Re: freebsd-security Digest, Vol 61, Issue 3

From: Michael Vlasov (mv_at_rbr.ru)
Date: 06/07/04

Next message: Neo-Vortex: "Re: freebsd-security Digest, Vol 61, Issue 3"

Previous message: Darren Reed: "Re: syslogd(8) Dropping Privs"
Next in thread: Neo-Vortex: "Re: freebsd-security Digest, Vol 61, Issue 3"
Reply: Neo-Vortex: "Re: freebsd-security Digest, Vol 61, Issue 3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: freebsd-security@freebsd.org
Date: Mon, 07 Jun 2004 09:49:51 +0400

On Sat, 29 May 2004 12:00:52 -0700 (PDT),
<freebsd-security-request@freebsd.org> wrote:

Hello !

Today i see in snort logs :

[**] [1:528:4] BAD-TRAFFIC loopback traffic [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/07-09:44:39.044590 127.0.0.1:80 -> 10.6.148.173:1566
TCP TTL:128 TOS:0x0 ID:577 IpLen:20 DgmLen:40
***A*R** Seq: 0x0 Ack: 0x75830001 Win: 0x0 TcpLen: 20
[Xref => http://rr.sans.org/firewall/egress.php]

[**] [1:528:4] BAD-TRAFFIC loopback traffic [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/07-09:44:39.075824 127.0.0.1:80 -> 10.6.249.83:1299
TCP TTL:128 TOS:0x0 ID:578 IpLen:20 DgmLen:40
***A*R** Seq: 0x0 Ack: 0x568A0001 Win: 0x0 TcpLen: 20
[Xref => http://rr.sans.org/firewall/egress.php]

[**] [1:528:4] BAD-TRAFFIC loopback traffic [**]
[Classification: Potentially Bad Traffic] [Priority: 2]
06/07-09:44:39.107072 127.0.0.1:80 -> 10.6.96.121:1032
TCP TTL:128 TOS:0x0 ID:579 IpLen:20 DgmLen:40
***A*R** Seq: 0x0 Ack: 0x37920001 Win: 0x0 TcpLen: 20
[Xref => http://rr.sans.org/firewall/egress.php]

Why ? ;-)

> Send freebsd-security mailing list submissions to
> freebsd-security@freebsd.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> or, via email, send a message with subject or body 'help' to
> freebsd-security-request@freebsd.org
>
> You can reach the person managing the list at
> freebsd-security-owner@freebsd.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of freebsd-security digest..."
>
>
> Today's Topics:
>
> 1. X & securelevel=3 (bofn)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Sat, 29 May 2004 05:43:23 +0200
> From: "bofn" <bofn@irq.org>
> Subject: X & securelevel=3
> To: freebsd-security@freebsd.org
> Message-ID: <web-3714609@sqnork.irq.org>
> Content-Type: text/plain; charset="ISO-8859-1"
>
>
> running (4-Stable)
>
> Hi,
>
> short form question:
> how does one run XDM under securelevel>0 ?
>
> long version:
> i've searched for an answer on how to run Xfree/Xorg at a securelevel
> the X server likes access to /dev/io and some other resources but is not
> granted access after security is switched on.
> one way of doing it seems to be to start it before setting the
> securelevel, but
> then is doesnt allow a restart of X.
> the other option seems to be the Aperture patch, ported in 2001 with no
> recent
> updates and no longer usable against the current software.
>
> 2nd part of the question..
> cd writing needs direct access to /dev/<acd0c> and that is also not
> allowed in
> secure more.
> how can one give selective access to only allow (RW) access to one or two
> devices ?
>
> if there is no way of doing these things with configs and such, can
> anyone
> point me at the relevant source code that controls these functions so i
> can add
> this specific functionality.
>
>
> Cheers
> * Anna
>
>
> ------------------------------
>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
> "freebsd-security-unsubscribe@freebsd.org"
>
> End of freebsd-security Digest, Vol 61, Issue 3
> ***********************************************

_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

Next message: Neo-Vortex: "Re: freebsd-security Digest, Vol 61, Issue 3"

Previous message: Darren Reed: "Re: syslogd(8) Dropping Privs"
Next in thread: Neo-Vortex: "Re: freebsd-security Digest, Vol 61, Issue 3"
Reply: Neo-Vortex: "Re: freebsd-security Digest, Vol 61, Issue 3"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: x crashed
... marlon corleone wrote: ... > that i should change the securelevel to '-1' well i did changed it but ... that sounds like a linux thing to me. ... To unsubscribe, ...
(freebsd-questions)
Re: x crashed
... "marlon corleone" wrote: ... > that i should change the securelevel to '-1' well i did changed it but ... To unsubscribe, ...
(freebsd-questions)
Re: NTPD and SecureLevel
... I think running ntpwait after starting ntpd and before bumping the ... securelevel is safer and even better. ... > You will want to "step" the system time at boot before the securelevel is set ... > To unsubscribe, ...
(freebsd-stable)
Re: Kernel-loadable Root Kits
... > Is there a way to prevent the kernel from allowing loadable modules? ... Run your system in securelevel 1 or higher. ... .siht ekil ti gnidaer eb d'uoy,werbeH ni erew ecnetnes siht fI ... To Unsubscribe: send mail to majordomo@FreeBSD.org ...
(freebsd-hackers)