[CentOS] Minor dovecot/KMail problem

[Timothy Murphy]

I'm running a dovecot/IMAP server under CentOS-5.3 on my desktop,
reading the mail with KMail on my laptop.

I have what seems a venerable and well-documented problem/bug;
when I click on "Check Mail" I get an error message
"Error while getting folder information" ...
Actually, this doesn't appear to have the slightest effect
on kmail, which works perfectly if one just presses Continue.

But I have worked out that the cause of the problem
is that there exists a kind of ghost folder, "uidvalidity",
which is listed among the folders on the kmail page
but does not in fact seem to exist in my maildir on the server.

Deleting the folder under kmail has no permanent effect;
it simply re-appears when I re-start kmail.

I assume the folder is listed in some way in the dovecot.index ;
and my question really is: if I delete this index file
will it be re-created automatically?

This bug/feature seems to have been present for years,
which I suppose is par for KDE.
To make it as difficult as possible to diagnose,
the error message on the kmail page is incomplete,
even when expanded to the whole screen.
In particular it does not specify (on the visible part)
what folder is causing the problem.
Nor is the error listed with other dovecot information
in /var/log/messages .

Any suggestions/advice gratefully received.


-- 
Timothy Murphy  
e-mail: gayleard /at/ eircom.net
tel: +353-86-2336090, +353-1-2842366
s-mail: School of Mathematics, Trinity College Dublin 


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] card reader not responding

[Michael Klinosky]

I saved pictures on an SD card with my Nokia phone (1 GB). Now, I'm 
trying to use the card on my Acer Aspire 3680 (laptop) running 5.3 and 
gnome.

Popping the card in (until it clicks) evokes nothing from the system log 
or dmesg, and I don't see anything relevant in /dev. (What is the device 
for this?)

lspci has this entry:
0a:09.2 Mass storage controller: Texas Instruments 5-in-1 Multimedia 
Card Reader (SD/MMC/MS/MS PRO/xD)

I couldn't find anything in Cent's wiki (searching for "card reader"), 
so I tired Google's linux SE, and found this:
http://bbs.archlinux.org/viewtopic.php?id=64974

I tried all 3 modprobe lines (as root) - "FATAL ... not found."

So, one problem seems to be that I'm unfamiliar with modprobe; what's 
wrong? Do I need to install something?

I should note that I'm not at all familiar with setting up new stuff 
like this. If I'm going at it wrong, please inform!

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] card reader not responding

[nate]

Michael Klinosky wrote:

> So, one problem seems to be that I'm unfamiliar with modprobe; what's
> wrong? Do I need to install something?

In my experience at least many card readers that are integrated
into laptops have compatibility issues with linux. It may be
possible to get them working but often it is more difficult than
it's worth and your better off with an external USB reader.

In this case the FATAL messages mean the drivers aren't there.
CentOS isn't really made to be a desktop OS, though it certainly
can be used as one. The downside is that it's drivers are often
much older or not available compared to systems like Ubuntu and
Fedora. Though in general CentOS should be more stable, in part
because it does not have those types of drivers, it'll get them
when they are (hopefully) really solid and tested.

You can try to find the drivers yourself and compile them from
source but I think for you is probably more trouble than it's
worth given my impression of your linux experience. I suggest
just getting a compact USB SD card reader.

Some phones like my Sanyo can present themselves as USB storage
to a computer as well when connected. I'm not sure if your phone
can, if so that could be another option.

nate



___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] CentOS-announce Digest, Vol 52, Issue 11

[centos-announce-request]

Send CentOS-announce mailing list submissions to
centos-annou...@centos.org

To subscribe or unsubscribe via the World Wide Web, visit
http://lists.centos.org/mailman/listinfo/centos-announce
or, via email, send a message with subject or body 'help' to
centos-announce-requ...@centos.org

You can reach the person managing the list at
centos-announce-ow...@centos.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of CentOS-announce digest..."


