Upgrade CentOS 4.8 to 5.3
by Ryan M. on Oct.20, 2009, under HowTo, My Blog
Traditionally, the dist upgrade path that many were familiar with from the RH8/9->Fedora or similarly Fedora dist upgrades, have applied more or less to RHEL/CentOS but with the release of 4.5 and early releases of 5.0 the actual dist upgrade path was messy or nearly impossible. The early versions of 5.0 (up to 5.2) had [...]
Linux Malware Detectection
by Ryan M. on Oct.19, 2009, under Development Blog, My Blog
I have the last few weeks been working on a new project for malware detection on Linux web servers, it is already at a pre-release version in use at work and it has shown phenomenal promise.
Right to it, some background… On a daily basis the network I manage receives a large number of attacks, [...]
The Way Forward
by Ryan M. on Oct.18, 2009, under Development Blog, My Blog
It is hard to believe the year is almost done and gone already, it has been busy for me with some life drama earlier in the year then a couple of larger projects keeping me on my toes since then.
During the last few weeks I have taken the time to draft a solid road map [...]
Snorting the Web Farm
by Ryan M. on Jun.10, 2009, under My Blog
Here are some rules for you snort freaks to chew on that I have found useful in web heavy environments.
alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE x2300 phpshell detected”; content:”Locus7Shell”; nocase; classtype:web-application-activity; reference:url,www.rfxn.com; sid:300010; rev:1;)
alert tcp $HTTP_SERVERS $HTTP_PORTS -> any any (msg:”ET ATTACK RESPONSE RFI Scanner detected”; content:”RFI Scanner”; classtype:web-application-activity; reference:url,www.rfxn.com; sid:300020; [...]
BOGON Filtering, Update It
by Ryan M. on Apr.17, 2009, under Development Blog
One of the features used by APF to prevent address spoofing is that it filters reserved IP address space, also known as BOGON filtering. This is an otherwise very reliable method to keep out random unallocated spoofed addresses from injecting traffic towards your server, assuming of course the list is updated regularly.
We decided a few [...]
-
Welcome to R-fx Networks!
I welcome you to the new R-fx Networks, now strictly devoted to our projects and community at large. Join me as I strive to find a new path for the site and projects - we are still very much alive and active!
Please see the about us page for more details on why this change has been made. 
OSS-SEC Updates- Re: CVE request: kernel: connector security bypass March 11, 2010
- Re: CVE Request: libesmtp does not check NULL bytes in commonName March 11, 2010
- Re: CVE Request: libesmtp does not check NULL bytes in commonName March 11, 2010
- Re: CVE Request: libesmtp does not check NULL bytes in commonName March 11, 2010
- Re: CVE Request: libesmtp does not check NULL bytes in commonName March 11, 2010
- BugTraq Updates
- Vuln: dpkg-source Directory Traversal Vulnerability March 10, 2010
- Vuln: NTP mode 7 MODE_PRIVATE Packet Remote Denial of Service Vulnerability March 10, 2010
- Vuln: CUPS File Descriptors Handling Remote Denial Of Service Vulnerability March 10, 2010
- Vuln: CUPS File Descriptors Handling Use-After-Free Remote Denial Of Service Vulnerability March 10, 2010
- Bugtraq: [USN-909-1] dpkg vulnerability
- Milw0rm Updates
- ProdLer <= 2.0 (prodler.class.php sPath) RFI Vulnerability September 20, 2009
- BigAnt Server <= 2.50 SP6 Local (ZIP File) Buffer Overflow PoC #2 September 20, 2009
- Joomla com_mytube (user_id) Blind SQL Injection Exploit September 20, 2009
- cP Creator 2.7.1 (Cookie tickets) Remote SQL Injection Exploit September 20, 2009
- Joomla com_jinc (newsid) Blind SQL Injection Vulnerability September 20, 2009
