Re: routing routable IPs over non-routable IPs
At 07:27 AM 5/21/01 +0200, Robert Waldner wrote: >On Mon, 21 May 2001 13:46:14 +1000, Jeremy Lunn writes: >>I know this isn't Debian specific. But I'm just wondering if it's fine >>to route routable IP addresses over non-routable IP addresess. > >Yes, although many would consider it bad practice (I am an example), > because you´ll face trouble when you have to debug something, and have > non-routable IPs on some path. We should probably clarify "non-routable" by saying "non-publicly routable". Routers have no concept of restricted ip ranges other than what is programed into them. As long as you are debugging from a place that "knows about" your private ip's, there shouldn't be a problem. At GE we cross privates to go from public to public all the time. ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: routing routable IPs over non-routable IPs
At 08:00 AM 5/22/01 +0200, Robert Waldner wrote: > >On Tue, 22 May 2001 01:26:56 EDT, Chris Wagner writes: >>We should probably clarify "non-routable" by saying "non-publicly routable". > >Well, we could also say RFC1918, couldn´t we ;-? LOL >- DNS, you´ll have to set up split DNS for your RFC1918- and external > IPs I consider that to be good sense from a security standpoint regardless. >- in Real Life, you sometimes _will_ have to debug from the outside of > your network >- in Real Life, someone else _will_ debug from the outside (and quite > probably complain about the RFC1918-IPs or simply be fed up) Hehe, yeah I receive complaints from those people from time to time. :D But it's a moot point since the firewalls filter anything useful... ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: routing routable IPs over non-routable IPs
While we're on this subject, does anyone know what IANA plans to do with the vast number of "reserved" ip ranges. There are atleast 75 reserved class A ranges that I don't know what they're reserved for. People are claiming we're running out of ip addresses but as far as I can see there's more than enough left for decades to come. At 09:28 PM 6/1/01 +0200, Marc Haber wrote: >On Tue, 22 May 2001 08:00:01 +0200, Robert Waldner ><[EMAIL PROTECTED]> wrote: >>On Tue, 22 May 2001 01:26:56 EDT, Chris Wagner writes: >>>We should probably clarify "non-routable" by saying "non-publicly routable". >> >>Well, we could also say RFC1918, couldn´t we ;-? > >I prefer to say "site local" which is both almost accurate and terse. >This is not offical terminology, but there is an RFC that calls the >"169.254.0.0/16" "link local", so "site local" seems fine. > >Greetings >Marc > ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Ping - what the hell ?
I'm sorry, but ROFLMAO!!! At 05:18 PM 6/3/01 +0200, Przemyslaw Wegrzyn wrote: > > >On Sat, 2 Jun 2001, Craig Sanders wrote: > >> On Wed, May 30, 2001 at 09:41:54PM +0200, Przemyslaw Wegrzyn wrote: >> > Anyway, my problem seems to be hardware: >> > >> > czajnik@earth:~$ more /proc/misc >> > Segmentation fault >> > czajnik@earth:~$ >> >> some possible causes: >> >> 1. bad memory - most likely. >> >> 2. bad swap partition (or bad disk controller causing the swap partition to >> not work) >> >> 3. other bad hardware >> >> 4. bad libc6 or other library - not very likely. >> > >It' solved, there were 2 reasons. > Core dumps - hmmm, our admin borken the kernel by incorrectly patching >it. > Ping times - some stupid guy inserted two different CPUs PII 400 and 450. > It's a miracle it was working all together... > >-=Czaj-nick=- > > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
AT&T public router
A while back, AT&T had a publicly accessible router for doing route lookups and stuff like that. It supposedly knew about the whole world. The special thing about this router was that you didn't need a user name or password to log on with. It just gave you the IOS prompt. I haven't been on this router for a long time and I can't remember the exact name of it. It was something like ip-router.att.net or route.world.att.net. Does anybody remember this thing and have the host name? Thanks. ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: AT&T public router
Revisiting traceroute.org, I see that they have a whole list of route servers. :) At 01:09 PM 6/27/01 +0200, Russell Coker wrote: >Here's a machine that used to provide such a service, not sure if it >still does: > >route-views.oregon-ix.net ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: users bypassing shaper limitation
My first choice is also what the other Chris said, use a large LART on the offending [computer|user]. You can use smart switches to base the ip on pre-authorized MAC addresses. That way you are effectivly shaping based on MAC address. But in true hacker form, even that can be overcome. Some (most?) NIC's can have their MAC addresses set by software. So all some crafty luser has to do is change MAC addresses. The only sure fire way is to hard code the MAC and ip address into each port on a smart switch. That way even if they swap ethernet cables they won't be able to bypass the shaper, unless of course they know what MAC address the absconded cable goes with. :) At 12:07 PM 6/30/01 +0100, Karl E. Jorgensen wrote: >On Sat, Jun 30, 2001 at 06:23:19AM +0200, Maurice Verhagen wrote: >> >> On Fri, 29 Jun 2001, anon wrote: >> >> > my problem is that some local users are changing their own local ip numbers >> > (like, 192.168.1.40 to 192.168.1.50) then bypassing the Traffic shaper >> > bandwidth limitation. (that was set on 192.168.1.40) >> > >> > anyone know how can i prevent this ? >> >> This first that pops into mind is use DHCP and give a IP-lease to the >> machines in your local network based on the NIC's Mac address. I >> guess the only way out for the "bad guys" is to swap the NICs from another >> machine to get the same effect as changing the IPs now. > >Nope. DHCP does not prevent people from changing their IP >addresses, it merely makes it marginally more difficult. >Besides, the bad guys may choose not to use DHCP - this is >entirely up to the config on the client machines. ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: users bypassing shaper limitation
One possible way to defeat this would be to use those metal "security chains" that they use to keep people from carrying off computers. Use a very short one, about 2" long. Affix one side to the computer case, and the other to the ethernet cable. Now, even this can be overcome if the crafty hacker should bring an extension cable with them. But there is still one method that will prevent anyone from stealing cable ports. Enclose the CPU case in an outer steel case. That way the cable head isn't accessible to anyone, hence, they can't unplug it. The only way to defeat that lockup is to physically cut the cable and attach a new jack head. But if you need that kind of security, you're in sad shape. :) Do they make steel braided ethernet cables? :P At 03:07 PM 7/3/01 +0200, Holger Lubitz wrote: >Jeff S Wheeler proclaimed: >> cards around. If I do not, they will grumble and/or disable the ethernet >> ports that unknown MAC addresses appear on. In some areas (e.g. student >> labs) they do that automatically so kids can't just bring their laptop in >> and hop on napster at 100Mbit. > >Easy. Disconnect any machine, set your MAC/IP-addresses to its >addresses, connect your laptop. >Don't know its addresses? Just sniff around on the port for a while, but >make sure you keep quiet. ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Power down
That is a function of the bios. Some support it, some don't. Either your bios's don't support it (my suspicion) or shutdown isn't sending the signal. 'man shutdown' might have some useful insight. I'ld also call the motherboard manufacturer to make sure they support self power off. Also check the bios config to see if it's there and/or enabled. At 07:22 PM 7/6/01 -1000, D wrote: >Please excuse the simple question, but it's something that's been bothering me. I've been running various debian machines as servers for quite some time now. The problem started when I got two new servers. All of the other machines (excluding the two new ones) were on the older side ( <= P2 ). The problem is that when I shut down the servers.. they don't turn off. It's particularly irritating to me because all of my servers run headless. With my older machines, I never gave a second thought to the shut down process as they'd always turn themselves off as soon they finished wrapping things up. The new ones just halt and stay on. To make things even worse.. the hard drives in the new machines are so quiet I can't tell if they've finished everything. >Anyway, does this have something to do with newer power management stuff in the bios? Something changed in the debian configs? All i'd like is for the servers to turn themselves off at system halt like my old servers do. > >Thanks for your time ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Maybe... "off topic".