Today's Topics:

   1. CEEA-2009:1105  CentOS 5 x86_64 tzdata Update (Karanbir Singh)
   2. CEEA-2009:1105  CentOS 5 i386 tzdata Update (Karanbir Singh)
   3. CEBA-2009:1088  CentOS 5 i386 mkinitrd Update (Karanbir Singh)
   4. CEBA-2009:1088  CentOS 5 x86_64 mkinitrd Update (Karanbir Singh)


--

Message: 1
Date: Sat, 20 Jun 2009 07:52:46 +
From: Karanbir Singh 
Subject: [CentOS-announce] CEEA-2009:1105  CentOS 5 x86_64 tzdata
Update
To: centos-annou...@centos.org
Message-ID: <20090620075246.ga20...@tantra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Enhancement Advisory 2009:1105 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2009-1105.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

x86_64:
9e98373b9a42c62c1659ebc236af7551  tzdata-2009i-2.el5.noarch.rpm

Source:
4a72766fdc26fba500e12dc3cb89fc34  tzdata-2009i-2.el5.src.rpm


-- 
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #cen...@irc.freenode.net



--

Message: 2
Date: Sat, 20 Jun 2009 07:52:46 +
From: Karanbir Singh 
Subject: [CentOS-announce] CEEA-2009:1105  CentOS 5 i386 tzdata Update
To: centos-annou...@centos.org
Message-ID: <20090620075246.ga20...@tantra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Enhancement Advisory 2009:1105 

Upstream details at : https://rhn.redhat.com/errata/RHEA-2009-1105.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

i386:
999bfac66f0f6dde579f51ec104a3965  tzdata-2009i-2.el5.noarch.rpm

Source:
4a72766fdc26fba500e12dc3cb89fc34  tzdata-2009i-2.el5.src.rpm


-- 
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #cen...@irc.freenode.net



--

Message: 3
Date: Sat, 20 Jun 2009 07:54:03 +
From: Karanbir Singh 
Subject: [CentOS-announce] CEBA-2009:1088  CentOS 5 i386 mkinitrd
Update
To: centos-annou...@centos.org
Message-ID: <20090620075403.ga20...@tantra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2009:1088 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2009-1088.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

i386:
92347deef4b462677adecd49f7ea0447  libbdevid-python-5.1.19.6-44.1.i386.rpm
9d25c1ba0d7dff59adfad6d24ef8ac6c  mkinitrd-5.1.19.6-44.1.i386.rpm
0268fe5b34886e730ddeda380d10aecd  mkinitrd-devel-5.1.19.6-44.1.i386.rpm
1a5a390b5931112e080961694e02a7c3  nash-5.1.19.6-44.1.i386.rpm

Source:
3290177a8290d3a6a47afa601b2a7404  mkinitrd-5.1.19.6-44.1.src.rpm


-- 
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #cen...@irc.freenode.net



--

Message: 4
Date: Sat, 20 Jun 2009 07:54:03 +
From: Karanbir Singh 
Subject: [CentOS-announce] CEBA-2009:1088  CentOS 5 x86_64 mkinitrd
Update
To: centos-annou...@centos.org
Message-ID: <20090620075403.ga20...@tantra.karan.org>
Content-Type: text/plain; charset=us-ascii


CentOS Errata and Bugfix Advisory 2009:1088 

Upstream details at : https://rhn.redhat.com/errata/RHBA-2009-1088.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( md5sum Filename ) 

x86_64:
ad97a9b68f62b35fd7e6f77ef05650e9  libbdevid-python-5.1.19.6-44.1.x86_64.rpm
f346c56dac3b271704e042db9c6d8566  mkinitrd-5.1.19.6-44.1.i386.rpm
033858b84b3e3e04d84b0fd9c93c3e10  mkinitrd-5.1.19.6-44.1.x86_64.rpm
d1eefb5825645e46e551a3a757dd8669  mkinitrd-devel-5.1.19.6-44.1.i386.rpm
6e303586fe2f13cead676c68e5ab8212  mkinitrd-devel-5.1.19.6-44.1.x86_64.rpm
a27373ce11f61e3e9af69a11cfd43b03  nash-5.1.19.6-44.1.x86_64.rpm

Source:
3290177a8290d3a6a47afa601b2a7404  mkinitrd-5.1.19.6-44.1.src.rpm


-- 
Karanbir Singh
CentOS Project { http://www.centos.org/ }
irc: z00dax, #cen...@irc.freenode.net



--

___
CentOS-announce mailing list
centos-annou...@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce


End of CentOS-announce Digest, Vol 52, Issue 11
***
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman

