() systemcall so that the saved copy of the files that are replaced with trojans / backdoors is read instead of the trojan / backdoor itself. The exec() systemcall would still use the trojan. This could in many cases be done using kernelmodules, or if the attacker is sophisticated enough it could be done by modifying kernelmemory in runtime. - An attacker could arrange so the trojans / backdoors are automatically "deinstalled" before the nightly tripwire database update, and reinstalled after the update is done. Tripwire doesn't check running processes right?.. To be secure, the tripwire-binary should be on a read-only medium, the medium that stores the databases should only be mounted when the database is updated and stored safely, and... Last but not least, the machine should be taken down to single-user mode and everything must be done manually. Since the kernel, shared libraries, etc may have been modified one should boot from for example a read-only floppy if that is possible, the important thing is that anything that has been accessable when from the host when it was up & running shouldn't be trusted. _Then_ the partition(s) to take databases of should be mounted and tripwire be run. > If the changes are ok, the admin can simply ack this on a webpage on the > secure machine. And how do you protect the mechanism for acknowledging changes, when not being able to determine whether the host that acknowledges changes is itself compromised? > This setup requires almost no effort from the hardworking admins to > maintain a current tripwire database and requires the attacker to > compromise the hardened SMAP/SSLwebserver to stay undetected. Even if that was true, the risk is too high IMHO. The weak point may very well be a flaw in SMAP or the secured webserver running on the supposedly hardened machine. If the setup described had not been severely flawed, it would have been absolutely great. Unfortunately, security comes at a price. In the case of tripwire it may seem high, but if security is important it may be unavoidable. I know that many servers can not be shut down now and then for a tripwire update since downtime means big moneylosses etc. In that case one may be forced to makeo a tradeoff and accept that certain security measures can not be done, and try to make up for it somehow by improving overall security on the machine. There is, of course, nothing wrong with using the method you described, as long as one is aware of the flaws and takes appropriate security measures besides using tripwire.. Tripwire, when not used correctly, may give a false sense of security that may be far more dangerous than if tripwire was not used and the administrators instead were more alert. If the administrators doesn't care either way, it can't get much worse though.. :-) I hope you don't take this as a flame, it is absolutely not intended as one.. > /Joakim Rastberg, Xinit AB, Sverige. Unix-only since 1984. -- Joel Eriksson Security Consultant - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Mon Jul 19 15:00:45 1999 Received: by humbolt.nl.linux.org id ; Mon, 19 Jul 1999 14:58:42 +0200 Received: from willamette.cbn.net.id ([202.158.3.6]:8201 "HELO willamette.cbn.net.id" smtp-auth: ) by humbolt.nl.linux.org with SMTP id ; Mon, 19 Jul 1999 14:58:16 +0200 Received: (qmail 5247 invoked from network); 19 Jul 1999 12:48:11 -0000 Received: from unknown (HELO cyber01) (202.158.63.119) by willamette.cbn.net.id with SMTP; 19 Jul 1999 12:48:11 -0000 Message-ID: <000501bed1e6$43260140$0100a8c0@cyber01> From: "Kwee Tiong Ham" To: Subject: Date: Mon, 19 Jul 1999 19:57:05 +0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2014.211 X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2014.211 Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Thu Jul 29 22:00:06 1999 Received: by humbolt.nl.linux.org id ; Thu, 29 Jul 1999 21:58:28 +0200 Received: from mtiwmhc05.worldnet.att.net ([204.127.131.40]:39084 "EHLO mtiwmhc05.worldnet.att.net" smtp-auth: ) by humbolt.nl.linux.org with ESMTP id ; Thu, 29 Jul 1999 21:58:00 +0200 Received: from webmail.worldnet.att.net ([135.145.254.69]) by mtiwmhc05.worldnet.att.net (InterMail v03.02.07.07 118-134) with SMTP id <19990729195749.UMOJ5731@webmail.worldnet.att.net>; Thu, 29 Jul 1999 19:57:49 +0000 Received: from [192.193.196.25] by webmail.worldnet.att.net; Thu, 29 Jul 1999 19:58:04 +0000 Date: Thu, 29 Jul 1999 19:58:04 +0000 Subject: From: yichiun.lin@att.net To: securedistros@humbolt.nl.linux.org X-Authenticated-Sender: yichiun.lin@att.net Message-Id: <1999072919580473389@webmail.att.net> MIME-Version: 1.0 Content-Type: text/plain Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Thu Jul 29 22:09:39 1999 Received: by humbolt.nl.linux.org id ; Thu, 29 Jul 1999 22:01:49 +0200 Received: from mtiwmhc05.worldnet.att.net ([204.127.131.40]:48048 "EHLO mtiwmhc05.worldnet.att.net" smtp-auth: ) by humbolt.nl.linux.org with ESMTP id ; Thu, 29 Jul 1999 22:00:30 +0200 Received: from webmail.worldnet.att.net ([135.145.254.69]) by mtiwmhc05.worldnet.att.net (InterMail v03.02.07.07 118-134) with SMTP id <19990729195942.UNFV5731@webmail.worldnet.att.net>; Thu, 29 Jul 1999 19:59:42 +0000 Received: from [192.193.196.25] by webmail.worldnet.att.net; Thu, 29 Jul 1999 19:59:58 +0000 Date: Thu, 29 Jul 1999 19:59:58 +0000 Subject: From: yichiun.lin@att.net To: securedistros@humbolt.nl.linux.org X-Authenticated-Sender: yichiun.lin@att.net Message-Id: <1999072919595903410@webmail.att.net> MIME-Version: 1.0 Content-Type: text/plain Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/ From owner-securedistros@humbolt.nl.linux.org Thu Jul 29 22:12:33 1999 Received: by humbolt.nl.linux.org id ; Thu, 29 Jul 1999 22:02:56 +0200 Received: from mtiwmhc06.worldnet.att.net ([204.127.131.41]:53959 "EHLO mtiwmhc06.worldnet.att.net" smtp-auth: ) by humbolt.nl.linux.org with ESMTP id ; Thu, 29 Jul 1999 22:00:28 +0200 Received: from webmail.worldnet.att.net ([135.145.254.69]) by mtiwmhc06.worldnet.att.net (InterMail v03.02.07.07 118-134) with SMTP id <19990729195935.KMFG13185@webmail.worldnet.att.net>; Thu, 29 Jul 1999 19:59:35 +0000 Received: from [192.193.196.25] by webmail.worldnet.att.net; Thu, 29 Jul 1999 19:59:58 +0000 Date: Thu, 29 Jul 1999 19:59:58 +0000 Subject: From: yichiun.lin@att.net To: securedistros@humbolt.nl.linux.org X-Authenticated-Sender: yichiun.lin@att.net Message-Id: <1999072919595903410@webmail.att.net> MIME-Version: 1.0 Content-Type: text/plain Sender: owner-securedistros@humbolt.nl.linux.org Precedence: bulk Reply-To: securedistros@humbolt.nl.linux.org Return-Path: X-Orcpt: rfc822;securedistros-list - Securedistros: A common list for all secured Linux distributions Archive: http://humbolt.nl.linux.org/lists/