I know that One Net makes Linux based firewalls. Called "Incinerator". They're at www.one.net. At 08:32 AM 7/12/01 +0200, TooManySecrets wrote: >Hi. > >Excuse me this off topic, but my boss want (only for political budgets) >prices of commercial hardware firewall's. I only use Linux for make this, and >I don't know (except "infamous" Cisco :)) any solution with these >requeriments. > >Anybody can help me, please? > >I will apologize about my bad english... sorry... :( > >Have a nice day ;-) >TooManySecrets > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Host my own box as my own ISP?
I think you're on the wrong list. This list is for the discussion of the Debian distribution of Linux for ISP's. Why are you running super expensive Windows 2000 when you could be using the much more flexible and robust, not to mention FREE, Debian? If you could tell us what you're trying to do we can give you some advice on how to do it with Linux. At 01:05 PM 8/14/01 -0700, etalent wrote: >How do I set up/configure Windows 2000 Advanced server as ISP host on >my own box, which is a Compaq 7495 with Windows 2000 Advanced server. >My 'net connection is Bellsouth USB DSL. -Thanks > > ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: sniffer
Larry, that's a good solution but it was a little cryptic on the explanation. Let me expound some for Ann's benefit. Ann, what we're talking about is using the console on the router to do all administration, and *never* telneting to it. But physically going to all the routers and setting up a laptop is a little cumbersome. The solution is to essentially set up a totally independent serial network for the administration of the routers and switches. A serial cable is run from the console port on the router back to a central, and *heavily secured*, server. The server has to have atleast as many serial ports as you have routers so you might need to buy a serial card, like Cyclades or Comtrol or something. Comtrol supports 128 serial ports per box, last time I checked. With all this hooked up, each tty on the server corresponds to a specific router. Now just fire up your favorite terminal emulator and you can open a serial connection to any router you want. And since you're ssh'ed into the server, no one can see what you're doing or steal passwords. If you want it even more secure, don't put the server on the network at all. If this server is in a convenient location you can just walk over to it and log on it's console for the ultimate in unsniffable security! There is another option that Cisco and some switches support call AAA (triple-A) authentication. I forget what it stands fore but basically your off loading the authentication from the router to a remote server called an ACE server. That stands for Access Control & Encryption. It's made by a company called Security Dynamics (recently acquired by RSA). To access something protected by AAA auth you have to have a physical card that generates auth tokens. To log in you type in the token from the card plus a PIN. The router sends this information back to the ACE server and if it's valid lets you access the resource. This method is extremely secure because there's essentially no fixed password to steal! Even if someone sniffs your PIN they still can't get in because they don't have the card. If they steal the card it's useless without your secret PIN! Combine AAA with ssh and you have a nearly impregnable line of security. At 02:21 PM 8/14/01 -0400, Larry Morrow wrote: >Just my $02. AND how we do it. > >Connect a serial cable to the console port of your routers./switches and then >ssh into your debian server and use minicom. > >Larry > >At 11:05 AM 8/14/2001 -0700, ann kok wrote: >>Dear all >> >>I learnt that sniffer program can steal password >>and secure shell can prevent it >> >>But how do I do it in Cisco router? >>and >>Do I have any methods to prevent the sniffer program >>to my router and servers? >> >>TIA >> >>Cheers > ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Anyone know what this file is?