Re: [CentOS] card reader not responding

[fred smith]

On Sat, Jun 20, 2009 at 07:03:02AM -0700, nate wrote:
> Michael Klinosky wrote:
> 
> > So, one problem seems to be that I'm unfamiliar with modprobe; what's
> > wrong? Do I need to install something?
> 
> In my experience at least many card readers that are integrated
> into laptops have compatibility issues with linux. It may be
> possible to get them working but often it is more difficult than
> it's worth and your better off with an external USB reader.
> 
> In this case the FATAL messages mean the drivers aren't there.
> CentOS isn't really made to be a desktop OS, though it certainly
> can be used as one. The downside is that it's drivers are often
> much older or not available compared to systems like Ubuntu and
> Fedora. Though in general CentOS should be more stable, in part
> because it does not have those types of drivers, it'll get them
> when they are (hopefully) really solid and tested.
> 
> You can try to find the drivers yourself and compile them from
> source but I think for you is probably more trouble than it's
> worth given my impression of your linux experience. I suggest
> just getting a compact USB SD card reader.
> 
> Some phones like my Sanyo can present themselves as USB storage
> to a computer as well when connected. I'm not sure if your phone
> can, if so that could be another option.
> 

Or a cheap ($20 or thereabouts) usb memory card reader.

-- 
 Fred Smith -- fre...@fcshome.stoneham.ma.us  
Do you not know? Have you not heard? 
The LORD is the everlasting God, the Creator of the ends of the earth. 
  He will not grow tired or weary, and his understanding no one can fathom.
- Isaiah 40:28 (niv) -


pgpmiCUbAXelk.pgp
Description: PGP signature
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] card reader not responding

[Michael Klinosky]

nate wrote:
> You can try to find the drivers yourself and compile them from
> source but I think for you is probably more trouble than it's
> worth given my impression of your linux experience.

Ok - the curious / adventurous part of me wants to know if that's all 
I'd have to do. Not that I'm considering it ... well, maybe, down the 
road a ways.

> Some phones like my Sanyo can present themselves as USB storage
> to a computer as well when connected. I'm not sure if your phone
> can, if so that could be another option.

I'd need a cable to go that route.

Actually, using that card with the laptop isn't a requirement - just 
figured it'd be nice. Anyway, I have a tower with an everything-card 
reader, which (I believe) is USB. I just have to put the machine into 
service.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] usb issue on my motherboard

[Jerry Geis]

I have found this http://bugzilla.kernel.org/show_bug.cgi?id=10913

I am running that motherboard with 2.6.18-128.1.10 x86_64
and I have the USB issues. I dont really want to use a later kernel
for a couple reasons one being the ATI Catalyst drivers dont work on 
later kernels (I tried on another machine).

Is there a way to take 2.6.30 (just since its the current 
version)usb/host directory
and compile it as a module for the 2.6.18-128.1.10 kernel and just 
replace the ehci_hcd driver?

I extraced the 2.6.30 kernel,
and was hoping to just cd drivers/usb/host and make. It says no tarkets 
found.

How can I do that?

THanks, I just want to compile the module.

Jerry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Yum Repo that has xcache

[luc...@lastdot.org]

On Fri, Jun 19, 2009 at 4:55 PM,  wrote:
> James Matthews wrote:
>> Hi,
>>
>> I am wondering where I can get a repo that has xcache. (Or if anyone has
>> any tips on a PHP optimizer)
>
> How about
> http://www.jasonlitka.com/yum-repository/
> Looks to have XCache 1.2.2
>
>
> --
> Andrew
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

That repo is unmaintained. Don't use it.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Postfix question: How to reject email with a certain subject header

[Gilbert Sebenste]

On Wed, 17 Jun 2009, John R Pierce wrote:

