mgw | I'm trying to debug a weird dns issue… I have a .internal zone, which delegates .A.internal to another dns server | 00:50 |
---|---|---|
mgw | When I do a dig of foo.A.internal @ns.internal, it works — sometimes | 00:51 |
mgw | But more often, ns.internal never sees the response from ns.A.internal — even though I can see the response in a tcpdump running on ns.internal | 00:52 |
mgw | By "not see", I mean it does not show in bind's debug log | 00:53 |
mgw | any ideas? | 00:53 |
=== MACscr1 is now known as MACscr | ||
=== ikonia_ is now known as ikonia | ||
=== freeflying_away is now known as freeflying | ||
=== s is now known as Guest38168 | ||
=== virusuy_ is now known as virusuy | ||
=== Guest60143 is now known as mosh | ||
=== freeflying is now known as freeflying_away | ||
=== HisaoNakai_ is now known as HisaoNakai | ||
Quest | i need to scan the system (from out side) to see if it has any vulnarebilities for an attack. then understand how to fix them. | 17:27 |
Quest | nessus and metasploit, so they dont need to be installed ON the system that is TO BE Scanned? I wonder how will the vulnerbilitites could be check from out side? only open ports can be checked. like nmap does. can you elaborate? | 17:47 |
nobodies | i have an old ubuntu distro "natty" how can i do an dist upgrade | 17:59 |
nobodies | e.g. do-release-upgrade is not installed and i cant apt get it because the repo dosnt exist anymore | 18:04 |
Patrickdk_ | sure it exists | 18:06 |
Patrickdk_ | change to the archive repo's | 18:06 |
nobodies | how? | 18:08 |
tedski | nobodies: see here: http://old-releases.ubuntu.com/releases/11.04/ | 18:08 |
tedski | nobodies: edit your sources.list to include the relevant repos from here: http://old-releases.ubuntu.com/ubuntu/dists/ | 18:09 |
nobodies | great thanks i've done that now :) | 18:12 |
Quest | http://masoodahmad.com/02.Session-Hijacking-Pt.2.mov how the hell can the email / password be visible in this middleman attack when the user was using HTTPS gmail website ? | 18:54 |
qman__ | Quest, it's a bit off topic, but that's a simple man in the middle | 19:02 |
qman__ | he clicked past the certificate warning | 19:02 |
Quest | qman__, sorry? "past the certificate warning?" | 19:06 |
qman__ | Quest, when he browsed to gmail, he was presented with a certificate warning because his traffic was being intercepted | 19:09 |
qman__ | he clicked ok to continue anyway without a single word spoken on it | 19:09 |
qman__ | it's disingenuous, as is using windows 2000 and horribly outdated versions of internet explorer | 19:10 |
Quest | what was the warning about? | 19:12 |
qman__ | the certificate name not matching, because it was invalid and presented by the attacker rather than gmail | 19:12 |
qman__ | but again, this is offtopic, it has nothing to do with ubuntu server or even linux in general | 19:13 |
Quest | i think with https, the data , should have gone out of the computer after it has been encrypted. so once it goes out. how can it be seen in a text file by middle man . in plain text. | 19:13 |
Quest | qman__, oh. the cert was invalid? he never setup the certificate...... did he in the video? | 19:14 |
qman__ | the man in the middle intercepts and modifies the transmission, the client never reaches gmail to initiate a secure connection | 19:15 |
Quest | qman__, the client does reaches gmail, how come he would load the login web page else then? | 19:17 |
qman__ | you clearly do not understand the basics of how https and SSL work | 19:18 |
bekks | And it has nothing to do with ubuntu - it is a generic issue. | 19:18 |
Quest | qman__, can we private chat. (away from ubuntu and bekks ) | 19:20 |
qman__ | no, you need to learn a lot more before you can understand how this attack works | 19:20 |
qman__ | take a course or read a good book on PKI | 19:20 |
Quest | qman__, only think i guess is that. the client did reached gmail. but the certificate was supplied by cain. as its default behaviour? | 19:21 |
Quest | qman__, it was a course video. iam doing what you said. but i neeed discussions. with you skills. can we chat else where? | 19:21 |
Quest | am i correct about the cain and cert ? qman__ | 19:24 |
bekks | No. | 19:25 |
Quest | bekks, dont respond. its ubuntu channel | 19:25 |
Quest | qman__, so? | 19:25 |
bekks | Quest: If you dont like the answer, dont ask. | 19:25 |