I found a reference to it in a zsh changelog. It appears to be a C directive but as to why it's showing up in weblogs... maybe bad code? :) Here's the URL: http://www.bme.jhu.edu/resources/whitaker/doc/zsh-doc-3.1.6dev22/Documentati on/ChangeLog And the excerpt: 2000-01-19 Peter Stephenson <[EMAIL PROTECTED]> * Sven: 9373: Src/Modules/parameter.c: missing keys with special parameters. * Sven: 9371: Completion/Core/_files, Completion/Core/_path_files, Doc/Zsh/compsys.yo: file-patterns style for overriding choices for file completion built into completion functions. * Sven: 9370: Src/text.c: missing tstack initialisation. * pws: 9367: Src/cond.c, Src/parse.c, Test/04redirect.ztst, Test/07cond.ztst: fixes for 9332: `[' tests didn't work, skipping conditions with `&&' and `||' didn't work, always use WC_END marker to terminate code. * Tanaka Akira: 9360: Completion/User/_cvs: new -C option to cvs update, better descriptions. * Tanaka Akira: 9359: Completion/Debian/_apt, Completion/Base/_regex_arguments: argument handling for apt-cache. At 08:20 AM 8/19/01 -0400, Peter Billson wrote: >Hey all, > I am getting requests for a file named: > > __wc_end_ > >in my Web server logs. Anyone know what this file is? Code Red makes me >think this is another Windoze exploit that I am unaware of. > A search on google only returns a handful of results and they are all >server stats with this file being requested but not found. > ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP thro' firewall
The WS FTP thingy you're refering to is for going through proxies. Some folks just don't know the difference between firewalls and proxies. :) To do this just set up port forwarding on the firewall. Use ipchains or something and only allow ftp connections from your known boxes to pass through. Allow nothing from the jungle side. You should then be able to transparently connect to the outside world. At 12:58 PM 8/28/01 +, Martin WHEELER wrote: >Given a small local network, with nodes using a variety of OSes (Winx; >SuSE; Debian), and a firewall using Mandrake SNF, how does one FTP thro' >the firewall (safely) from one of the Debian (kernel 2.2.19) nodes? > >Or is this a complete no-no? > >Apparently the Win version of WS FTP has some sort of arrangement to >allow this -- I can't seem to find any documentation to allow it under >Debian 2.2r3+testing. > >Any help appreciated. >-- >Martin Wheeler -StarTEXT - Glastonbury - BA6 9PH - England >[EMAIL PROTECTED] http://www.startext.co.uk/ > > www.gateway.gov.uk -- the UK government's £18M Microsoft-only website > -- "all your government database are belong to us" -- Nice sig. :) Er, I mean Zig. ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: FTP thro' firewall
Are you also permitting the ftp-data port to go through? Ftp is 21, and I sorta forget the number for ftp-data. :) At 10:32 PM 8/28/01 +, Martin WHEELER wrote: >230 User logged in, access restrictions apply. >Remote system type is UNIX. >Using binary mode to transfer files. >ftp> pwd >257 "/u/x/x/x/" is current directory. >ftp> cd docs >250 CWD command successful. >ftp> ls >200 PORT command successful. >. . . . . >425 Can't build data connection: Operation timed out. >ftp> > >Huh? [snip] >ISP (UK's biggest) now claims that Un*x is not supported by them; and on >being upbraided at supporting only Evil Empire boxen, responded : "At >the end of the day, all things said and done, it is _the_ standard, >isn't it?". >Gawdelpus. ] LOL!, Ya, "the" standard. The standard for lamers who don't know what they're doing. Ever hear of the three monkeys? Hear no evil see no evil speak no evil. ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Suspect Web Server has been hacked :(
I think it's probably too late for that. The only way to be 100% about your "disinfected" system is to fdisk it and rebuild from scratch. You can save your config files and data files, if you're sure they too haven't been altered. But say somebody relaxed an obscure security setting in some config file that will make it easy for them to get right back in. The only sure fire way of detecting what was done is to use something like tripwire to take a snapshot of the system *before* it goes online again. Then save that snapshot off-system on write protected media. Like a floppy disk with the write protect tab set or a CD. Then do a nightly comparison of the system to the snapshot. But keep in mind that the comparison software itself can be hacked so it should run off-system too. Periodically do manual scans, because if you just have a cron job running to alert you to instrusion, somebody can just change the crontab to send you bogus "alls-well" status reports, when in fact the thing ain't even running!! At 09:34 AM 8/30/01 +0200, Craig wrote: >Hi debian fellas > >I need to know if there is any software for debian to >detect the presence of backdoors or rootkits. I suspect >that our old debian web server has been compromised. > >..Craig ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: connecting to an ISP which runs windoze NT
There are proprietary Microsoft login schemes that they might be using. I'ld call them up and ask. If you can't connect then they are not PPP compliant. If it's asking for any domain information that would be a tipoff. You can always try sniffing the login sequence. Try sniffing from both Linux and Windows. Also were you able to able to directly dial in with a terminal program and receive an IP address? Another possibility is that they have your account screwed up. At 05:09 PM 9/3/01 -0700, Paul Scott wrote: >Hi, > >I'm trying to connect to my ISP which runs on NT. I have tried several >configurations with pppconfig and verified a lot with minicom. > >I believe I have the correct combination of username and password since >other variations of username which include the ISP domain as suggested >by things I have read all give invalid username/password. > >The response I get with the logical choice of username and password give >me "Requested Service Denied." > >The default response to CONNECT is \d\c which I have tried as well as >CLIENT which was suggested by http://axion.physics.ubc.ca/ppp-linux.html > >I have tried both PAP and CHAP and static and dynamic DNS. > ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: rogue Chinese crawler
The best way would be to block it at your router with an access list. Blocking it at the box is ok too but that takes a little bit of your resources. And you have to do it on each box on your network you want protected. The router block will protect your entire network in one fell swoop and cost your boxes no resources. You can block just his ip address with a deny statement, or if he's scanning from multiple ip's you can chunk his whole network. But that ip (139.175.250.23) is under a huge Seed-net /16. You might end up blocking legitimate traffic. You can try to guess his local subnet mask and block that, like a /27 or something. On a related topic I've been receiving an enormous amount of spam coming through Asian mx's. Is there any effort underway to try and get these people to lock down their networks? We've got a bunch of rogue mailservers over there. At 05:32 PM 11/23/01 +, Martin WHEELER wrote: >Is anyone else having problems with the robot from > > openfind.com.tw > >-- an intrusive, irritating, hard-to-get-rid-of crawler that completely >paralyses my system *every day*? > >Despite what I put in any robots.txt, this one disregards all rules and >just jams up my system, downloading every damn' thing in sight. >Mails to the owners are totally disregarded. > >Anyone know of a sure-fire robot killer under woody? > >Who should this thing be reported to to get it stopped? PS, the first time around I accidently only sent this to debian-security. :) ---==--- ___/`< WTC 911 >`\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Partition Help
So right now everything is on the / partition? Then what you want to do is blow away that huge unused partition and make partitions for atleast /tmp /var /home. /usr if you want plus the swap. You need to size out how much room each of those dir trees is going to need. Then take the box offline and mount the new partitions to /mnt. e.g. /mnt/var. Edit /etc/mtab to mount the new partions at boot. Then move the old dirs under / to their new locations. e.g. mv /var /mnt/var. Then reboot. The box shouldn't know the difference. At 08:38 AM 9/10/01 -0500, Information wrote: >We noticed the other day that we only had about 200 meg of space left left >on the drive. We did a df and found we only had 950 meg of space on the / >partition. We have an extended that that is the rest of the drive with a >regular Linux partition and the swap at the end. Our problem is the box does >not see this. We need to have this space and are not sure how to proceed. >Can we: >A. remove the extended and swap partition and put new ones in with the >needed space applied to /usr -- /var -- and /home and add /swap and not >loose the clients we have? >B. If so can we do this from the command line or from Webmin? >C. Will we have to do this from a console into the machine? ---==--- ___/``\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LinkWalker
You should be able to tell if it cares about robots.txt by looking in the logs to see if it's downloading /robots.txt. If it is then something like: User-agent: LinkWalker Disallow: / will keep it off your site. If it doesn't, then iptables will keep it away. Robots info: http://www.global-positioning.com/robots_text_file/index.html The fact that it downloads binaries too makes me think it's a site sucker and not a legit spider. At 12:30 PM 12/23/01 -0800, Nick Jennings wrote: >On Sun, Dec 23, 2001 at 09:17:54PM +0100, Russell Coker wrote: >> >> I wasn't aware that there was any format to robots.txt, I thought that the >> mere presense of such a file would prevent robots from visiting. ---==--- ___/`< WTC 911 >`\___ 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: LinkWalker
Bwahahaha!! Man, that is low. Advertising to sysadmins through the access logs Sheesh. But now that you mention 7-24, I think I recognize that. I think they are a spam marketing outfit. At 02:31 PM 1/7/02 -0800, Nathan Strom wrote: >Personally, I think this is a rogue organization -- there was an entry >from this spider in our logs coming from a Seven24 IP with a HTTP >referrer of www.adultinterracialsexvideos.com/interracialsex/interracialgroupsexsen.html. >Needless to say, we do not run an adult web site and that referrer >site does NOT have a link to us. Likely Seven24 is trying to clutter >people's logs with references as a form of advertising. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: netscape o cosa ?
