tcpdump mailing list archives
Re: tcpdump.org mirrors
From: Michael Richardson <mcr () sandelman ottawa on ca>
Date: Wed, 13 Nov 2002 13:25:33 -0500
-----BEGIN PGP SIGNED MESSAGE-----
"Joseph" == Joseph W Shaw <mrman () darkside org> writes:
>> I run the main mirror of tcpdump at wiretapped.net (no relation to >> wiretapped.us) in Australia. We rsync from cvs.tcpdump.org, and have >> removed the entire tcpdump.org tree and disabled rsync updates until we >> hear from Michael Richardson at tcpdump.org. >> >> You may like to add this info to your Updates area, as the unavailability >> of the main mirror site may seem suspicious. It is not, as described >> above. >> >> Because wiretapped.net itself is mirrored to a few other sites, it may >> take between 1 hour and 24 hours for this removal (and any subsequent >> re-addition) to take effect. We'll note when it goes back online at >> http://www.wiretapped.net/changelog.html Joseph> I sent a notification to Michael at 2:30 am this morning when the HLUG Joseph> guys informed me. While I wrote the tcpdump.org page, I don't have any Joseph> admin rights to the server so there's nothing I can do to change anything Joseph> on it. Until Michael finds himself aware of this issue, all mirrors Joseph> should remove their source packages until further notice. Hi, I learnt about things as I picked up voice mail this morning upon landing in Atlanta for DNSSEC workshop and IETF next week. (Grant, your voice mail was appreciated, because otherwise it wouldn't have been until several hours later). It appears that the machine was either had root compromised, or my account. There is indeed a login (recorded in authlog, but not in lastlog) on Sunday evening from the machine to which the trojan gets directed. The machine is partially offline (no default route). The mailing list (and my mailbox) is also hosted on this machine. I will probably move both elsewhere this coming week. Expect the machine to stay offline for a number of days. ] ON HUMILITY: to err is human. To moo, bovine. | firewalls [ ] Michael Richardson, Sandelman Software Works, Ottawa, ON |net architect[ ] mcr () sandelman ottawa on ca http://www.sandelman.ottawa.on.ca/ |device driver[ ] panic("Just another Debian GNU/Linux using, kernel hacking, security guy"); [ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (GNU/Linux) Comment: Finger me for keys iQCVAwUBPdKZF4qHRg3pndX9AQHPFgQAmy0vumlOr87jXa7irBjJMok9gmllCRoS 02UzBI9bvpjMf1v778VxCIhFim1KgIT5ZPQDCYnvAXDwSR6IxFHwSUeTYwsvEbRM ofCkN9//ubTJt59t5Hcx7jmUIedfT78AaJEJjHC85xuZO0eSUGyJhl+wAxMR9I4C yjgCl+8Yles= =+CuM -----END PGP SIGNATURE----- - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe
Current thread:
- tcpdump.org mirrors Grant Bayley (Nov 13)
- Re: tcpdump.org mirrors Joseph W. Shaw II (Nov 13)
- Re: tcpdump.org mirrors Michael Richardson (Nov 18)
- Re: [WT-CHANGES] tcpdump.org mirrors mlh (Nov 18)
- Re: [WT-CHANGES] tcpdump.org mirrors Michael Richardson (Nov 18)
- Re: [WT-CHANGES] tcpdump.org mirrors Grant Bayley (Nov 18)
- Re: [WT-CHANGES] tcpdump.org mirrors Grant Bayley (Nov 18)
- Re: tcpdump.org mirrors Michael Richardson (Nov 18)
- Re: tcpdump.org mirrors Grant Bayley (Nov 18)
- Re: tcpdump.org mirrors Joseph W. Shaw II (Nov 13)