Re: Microsoft-IIS/6.0 serves up Debian... WTF!

["Anderson Kaiser" <alpkaiser@gmail.com>]

2008/6/8 Joey Hess <joeyh@debian.org>:

Jim Popovitch wrote:
> Here's my issue, please correct me if I am wrong.  .debs and sigs both
> exist on the same server.  If the Windows box/network is compromised,
> then the sigs and debs can be modified and who would know?

The security provided by a gpg signature is the difficulty in forging
the signature, not the server that serves it.

http://wiki.debian.org/SecureApt

--
see shy jo

Well,

The TTL from this server is equal 64.The Default TTL Debian.

See my tests from Brasil:

I use:

# tracert ike.egr.msu.edu

It returns 25 jumps.

The TTL returns 39

39 + 25 = 64 TTL

root@k41s3r:~# ping ike.egr.msu.edu
PING ike.egr.msu.edu (35.9.37.225) 56(84) bytes of data.
64 bytes from ike.egr.msu.edu (35.9.37.225): icmp_seq=1 ttl=39 time=315 ms
64 bytes from ike.egr.msu.edu (35.9.37.225): icmp_seq=2 ttl=39 time=289 ms
64 bytes from ike.egr.msu.edu (35.9.37.225): icmp_seq=3 ttl=39 time=317 ms
64 bytes from ike.egr.msu.edu (35.9.37.225): icmp_seq=4 ttl=39 time=326 ms
64 bytes from ike.egr.msu.edu (35.9.37.225): icmp_seq=5 ttl=39 time=308 ms
64 bytes from ike.egr.msu.edu (35.9.37.225): icmp_seq=7 ttl=39 time=272 ms



-- 
Anderson Kaiser
alpkaiser@gmail.com
Linux User #: 426240