Purtroppo nè Netscape nè lo IE è molto stabile. Opera è Mozilla sono altri quei unici di che sappia. Potete spegnere sempre appena il Javascript. :) Forse il vostro sistema e instabile. At 07:37 PM 1/8/02 +0100, [EMAIL PROTECTED] wrote: >cosa usate voi per navigare in internet senza problemi ? (e non mi dite >lynx perche non supporta ne java ne tutte le altre cose !!!) > >io ho provato sia netscape che opera e con tutti e due ho problemi nella >magior parte dei siti che quindi mi tocca vederli con IE (soto W$) -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: xinetd /etc/host.deny ALL:PARANOID
Well, the rationale behind this is as you touched on, preventing spoofed address attacks. A paranoid lookup essentially verifies that the connecting system is a known legit host. In effect you're using your DNS system as another level of authentication. Say somebody wants to covertly log on or attack your system, so they give themselves a bogus ip. A paranoid lookup will stop that because there's no DNS entry. (I won't get into the mechanisms of these spoof type attacks) Now for connections originating from the internet this is little help since there are so many ways to spoof traffic/hack/attack/etc. What it can make a difference in is from traffic originating within your own network. Because that is a known entity and paranoid lookups should ALWAYS succeed. I don't know all the details of how it passes or fails you given RR DNS but it does something... At 01:29 AM 1/11/02 +0100, martin f krafft wrote: >yes, but *what* exactly does ALL:PARANOID prevent? establishing the >authenticity of the domain name is surel a good point, but that's for >finger/who/w and co. only because i don't even want to deal with/know >about a system administrator that parses logs based on domain names >rather than IPs... -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: xinetd /etc/host.deny ALL:PARANOID
At 10:01 PM 1/10/02 -0600, Nathan E Norman wrote: >Congratulations ... you just set up your DNS incorrectly. Every PTR >entry should resolve to a _unique_ name, and that name should resolve >to a _unique_ IP. That doesn't mean you can't have additional A >records doing load balancing. To give a POTS analogy, say you have 10 lines coming into your modem bank in a hunt group. That's when you have one number that scrolls over onto all 10 of the lines based on which ones are busy. However, all 10 of those lines have to have individual unique phone numbers even though they are reached through the common hunt group number. They all have unique phone number/circuit id pairs. >zone IN 3.2.1.in-addr.ARPA: > > 4 IN PTR host4.netblk1-2-3.madduck.net. > 4 IN PTR host5.netblk1-2-3.madduck.net. I assume you meant to write "5" there. ;) >zone IN netblk1-2-3.madduck.net: > > host4.netblk1-2-3.madduck.net. IN A 1.2.3.4 > host5.netblk1-2-3.madduck.net. IN A 1.2.3.5 > >zone IN madduck.net: > > mail.madduck.net. IN A 1.2.3.4 >IN A 1.2.3.5 > >Not all A records need PTR records. It never fails to amaze me how >many people don't understand this. This is sort of the function of canonical names. "Other" names for the IP besides the absolute name (or Loopback name in our parlance). But CNAME's are deprecated for other reasons. I personally never had any problems using them. >All the people who say "but I don't control the reverse for my IP(s)" >don't understand the issue ... it's up to the registered contact for >the block to make sure reverse resolution works. Of course that means >resolving to A records that the contact also controls. This is all >spelled out in the RFCs and best practice documents. It has been possible for some time now to allocate really really small IP blocks. I had a /27 allocated to me in ARIN once. I controlled my own reverse lookups that way. I don't know how small they will go though. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: xinetd /etc/host.deny ALL:PARANOID
At 04:22 AM 1/11/02 +0100, martin f krafft wrote: >a bogus IP won't even make it past OSI layer 4 on debian... rp_filter... There are ways of doing it such that the box has NO WAY of knowing that the traffic is spoofed. Granted, that is hard to do. Even paranoid lookups can be overcome. But it's just one more layer of defense and one more thing an attacker has to contend with. >interesting signature. serious or not? But of course. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: xinetd /etc/host.deny ALL:PARANOID
At 06:01 AM 1/11/02 +0100, martin f krafft wrote: >okay, why libwrap then? Once the network is compromised, it makes no difference what's on the box. If done properly, the compromised network is indistinguishable from the uncompromised network. That box is totally on it's own. :) >/29, although i've seen /30's. problem is that with that much of a >subnet, you are wasting a lot of IPs. the efficiency in terms of IP >usage for /30 is 50%!!! Come on... there are only 4 ip numbers in a /30!!! The only conceivable use for a /30 is as a point-to-point. /29 maybe for cable modem LANs... -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: SOME ITEMS THAT YOU MAY BE INTERESTED IN OR BE ABLE TO ADVISE ME ON
Actually, they would. Because the "e" in Re: is in lower case! :P At 05:14 PM 1/23/02 -0700, [EMAIL PROTECTED] wrote: >Of course, I just realized that anyone with that filter in place wouldn't be >receiving this mail B-) -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: new photos from my party!