> nate wrote:
>> Gilbert Sebenste wrote:
>>
>>> Hello everyone,
>>>
>>> Occasionally I get emails which have a subject header of "Rejected posting
>>> to Blah", from a listserv I am on. Without going into a 10 page diatribe
>>> of why, I'd like to reject these automatically, sending them to /dev/null.
>>> I used to run Sendmail and that was pretty easy to do. How can I do this
>>> under Postfix under CentOS 5.3?
>>>
>>
>> Do you want to reject them or eat them and send them to /dev/null ?
>>
>> If you want to reject them something like this would work:
>>
>> header_checks = regexp:/etc/postfix/regexp_table
>>
>> and in /etc/postfix/regexp_table something like:
>> /^Subject: This is the subject I want to reject REJECT 554
>> Custom rejection message
>>
>
> The problem with that approach is that its global to the server.I
> dislike putting filtering rules like that in the system, and prefer to
> do them on a per user basis, hence my postmailrc suggestion (except I
> don't know if CentOS uses postmail as the delivery agent for postfix)

Hey Filipe, John, Michael,

Thanks for your help on this. I do want a global rejection in this case, 
so this works out well. Thanks so much everyone!!!

Gilbert

***
Gilbert Sebenste 
(My opinions only!)  **
***
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] More then one version of KDE

[Lanny Marcus]

On Fri, Jun 19, 2009 at 7:20 PM, Robert Spangler wrote:

> Is it possible to have more then one version of KDE installed and switch
> between them?  I'd like to try out the new KDE but don't want to lose what
> I
> have now.  Thnx


Maybe  try it, using VMWare or Virtual Box, so you do not destroy your
current installation.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ssh security

[fabian]

>
>
>> > [Normal log stuff from dictionary attack deleted...]
>>
>> This is common, and, presuming you have good passwords or only
>> accept authorized_keys, not a real problem other than large log
>> files.
>>
>> Look at fail2ban for a method that will automatically add
>> iptables blocks when this occurs.
>>
>
> yes fail2ban is very useful. but also good to change to a non standard
> port.
>
>
Thanks guys,

The problem was solved after using a non standard port for ssh.
but wht was confusing was that the secure logs of my mail server was
showing ssh logs
i passwordless login since backuppc needs it but using authorized keys

but wonder how it was gettin through my firewall

but also if i had to ssh from the outside network i could see the firewall
droppin my ssh request

quite confusing

any for about 24 hrs i dont hav any ssh messages in my mail server secure
logs


regrads


simon

>
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] ssh security

[Frank Cox]

On Sun, 21 Jun 2009 00:17:30 +0300 (AST)
fabian wrote:

> The problem was solved after using a non standard port for ssh.

You haven't solved the problem, because you haven't solved this problem:

> but wonder how it was gettin through my firewall

You should be finding this out.  Traffic of unknown origin is a bad thing.

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] card reader not responding

[nate]

Michael Klinosky wrote:
> nate wrote:
>> You can try to find the drivers yourself and compile them from
>> source but I think for you is probably more trouble than it's
>> worth given my impression of your linux experience.
>
> Ok - the curious / adventurous part of me wants to know if that's all
> I'd have to do. Not that I'm considering it ... well, maybe, down the
> road a ways.

Really depends on the driver, it could be a really simple process
but if the driver is integrated into the kernel then you either
would have to upgrade the kernel manually to that version with the
driver or try to bring the driver back into your kernel version which
often times isn't trivial. I've been using linux since about 1995 and
I wouldn't even try that these days.

If the driver was available as a standalone tarball/source code it
can't hurt to try to build it on your current kernel, but finding
it could be tricky. Unlike video drivers, or network drivers, USB
storage drivers don't seem too often to be made available as
standalone packages for linux in my experience.

nate


___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] card reader not responding

[Akemi Yagi]

On Sat, Jun 20, 2009 at 6:51 AM, Michael Klinosky wrote:
> I saved pictures on an SD card with my Nokia phone (1 GB). Now, I'm
> trying to use the card on my Acer Aspire 3680 (laptop) running 5.3 and
> gnome.
>
> Popping the card in (until it clicks) evokes nothing from the system log
> or dmesg, and I don't see anything relevant in /dev. (What is the device
> for this?)
>
> lspci has this entry:
> 0a:09.2 Mass storage controller: Texas Instruments 5-in-1 Multimedia
> Card Reader (SD/MMC/MS/MS PRO/xD)
>
> I couldn't find anything in Cent's wiki (searching for "card reader"),
> so I tired Google's linux SE, and found this:
> http://bbs.archlinux.org/viewtopic.php?id=64974