Quest | not asking you ) | 19:25 |
Quest | :) | 19:25 |
bekks | Ignoring you. Good luck. | 19:26 |
qman__ | no, you do not understand how it works | 19:26 |
Quest | bekks, atlast. thanks | 19:26 |
qman__ | stop pestering me, and learn how PKI functions | 19:26 |
qman__ | I have already explained how it works | 19:26 |
Quest | hm.. i thought i knew https and read docs | 19:26 |
Quest | last question. qman__ is cain or abel sending its own certificate to client? | 19:26 |
Quest | y/n? | 19:27 |
LargePrime | hey all. my /tmp is full? | 19:28 |
LargePrime | http://paste.ubuntu.com/6076170/ | 19:28 |
bekks | LargePrime: Thats not a standard ubuntu filesystem. What did you do? | 19:28 |
bekks | LargePrime: Please provide the output of "lsb_release -a" | 19:29 |
bekks | LargePrime: In a pastebin please. | 19:29 |
qman__ | LargePrime, http://stackoverflow.com/questions/17536139/releasing-unneccesary-space-used-in-tmp | 19:30 |
qman__ | the second answer, in particular | 19:30 |
LargePrime | bekks: "No LSB modules are available." | 19:31 |
Quest | last question. qman__ is cain or abel sending its own certificate to client? | 19:31 |
bekks | LargePrime: The entire output. Not just one line. | 19:31 |
bekks | LargePrime: So where is the entire output? :) | 19:35 |
LargePrime | http://paste.ubuntu.com/6076180/ | 19:36 |
bekks | LargePrime: And pastebin your /etc/fstab too, please, along with "uname -a" | 19:37 |
LargePrime | qman__: /tmp: device is busy. when i try and unmount | 19:37 |
LargePrime | bekks: http://paste.ubuntu.com/6076217/ is uname -a . I dont understand "pastebin your /etc/fstab" | 19:40 |
bekks | LargePrime: Copy the content of /etc/fstab into a pastebin. | 19:40 |
bekks | You are running a pretty old kernel, on your 12.04.3 | 19:40 |
LargePrime | `i should update it? | 19:41 |
bekks | The current kernel for 12.04.3 is 3.5.0 | 19:41 |
bekks | Yes, you should. | 19:41 |
LargePrime | right now i cant update anything, cause /tmp issue | 19:41 |
LargePrime | bekks: fstab http://paste.ubuntu.com/6076226/ | 19:43 |
bekks | So you did mount your /tmp on your own, dont you? | 19:44 |
LargePrime | nope | 19:45 |
LargePrime | it happened cause / was full | 19:45 |
bekks | It didnt. /tmp did not mount because / is full. And your / has 6.1GB free space. | 19:48 |
LargePrime | my / WAS full | 19:48 |
LargePrime | as qman__ link points out | 19:49 |
LargePrime | ubuntu mounts /tmp in ram | 19:49 |
LargePrime | when that happens | 19:49 |
LargePrime | but i am not sure how to unmount it | 19:49 |
LargePrime | and unmount says it is in use | 19:49 |
LargePrime | http://paste.ubuntu.com/6076245/ is what i get when i try an unmount | 19:52 |
bekks | Then you have to reboot. | 19:52 |
LargePrime | poop | 19:53 |
LargePrime | so reboot then unmount it | 19:53 |
LargePrime | ? | 19:53 |
bekks | No. | 19:53 |
bekks | Reboot unmounts everything, and reboots your computer. | 19:54 |
LargePrime | is there any other option to rebooting? | 20:10 |
Pastafarian | Anyone Ubuntu staffers online? | 20:14 |
Pastafarian | The lack of an apache 2.4 port is getting more and more worrying. | 20:16 |
Pastafarian | When is a 2.4 port to 12.04 lts and others planned? | 20:16 |
Pastafarian | https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1197884 | 20:27 |
uvirtbot | Launchpad bug 1197884 in apache2 "apache2.2 SSL has no forward-secrecy: need ECDHE keys" [Wishlist,Fix committed] | 20:27 |
Pastafarian | This needs to be sorted right now. | 20:27 |
LargePrime | Pastafarian: | 20:28 |
LargePrime | My imaginary friend still loves you. | 20:28 |
Pastafarian | FSM ? | 20:30 |
Pastafarian | This bug is not "wishlist" | 20:47 |
Pastafarian | https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/1197884 | 20:47 |
uvirtbot | Launchpad bug 1197884 in apache2 "apache2.2 SSL has no forward-secrecy: need ECDHE keys" [Wishlist,Fix committed] | 20:47 |
Pastafarian | It's security critical. RC4 is being implied as being cracked by the NSA etc... meaning we could do with the newer ciphers. | 20:47 |
mdeslaur | Pastafarian: Bruce Schneier said "Prefer conventional discrete-log-based systems over elliptic-curve systems; the latter have constants that the NSA influences when they can" | 21:01 |
mdeslaur | Pastafarian: if someone backports the ECDHE stuff to apache 2.2, we may consider adding it | 21:02 |