FYI, no one bother decoding this, it's not a photo, actually a program/trojan. Malicious no doubt... At 10:24 PM 1/27/02 -0800, [EMAIL PROTECTED] wrote: >Hello! > >My party... It was absolutely amazing! >I have attached my web page with new photos! >If you can please make color prints of my photos. Thanks! > > >begin 666 www.myparty.yahoo.com >M35J0``,$__\``+@`0``` >M@`X?N@X`M`G-(;@!3,TA5&AI -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: byte counts differ
Never touched IIS, but you never know. If you uploaded the file in text mode, IIS could be translating the 's into 's. At 07:05 PM 3/14/02 -0700, Kevin wrote: >I'm uploading from Linux to an IIS FTP. After the file is sent, if I >check the byte count on the remote side and the byte count on the >local side they differ slightly. Anyone know why this is? -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: AVI stream
Sure, any media format can be streamed over Apache. The secret is the use of meta files. The "streaming" is a function accomplished by the client, not the server. All the so called streaming protocols out there are just glorified TCP/UDP data transfers with some bells and whistles thrown in. If you want something streamed into Media Player you just create a .asx metafile with it's contents pointing to the http location of the media. Media player automatically knows how to "pace" the download. Real Player works on the same principle. An example asx file: Boss's Speach Copyright Blah http://wherever.com/something.avi";> You mentioned copyright issues. It is impossible to keep someone from stealing *any* streamed content if they're determined. It wouldn't take much for someone to take apart your asx file and copy the URL into their browser and simply download it. One thing you can do is configure Apache to only serve the content if the browser id string matches the known media player browser types. This would prevent anyone from accessing the file from Netscape or IE or whatever. You'ld have to check your access logs to see what kind of id string it sends. One other thing to consider is that I think, but am not sure, that media player will keep a temp file of content received over http in the system temp directory. You'll have to test it to make sure. I think you can also embed "copyrighted material" tags in the file itself to tell media player that it can't be saved off. But like I said before, it is flat out impossible to safeguard streamed media from a true hacker. :) So all you will really be doing is keeping away the casual thief. That goes for Real Player too. So how many in your audience are going to think to look in %temp% for a copy of this?? At 11:29 AM 3/18/02 +0100, Michal Novotny wrote: >Hello! > >Is there a chance to stream avi/wma file from Debian box? > >For now I'm using RealServer for Linux, but (for clients) I need to add >support for Windows Media Player (standard player in MS Windows) :-( >I cannot use download, but stream. Copyright issues... > >Could anyone help me? -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT] Re: AVI stream
LOL dude! :) If u think I was calling anyone a thief u read something that I didn't type. The idea of what is thievery or allowed use rests solely in the mind of his customers. In this arena whatever *they* say goes. Forgive me if I used overly colloquial meanings of steal and thief. :) At 08:54 AM 3/19/02 +0100, Emile van Bergen wrote: >Hi, > >I really object to the idea that I am a "thief" if I want to view the >streamed content again, or show it to my wife, or if I want to convert >it to format Foo for display with player Bar which I happen to like a >lot. > -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: [OT] Re: AVI stream
At 09:29 AM 3/19/02 +0100, Emile van Bergen wrote: >> In this arena whatever *they* say goes. > >Not when we're talking about what's criminal and what's not. Yes, that's true, but is irrelevant for his situation. His web hosts are coming to him saying "we want X". Whatever X is, whether that's streaming video people can't copy, etc, he has to provide that or they walk. That's why discussions of rightness or wrongness in these situations is moot. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
lpr/samba
Hey guys. I've been trying to setup samba to be a print server to Windows clients. However I keep running into error messages and there doesn't seem to be any place in the documentation to find out what the various errors mean. I tried LPRng and CUPS but get basically the same thing. I've got samba showing the printers in network neighborhood. The only way I can get something out of the printer now is cat > /dev/lp0. :) Not even lpr works anymore. Does anybody know a good documentation/troubleshooting source? Poor documentation is still the one great bane of the Linux world. ;) Thanks. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: Extended find an replace SOS
Like do you want to replace something in the html files, or alter their names systematically somehow... At 02:33 PM 7/10/02 +0200, Craig wrote: >Hi Guys > >I need to do an extended find and replace for a few >.htm files spanning a couple of subdirectories to >change some things. > >Anyone have a quick command to achieve this ?> -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: call me
The "nomail" option was mentioned. I'm not familiar with that, could someone explain how to use it? I assume it means that you are still a member of the list but you are not in the redistibution list. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: call me
I never got a password when I signed up, which was years upon years ago. And what is the URL? Are we even running mailman?? At 07:34 AM 7/12/02 -0400, Joe Block wrote: >Go to the administration web page, enter your email address and the >password you got sent when you joined the list, and you can set a >variety of parameters about your subscription - whether you're in digest >mode, whether you get acknowledgements from mailman when it receives a >posting from you, and yes, whether that email address actually receives >list mail. -- REMEMBER THE WORLD TRADE CENTER ---=< WTC 911 >=-- 0100 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Re: INCREDIBLE EARNINGS $$$$$$$$$$$$$$$$$$
I instantly reported him to [EMAIL PROTECTED] His account should be deleted shortly. Mail with no stamp or return adress goes to the dead letter office where it is opened in an attempt to find out who sent it. It is then returned if possible, otherwise it goes to /dev/null. What you can do though is make the spammer's address the return address and send it to a bad to: address with no stamp. The post office will then attempt to return it to the spammers' address. I don't know of what use that would be in getting revenge on the spammers Unless they got thousands of letters. Better to sign them up for magazine subscriptions. At 02:05 PM 3/18/00 +0100, Russell Coker wrote: >What happens in the US to a parcel with no return address and no stamp? +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: how to chroot to /home/ an ssh acct
At 07:28 PM 3/19/00 -0800, t s a d i wrote: >only sees numeric user ids and gids and not the corresponding name. is >this because /etc/passwd,group was not found (bec of chrooted ftp to Yep. For him, /etc does not exist. Stick some symlinks of any critical files he would need in /home. /home/etc/passwd =-> /etc/paswwd etc... +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Identifying Unique Website Visitors
I am fairly certain that Analog can be trained to understand *any* log file format, including custom ones, like you proposed. I think Analog is the best or one of the best analyzers out there. The amount of customization and detail is amazing. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Webserver stats for customers
At 12:00 PM 3/29/00 +0200, [EMAIL PROTECTED] wrote: >Wich one do you recomend for use with apache and separate stats for each >domain ? Yeah, Analog is dreamy for stats. Very customizable. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Firewalling