You might want to try the kernel drivers Alan Bartlett built about
half an hour ago and released from the ELRepo site ( http://elrepo.org
).  The details are in this CentOS forum thread:

http://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=14578&forum=39

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] card reader not responding

[Michael Klinosky]

Akemi Yagi wrote:
> You might want to try the kernel drivers Alan Bartlett built about
> half an hour ago and released from the ELRepo site ( http://elrepo.org
> ).  The details are in this CentOS forum thread:
> 
> http://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=14578&forum=39

Well, judging from that thread, I'm not sure it'll help. It seems that 
it's SDHC (mine is basic SD - would it work?) and 64 bit (I'm still 32 bit).

But, I'll check out the offerings.

And, you reminded me of another resource - forums! (I never used them.)

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] card reader not responding

[Akemi Yagi]

On Sat, Jun 20, 2009 at 4:55 PM, Michael Klinosky  wrote:
>
> Akemi Yagi wrote:
> > You might want to try the kernel drivers Alan Bartlett built about
> > half an hour ago and released from the ELRepo site ( http://elrepo.org
> > ).  The details are in this CentOS forum thread:
> >
> > http://www.centos.org/modules/newbb/viewtopic.php?viewmode=flat&topic_id=14578&forum=39
>
> Well, judging from that thread, I'm not sure it'll help. It seems that
> it's SDHC (mine is basic SD - would it work?) and 64 bit (I'm still 32 bit).
>
> But, I'll check out the offerings.

You can check to see if the driver works for your hardware.  Run the
lspci command (hint: -n option) and find the device ID.  Compare it
against the following info provided by Alan:

sdhci.ko

pci:v*d*sv*sd*bc08sc05i*
pci:v104Cd8034sv*sd*bc*sc*i*
pci:v1180d0822sv*sd*bc*sc*i*
pci:v1180d0822sv1014sd*bc*sc*i*

wbsd.ko

pnp:dWEC0518*
pnp:dWEC0517*

This will eventually be added to the DeviceID list at
http://elrepo.org/tiki/DeviceIDs .  An example of lspci is found at
http://elrepo.org/tiki/FAQ .

Akemi
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

[CentOS] Program to ban sniffers

[Bob Hoffman]

So I have been reading the ssh attack thread and finally want to ask about
something.

I doubt there is a program like this, but I would love to have a program
that listens at common ports that I do not use at all...and only allow that
program to listen to it, especially the usual ssh port (using a different
one for real ssh)...

That program would then, upon receiving a 'sniff' or 'user' would then add
that ip to the deny hosts lists..for either a long or short time.

Using this would seem like a win as you can easily grab someone before they
can get somewhere one hopes.
Also, by opening up a few other ports that are unusual like 8561well, if
someone sniffs that it could be a 3 day ban or a month...

In other words, anyone hitting those ports that are not being used at all
except by our sniff protector, would allow instant banning.

So...does something like this exist?

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Program to ban sniffers

[Frank Cox]

On Sat, 20 Jun 2009 20:35:00 -0400
Bob Hoffman wrote:

> So...does something like this exist?

fail2ban

-- 
MELVILLE THEATRE ~ Melville Sask ~ http://www.melvilletheatre.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Program to ban sniffers

[Joseph L. Casale]

>In other words, anyone hitting those ports that are not being used at all
>except by our sniff protector, would allow instant banning.
>
>So...does something like this exist?

I don't know of a program that specifically listens to defined ports and
acts on that, but fail2ban would accomplish the end result adequately.

jlc
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Program to ban sniffers

[James Matthews]

However if you are referring to packet sniffers there is no solid way of
blocking them.

On Sun, Jun 21, 2009 at 3:49 AM, Joseph L. Casale  wrote:

> >In other words, anyone hitting those ports that are not being used at all
> >except by our sniff protector, would allow instant banning.
> >
> >So...does something like this exist?
>
> I don't know of a program that specifically listens to defined ports and
> acts on that, but fail2ban would accomplish the end result adequately.
>
> jlc
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>



-- 
http://www.jewelerslounge.com
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Program to ban sniffers

[Joseph L. Casale]

>However if you are referring to packet sniffers there is no solid way of 
>blocking them.