ScottK | OTOH, some of the black hat (or defcon, I can't recall) presentations this year gave me the impression that RSA/DSA's days are numbered. | 21:03 |
mdeslaur | ScottK: that turned out to be overly exaggerated | 21:03 |
ScottK | Interesting. | 21:03 |
mdeslaur | see https://www.schneier.com/blog/archives/2013/08/the_cryptopocal.html | 21:04 |
mdeslaur | the fact that ECC is patented doesn't help the situation at all | 21:06 |
mdeslaur | unless everyone starts giving royalties to Blackberry | 21:06 |
ScottK | Agreed. | 21:06 |
mdeslaur | It's been a pretty depressing few months :P | 21:06 |
ScottK | Thanks. | 21:07 |
Pastafarian | That being said | 21:31 |
Pastafarian | we need it updating in one of the two ways | 21:31 |
Pastafarian | asap | 21:31 |
Pastafarian | The major hint is that RSA is over | 21:32 |
Pastafarian | and that RC4 can be broken. | 21:32 |
Pastafarian | mdeslaur, if ubuntu is meant to have a server version which they're selling support to shouldnt the devs give more of a crap about this | 21:33 |
mdeslaur | Pastafarian: yes, ubuntu devs should definitely be looking at that | 21:34 |
Pastafarian | ultimately someone needs to get elgamal going | 21:34 |
mdeslaur | Pastafarian: someone needs to backport the support to apache 2.2 | 21:34 |
Pastafarian | that should have been done certainly | 21:35 |
Pastafarian | however it's not like they shouldnt drop 2.4 into raring and earlier | 21:35 |
Pastafarian | especially lts | 21:35 |
mdeslaur | releases rarely get newer versions, especially for something like this | 21:36 |
mdeslaur | this is far from a critical issue | 21:36 |
Pastafarian | Where as I would disagree ;) | 21:36 |
Pastafarian | RC4 is flogging a dead horse. | 21:37 |
mdeslaur | I don't see any other distros rushing out to do the backporting work, or to release apache 2.4 into older releases | 21:37 |
Pastafarian | The alternatives are locked into 2.2.22 | 21:37 |
Pastafarian | however debian has it in testing | 21:37 |
Pastafarian | and has for a long while | 21:37 |
mdeslaur | Pastafarian: saucy will have 2.4 | 21:37 |
Pastafarian | I know, and I still don't want to wait until October | 21:37 |
Pastafarian | and I cannot jerk around on production machines compiling it instead | 21:38 |
mdeslaur | Pastafarian: you're not in the US, are you? | 21:38 |
Pastafarian | Nope. | 21:38 |
=== freeflying_away is now known as freeflying | ||
Pastafarian | So I have slightly less to be concerned about, regardless. It's committed. Just needs speeding the hell up. | 21:40 |
mdeslaur | committed? | 21:40 |
Pastafarian | Fix committed, i,e, in saucy | 21:41 |
Pastafarian | I'd expect it to be shoved in 12.04 quickly too. | 21:41 |
mdeslaur | that's likely not going to happen | 21:42 |
Pastafarian | Then someone needs to pull a cranium out of somewhere. | 21:42 |
Pastafarian | >LTS when we feel like it. | 21:42 |
mdeslaur | Pastafarian: your definition of what an LTS is is flawed | 21:43 |
Pastafarian | In which case by 5 years of support they mean, at our discretion regardless of security? | 21:48 |
mdeslaur | Pastafarian: that's not a security issue | 21:49 |
Pastafarian | Not for the Operating System | 21:50 |
Pastafarian | For anyone using it | 21:50 |
Pastafarian | If the ubuntu devs are making their definitions strictly to the security of a SERVER operating system only to the OS | 21:50 |
Pastafarian | they're being at best, stupid. | 21:50 |
=== freeflying is now known as freeflying_away | ||
ScottK | So you want the stability of an LTS on a system that's updated all the time? | 22:29 |
ScottK | Pick one. | 22:29 |
=== freeflying_away is now known as freeflying | ||
Pastafarian | ScottK, don't be dense. | 23:21 |
Pastafarian | You want stability and security. | 23:22 |
Pastafarian | These are not mutually exclusive | 23:22 |
ScottK | No, but dumping a new version of apache into an already release LTS is insanity. | 23:22 |
Pastafarian | and when tested has it presented issues? | 23:23 |
Pastafarian | have someone even tried? | 23:23 |
Pastafarian | plenty of PPAs out there | 23:23 |
Pastafarian | why is it insanity? I can choose 2.2 or 2.4 in windows | 23:25 |
Pastafarian | or debian | 23:25 |
Pastafarian | and expect on many other distros | 23:25 |
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!