I think firewalls are overrated. They only do anything if there are some *unsecured* computers on your network that need protection. It's better to just lock down every machine, that way you're also protected from internal attacks. Really, the only thing I think that justifies them is port blocking. Your router can already do ip based filtering. Now how do you decide what ports to block? It turns out you have to be a little facist about it. Because you're deciding for other people what ports they "should" be using and which ones they "shouldn't". Windows is an operating system that probably does need protection though. At 08:31 PM 3/29/00 -0700, Kevin wrote: >router, then to the servers. I'm curious what kind of effect having a >firewalled router will have on the dialup customers as well as certain >servers like a shell provider. Also what would I firewall from the router. >I don't want to really restrict any ports for end dialup users as I've had You can have your firewall restrict ports on a per ip basis. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Making Debian Recognize 256 Meg of Ram
LOL! Oh, like trying to write to a non-existent memory location? :) At 09:14 AM 4/6/00 +1000, Neale Banks wrote: >2) Don't ever tell Linux that it has more memory than is really present - >it may take time, but Bad Things (or possibly just one fatally Bad Thing) >*will* happen. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: System clock
At 12:31 AM 4/8/00 +1000, Doug Bean << Mr Bean's Internet >> wrote: >My timezone is set correctly. >I just need to sync UTC time with local time. Set your hardware clock to GMT. Then set your timezone to GMT. Your system will then be in a +000 offset. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: How do I add a second IP range to a network?
At 10:09 PM 4/7/00 -0600, elyograg wrote: >have to happen is whatever body gave you the address space would have to >actually create an entry in their server for each address - yes, 62 >entries, that delegates DNS for those addresses to your DNS server. Either Actually, your upstream provider can delegate the reverse DNS authority to you. They create an entry for you in ARIN (or wherever) and any reverse lookups will get funneled to your server. This is how I had it set up with my ISP. >that or they just have to provide the reverse DNS for you. Major pain right there. I think the original poster wanted to know how to make his box listen to two subnets on the same interface. Can you restate your question? And give us a little more information on what you're trying to do. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Email confirmation...
At 04:27 PM 4/5/00 +, [EMAIL PROTECTED] wrote: >Is there a program or a script which sends a info to the sender that the email was successfully downloaded from the server by the receiver? Hmm, I don't think so unless you can hack your POP server. You would have to modify it so it remembered who to email when a user downloaded or viewed a certain message. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Ethernet card recommendations?
Speaking of the SMC cards, I ran SMC EtherEZ's 10BaseT on ISA and got some weird behaviour from time to time. When I first set it up, things were great. Getting 7Mbps ftp transfers. But this began to decline and then finally flucuate. Before I turned off the network it was varying from 2-4Mbps. But if you want "serious" performance go with gigabit over fiber. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: System clock
At 10:50 AM 4/9/00 +1000, Doug Bean << Mr Bean's Internet >> wrote: >UTC) when I set to GMT or any other timezone except UTC. It sort of makes no >difference what happens I get exim sending >with the right time or the system is the right time and exim is out by 10. >If Exim is sending with the right time, Radius is then out by 10Hrs. It sounds like the problem is that Exim doesn't know what offset it's in. That is definatly an on-topic question for the Exim list. Once you get your system clock set to GMT, anything showing the wrong time is a problem with that particular piece of software. Do the Exim docs say anything about it? It "should" use the system time and timezone by default. But it sounds like Exim is assuming the system clock is local time and is then trying to convert back to GMT. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Ethernet card recommendations?
At 02:43 PM 4/8/00 -0400, LeighK wrote: >I don't know if you noticed this, but the transfer problems seemed to be >one-way, outgoing. Incoming transfers occured at the proper speed, but >outgoing was extremely slow. As far as I can remember, it was slow both ways. Uploading to server and downloading from server. I guess no more EtherEZ's for us. :) Unless a special new driver comes out for it. I was running the default driver, out-of-the-box from the install routine. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Strange message in logs
At 05:42 PM 4/10/00 +1000, Robert Ruzbacky wrote: >Apr 9 06:47:39 ns tcp-env[17281]: warning: /etc/hosts.allow, line 11: can't verify hostname: gethostbyname(114.trusted.net) failed >Apr 9 06:47:40 ns tcp-env[17281]: refused connect from 209.140.0.114 A lookup: can't get "114.trusted.net" host entry. PTR lookup: Official Name: 114.trusted.net IP Address: 209.140.0.114 The frontways and reverse DNS must agree. You must sync the DNS entries. >Is this because my hosts.deny file is set to ALL: PARANOID Yes. >Is there a way to "fix" this, as I am assuming that the machine that is denied access cannot >access my server to browse a web page or send e-mail. This message seems to crop up when someone tries to send email mainly. AFAIK, the hosts.* files only affect daemons run out of inetd, not stand-alones. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: FTP upload by email
Yeah, it's pretty much mandatory that the encoded file be encrypted and signed. I know of programs that will email files TO you. Never heard of one that YOU could email a file to. But I think it's definately feasible. A simple pipe to a script should do the trick. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: FTP upload by email
I should also add that there will have to be some kind of time sensitivity or other uniqueness test. Otherwise some malicious intermediary could intercept the message and save it for a while and then resubmit it into the mailstream. The destination would authenticate the message and old data would be posted to wherever. A way to guard against this would be to include time information in the encrypted portion of the file set. e.g. putting a serial number or time stamp in the file and having the script reject any material with an older serial number than the current version. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Strange message in logs
At 08:04 AM 4/12/00 +0200, Tamas TEVESZ wrote: > > AFAIK, the hosts.* files only affect daemons run out of inetd, not stand-alones. >not true. they are ued by any program which has libwrap support. But is that enabled by default? Or is modification required. I did some testing a while back and not every service rejected connections. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Server Motherboards with multiple PCI buses
At 06:24 PM 4/14/00 -0500, J. Currey wrote: >Well supporting gigabit Ethernet for one, and 4 100Mb sub networks >and logging. It would take an astonishing amount of traffic to max out the interfaces. I don't think a PC based system could handle a fraction of what you propose. I think you need to look to a non-Intel platform, like Alpha or something. >PCI bandwidth is about 132 MB/sec (32bit at 33MHz), and with 100MB/sec? taken I thought the PCI bus speed was the same as the CPU base speed (FSB). You're saying the PCI bus is fixed at 33MHz? >SCSI controllers to use the AGP slot (since AGP is really PCI @ 66MHZ >with a funny connector <- flame target) . There are SCSI raid adapters >that are using PCI 66MHZ. Maybe it's time for motherboards with multiple AGP's. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: ipaccounting
Try something with cron and tcpdump. There are numerous ip accounting programs out there. Look on the Debian package list. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: pop3 server....