How exactly would I sniff the packets from say my work computer between
someone's home computer and work server?
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Program to ban sniffers

[Jacques B.]

On Sat, Jun 20, 2009 at 10:38 PM, Joseph L.
Casale wrote:
>>However if you are referring to packet sniffers there is no solid way of 
>>blocking them.
>
> How exactly would I sniff the packets from say my work computer between
> someone's home computer and work server?
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

Very carefully... as it sounds like you'd be potentially crossing
legal/ethical lines...  Why would you sniff from your "home" computer?
 If you are the sysadmin, then you sniff from the server and from home
you could ssh to your server to check logs of course.

On a more technical note, you have to be on the same subnet of either
the point of origin or the destination machine.  In other words at one
of the two choke points.  That is short of having some tool installed
on the other person's home computer which again crosses that line.
You obviously can't be at the home user's choke point because what
lawful authority would you have to be sniffing on that subnet owned by
his ISP?

Jacques B.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Program to ban sniffers

[Jacques B.]

On Sat, Jun 20, 2009 at 8:35 PM, Bob Hoffman wrote:
> So I have been reading the ssh attack thread and finally want to ask about
> something.
>
> I doubt there is a program like this, but I would love to have a program
> that listens at common ports that I do not use at all...and only allow that
> program to listen to it, especially the usual ssh port (using a different
> one for real ssh)...
>
> That program would then, upon receiving a 'sniff' or 'user' would then add
> that ip to the deny hosts lists..for either a long or short time.
>
> Using this would seem like a win as you can easily grab someone before they
> can get somewhere one hopes.
> Also, by opening up a few other ports that are unusual like 8561well, if
> someone sniffs that it could be a 3 day ban or a month...
>
> In other words, anyone hitting those ports that are not being used at all
> except by our sniff protector, would allow instant banning.
>
> So...does something like this exist?
>
> ___
> CentOS mailing list
> CentOS@centos.org
> http://lists.centos.org/mailman/listinfo/centos
>

A simple bash script run from a cronjob that looks for entries in
/etc/secure for traffic to those ports and then parses out the IP and
adds it to your host.deny might work.  But if you are looking to set a
date/time when it would expire, you could probably achieve this
through a comment at the end of the entry containing the expiry date
which your bash script would scan with a simple sed command looking
for any lines with an expiry date matching the system's current date
and removing those lines.

fail2ban was also suggested by a few and I believe that was one I
played with briefly a few years back and it worked but I wasn't using
it in the scenario you describe but rather simply scanning for
multiple failed ssh login attempts (not sure if it was looking for
failed ssh login attempts, or "Failed" attempts period regardless the
port being targeted) that resulted in a host.deny entry.  But of
course you can potentially lock yourself out (been there, done that)
which is a p.i.t.a.  You either have to wait until next day at the
office to remove your ban, or try and get another IP from your ISP via
disconnecting and reconnecting to your ISP.

Jacques B.
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Program to ban sniffers

[Linux Advocate]

> 
> That program would then, upon receiving a 'sniff' or 'user' would then add
> that ip to the deny hosts lists..for either a long or short time.
> 
> Using this would seem like a win as you can easily grab someone before they
> can get somewhere one hopes.
> Also, by opening up a few other ports that are unusual like 8561well, if
> someone sniffs that it could be a 3 day ban or a month...
> 
> In other words, anyone hitting those ports that are not being used at all
> except by our sniff protector, would allow instant banning.
> 
> So...does something like this exist?

fail2ban... near enough a fit...



  
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Program to ban sniffers

[Barry Brimer]

> I doubt there is a program like this, but I would love to have a program
> that listens at common ports that I do not use at all...and only allow that
> program to listen to it, especially the usual ssh port (using a different
> one for real ssh)...
>
> That program would then, upon receiving a 'sniff' or 'user' would then add
> that ip to the deny hosts lists..for either a long or short time.

Many years ago I used portsentry for this.  You can find an article about 
portsentry at 

Barry
___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos

Re: [CentOS] Program to ban sniffers

[Joseph L. Casale]

>Very carefully...

Lol, you missed the point. It's impossible. I was bluntly suggesting the
reply was not applicable nor on topic to the op's post. Port scanning
and packet sniffing have nothing to do with each other...

___
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos