Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
-
should I be concerned?
First, the SEARCH line you included looks suspiciously like a worm or virus test. Nothing to worry too much about since your server gave a 401, except if the "calling" computer is an internal one. Second, mail routing through secondary MXs is a well-used spammer trick. When you say "mail is...- Dalong
- Post #2
- Forum: Security, hacker detection & forensics
-
Spammer/SYNFLood help needed
If you took down your smtpd, that means you do not need the mail daemon for some time. So you can perform a quick test : change your DNS MX record and remove your server there (I suppose "your server" is the computer getting SYNFlooded; and, of course, I suppose you have secondary MXs...- Dalong
- Post #5
- Forum: Security, hacker detection & forensics
-
Cisco ACLs for Domain names
If you want to check/restrict web surfing, you will be better off using filtering proxies (squidguard, dansguardian and such). Otherwise, you could easily spend half your life running after IP changes.- Dalong
- Post #2
- Forum: Information Security Group
-
Spammer/SYNFLood help needed
You can recompile your kernel with SYN cookies activated. It will help you manage the Syn flood without problems (but it will do nothing against another kind of DOS, for example bandwidth-oriented). But are you sure it's a SYN Flood DOS ?- Dalong
- Post #3
- Forum: Security, hacker detection & forensics
-
Firewall and Spam Blocking for Home Network
One way to do that would be to set up a local mailbox server, which will get its mail feed from your 3rd party vendor's system (fetchmail comes to mind). Or, which would be better IMO, define/setup your own primary MX server, the third party being only secondary MX. Then add something like...- Dalong
- Post #2
- Forum: Virus/Spyware discussion
-
Article about virus sending zip files
I beg to disagree. You NEED to block zip files (and a helluva lot others). That way, when the next zip virus strikes, you will not be vulnerable while waiting for you AV vendor to update its virus signature database. And this is why, too.- Dalong
- Post #3
- Forum: Virus/Spyware discussion
-
SSL Query
OpenSSL is probably your friend there.- Dalong
- Post #2
- Forum: Security, hacker detection & forensics
-
SPF record in DNS?
Yes, maybe. And then, maybe not. Given the fact that LOTS of DNS servers are improperly configured, SPF configuration will undoubtedly suffer (and if you think "it will make them admins properly configure their servers", think again). Then, with forwarding, relaying, adress changes and such...- Dalong
- Post #2
- Forum: Information Security Group
-
General Firewall Advice Please
You should be concerned. Really. Even with dynamic IPs, on the average a connected computer is scanned once per 5 to 10 minutes. And it takes only a few seconds to install a backdoor or trojan on a laptop. Once the laptop will get back to your network, this will mean the insider will be inside...- Dalong
- Post #4
- Forum: Information Security Group
-
need cheap program to track web history :(
Just set up an HTTP proxy (Squid comes to mind), require that ALL outgoing HTTP go through the proxy (easy : configure your Internet router to reject any outgoin TCP/80 and such if they are not coming from the proxy) and analyze the proxy logs regularly. If you want to be able to pinpoint users...- Dalong
- Post #12
- Forum: Virus/Spyware discussion
-
Database and DMZ issues
There are seevral things wrong, in both schemes. Proxying SqlNet is... well, let's say if you have a proper filtering proxy for SqlNet, you _are_ Oracle. Otherwise, your reverse proxy will do nothing more than packet filtering. Useless, since FW2 (which could be a proper filtering router) will...- Dalong
- Post #3
- Forum: Information Security Group
-
Get this too much,'The page cannot be displayed'HELP
That could also come from timeouts with your navigator/http proxy/ISP and such. Especially since it occurs quite often when doing searches (since the web server needs to perform the search, it does not answer as quickly, and the timeout triggers).- Dalong
- Post #6
- Forum: Virus/Spyware discussion
-
What does removing telnet from /etc/xinetd do?
True, but incomplete. If you have another file in xinetd.d that starts telnetd on another port, someone could still telnet to your computer. It's nice, but not enough, to drop telnetd file from xinetd.d (or comment it out from xinetd.conf file). You must to the same for all services you do not...- Dalong
- Post #3
- Forum: Security, hacker detection & forensics
-
Security considerations in a crypto program
There are a hell of a lot of things to do. To name a few of them : no temp files; wipe any memory that could hold secrets, as soon as you do not need it anymore (wipe = WIPE IT, not just free it); prevent any swapping of memory pages that could hold secrets; choose a proper random source, with...- Dalong
- Post #2
- Forum: Security, hacker detection & forensics
-
DI-30 ejecting tapes after 2+ minutes
[I'm using Linux, not Windows] If I prevent the OS boot, the drive still ejects any tape I try to insert (and I have already removed all screws from the drive, since my first one got hit by the infamous left-rear screw problem). Does this mean something is broken in the drive ?- Dalong
- Post #4
- Forum: Data Recovery
-
DI-30 ejecting tapes after 2+ minutes
I hate to say such a thing, but "me too, me too". Since last monday, no tape will load, I have exactly the same symptom as you. So, anyone has an answer ? Should the drive be repaired or changed ? Tia, -- Dl- Dalong
- Post #2
- Forum: Data Recovery