At 10:10 AM 4/19/00 +0200, Christian Jannesson wrote: >Whats so speciall about cucipop? I use qpopper and i havent had any >trouble with it. It's more secure than other poppers. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
off topic
Hate to be off topic but I don't know where else to find this out. Can someone in Romania give me a translation for "alternau". Along with some semantics characterization? Thanks. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: using nsupdate to add a new zone?
If I had a zone file that big I'ld chop the domain up into subdomains to spread out the DNS work. Unless you're talking about hundreds of pages, a normal text editor should be fine. At 10:35 PM 5/3/00 +1000, Adam Cassar wrote: >How are isp's with large zone file entires managing their existing zones >(using nsupdate i presume) and adding new zones? +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: a question on "netstat"s output
At 01:12 AM 5/7/00 -0700, t s a d i wrote: >Active Internet connections (w/o servers) >Proto Recv-Q Send-Q Local Address Foreign Address State >tcp0 39595 bangus.myphilippine:www ME21-66.i-manila.c:1520 ESTABLISHED >tcp0201 bangus.myphilippine:www 210.23.110.23:1129 ESTABLISHED >tcp0 20091 bangus.myphilippine:www 203.177.21.243:1551 ESTABLISHED >tcp0 25491 bangus.myphilippine:www cisco8-s1.pacific:56495 ESTABLISHED The "local address" side shows your ip/FQDN:port and the "foreign address" side shows the remote side ip/FQDN:port. So in line 1, a connection is established between bangus's port www and ME21-66's port 1520. The www part is the system's translation of the port number to show what service is connected to the remote side. It can also show telnet, ftp, etc, or the actual port number. Try man netstat. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: "fake" packages
Just use "--force-depends". It overrides package dependancies. At 12:59 PM 5/7/00 -0600, elyograg wrote: >How hard is it to create "fake" packages? What I'm after is this: A >package that will "lie" to the system with a "provides: httpd" line or >"provides: mail-transport-agent" or something similar. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Seting a Gateway
It looks like all you want is just a Linux router. A gateway joins two or more disimilar networks, I believe. Like ethernet<->token ring or ATM<->FDDI. Check out the following packages : zebra ipchains There are other ones that I can't think of right now. :) I'm pretty sure there is a linux router How-To as well. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: can apache log to MySQL ?
At 11:36 AM 5/10/00 +0200, Dariush Pietrzak wrote: >btw, why do you choose mysql? it ain't free, it ain't any good >try Oracle, Sybase, PostgresSQl, >they are ok, and Postgres is free MySQL is faster and I believe easier. I doubt he would need transactions just to log Web stats. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: can apache log to MySQL ?
At 09:23 PM 5/11/00 +1000, Craig Sanders wrote: >it's faster for some things, but i find it really clumsy and difficult >to work with. postgres' psql is vastly superior to the mysql admin tool >- and from what i hear, psql is supposed to be even better in the new >version 7. I was only considering the application to web stats. For any kind of "real" database work I'ld say use Postgres. For elementary or trivial purposes, MySQL's speed makes it worth it. Especially for webstats. If you have even a moderately busy site, the log files can get enormous. In a piping situation, a slow database could even slow down the web server. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: strange .vbs "thing"
At 04:58 AM 5/13/00 +, [EMAIL PROTECTED] wrote: >computer but i tried to send a .jpg file to my friend recently >and i relised that it has a jpg.vbx extension. Anyone there knows what If you have any *.jpg.vbs files on your computer it means you HAVE been infected by the worm. Unless some yahoo came on your computer and renamed them to mess with you. >could happend to my files? they will not affect me because I d not run vb >on my machine. but... anyone knows what could cause it??? tomorrow If you have IE5 OR Win 98 you have vbs host. In order for the worm to spread you have to have Outlook, but not to just get infected. If you ran the attachment, you got infected. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: can apache log to MySQL ?
At 10:10 AM 5/12/00 +1000, Craig Sanders wrote: >i don't see how. apache just sends the log data out to the pipe, it >doesn't wait for the pipe program to commit the record to the database. >as far as delaying apache goes, it's probably less of a delay than >writing it to a text file. I see what you're saying. But a slow or messed up pipe can lead to lost log data. This is a situation where MySQL being faster would make it worth it. I think it would be safer to use that perl thingy to just write the data to a table as fast as possible and then let the database touch it only after the log file is closed. Hell, it might even be better to just set up a customlog that writes in table format. Lost data is bad. :) +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: can apache log to MySQL ?
At 07:24 PM 5/13/00 -0500, Nathan E Norman wrote: >So what happens when you're reading the requests database and Apache >wants to write more data? With MySQL, the table is locked and now you >just lost data. More often, you want to read data but the writer has >locked the table. I'd noticed this before but hadn't really thought >about the issue. That's all solved by a wonderful little tool called savelog. Your database proggy should not be allowed to touch the log file until it is closed and rotated out of production. Have a cron script using SQL parse the log file after it has been rotated. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: can apache log to MySQL ?
The "database" is the table of raw data and an index. Apache can be made to write its log file in the form of a table, via customlog. Why use a pipe for something that Apache can do nativly? Unless you want up to the second SQL-ified stats, just run savelog daily to rotate the logs. Now unleash SQL on the log files to parse and index the table of data. Only after this has been done is it "really" a database that you can use all kinds of neat tools on. Think of it as Analog on steroids and HGH. :) At 08:31 PM 5/13/00 -0500, Nathan E Norman wrote: >WHAT log file? The database table is the "log file" ... there's no >transferlog on disk in the form of a file. The object of the game (in >this thread anyway) is to get Apache to write directly to a database. >You can do that with mod_perl or by piping the log output to a perl >script that knows what to do. See Craig's sample script a few posts >back in this thread. > >I can't see why I'd want to load some old rotated log file into a database; >I'd rather just run analog on it at that point. However, I don't want >to have a few hundred log files for all my different virtual hosts. You can make Apache log everything to one log file. Even if you pipe directly into SQL format, you'ld still have all those logs unless you're piping (logging) to the same spot. Personally, I don't really trust piping with things of this magnitude. It's much safer to get the data on disk and THEN start playing with it. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: user server
At 05:21 PM 5/15/00 -0500, Wayne Sitton wrote: >the users can log in and access their ftp. Now what I can't seem to get >done is to get apache to recognize that /~username goes to >/home/username/html Change the USERDIR directive in http.conf to point to the new location. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: user server
At 03:44 PM 5/15/00 -0700, Jeremy C. Reed wrote: >My config has: >UserDir public_html It doesn't have to be public_html. It can be anything you want. Even /home/username, though I wouldn't suggest that. I used .www. (NCSA tradition :) >You should also have the mod_userdir in use. >You may have a line like this in your Apache configs: >LoadModule userdir_module /usr/lib/apache/1.3/mod_userdir.so What does mod_userdir give you? Don't tell me they actually put such a basic function in as a module! +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Debian vs Red Hat??? I need info.
At 07:29 PM 5/16/00 -0400, Jeremy Hansen wrote: >I'm a long time Red Hat user. Basically the company I'm working for is Sorry about that. :) >Dpkg vs RPM RPM is a piece of crap compared to dpkg, and now we have apt (advanced package tool). It's a handler for dpkg, but it's intelligent. The killer feature is its ability to do *recursive upgrades of your entire box* in order, with dependacies. I had to use rpm once and I really felt hobbled by it's lack of information. For a real world example [TM], rpm tells you what *files* a package depends on while dpkg tells you what *packages* a package depends on. The latter is incredibly more useful. Another example, say you want to upgrade a package, but the new version depends on newer versions of other packages and maybe even a new pacakge. Apt will find out what packages you need, install them in order, and then install the package you want. Let's see rpm do that. Debian even has a utility to install rpm packages! So any custom legacy red had packs you have you can carry over into Debian. >Customization of the distro Very easily. You can make .debs to your heart's content. >Autoinstall (Red Hat's kickstart) > This is also something fairly important. We need this as we do a > lot of mass installs. For mass installs, just make a standard issue CD, boot from that CD, and copy over the OS. Or you could even make a disk image and dd it onto the hard drive. That assumes you have the same hard drive in all the machines. You can turn a 20GB drive into a 10GB drive. :) But even if you have 4 or 5 different hard drives in your organization, using disk images will still save you tons of time. Thats what we do at GE, if somebody has a funky problem with their machine, we don't reinstall Windows and all the apps, we just reimage the hard disk. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Debian vs Red Hat??? I need info.
I have to disagree there. I've found Debian packs to be extremely up to date, atleast on the security end. And even on routine maintanance, the lag is not that bad. At 08:44 PM 5/16/00 -0700, David Lynn wrote: >I agree - dpkg and apt are great compared to rpm's. However, that's all >assuming that there are debian packages out there that are up to date >(which they're generally not). But this seems to be the only major >drawback I've found to Debian. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Debian vs Red Hat??? I need info.
The only real difference between stable and unstable is that unstable has up to date packages. The only thing stable has over unstable is the track history of "yeah all this stuff has worked together for a LONG time". At 12:16 AM 5/17/00 -0400, Will Lowe wrote: >Actually, unstable is usually pretty close to up-to-date. I know (of) >quite a few people who run unstable on their production boxes; they just >do a little bit of in-house testing first. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Debian vs Red Hat??? I need info.
Sorry, but I was so underwhelmed by rpm's capabilities and my reaction was so one sidedly negative that I can't describe it any other way. It is what I typed. At 02:55 PM 5/17/00 +0200, Wichert Akkerman wrote: >Previously Chris Wagner wrote: >> RPM is a piece of crap compared to dpkg, and now we have apt (advanced >> package tool). > >Can we please not be so negative about rpm? I'll agree that dpkg is >better (and of course I'm completely not biased here :), but rpm >is not a piece of crap. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: What tape drive & backup tool ?
I used a standard low cost IDE HP Travan tape drive using TR4 cartridges and it worked fine. Though every once and a while it would complain and I'ld have to take the tape out an put it back in. For non-insane applications this would be adequate. A simple tar script run out of cron kept me alive. At 10:24 AM 5/17/00 +, Eric Ravelomanantsoa wrote: >I'm about to set up a Dell 1300 server and I'm wondering what tape drive should >I buy for backup purpose. Suggestions from their e-commerce site are DAT 20/40 >with autoloader, DLT 4000 20/40 or DLT 7000 35/70. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Logging a POP3 session
At 02:11 AM 5/18/00 GMT, Daniel Quinlan wrote: > system: > Debian 2.1 > exim 2.05-2 > qpopper 2.3-4 CuCiPOP tells you how many messages were downloaded by default. :) If that log says 10 messages were pulled, then HE DID download 10 messages. If that number syncs up with what exim says it delivered to his mailbox well then somebody's lying or is an idiot. Cucipop is a drop in replacement for qpopper. That's the path I took. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Mass install / Autoinstall (Was: Re: Debian vs Red Hat??? I need info.)
At 09:55 PM 5/17/00 -0700, Karl M. Hegbloom wrote: > copy everything from the master drive to the copy, then run the > appropriate Lilo command to make that copy bootable. You can then > mount it in another machine and it's ready to go. You have to filter > some things out when you copy. See below. You can't do that, I've tried it before. Lilo can't be installed on any secondary disk. Don't ask me why because I don't know. There's a HOWTO about it. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Transfer data between two comps without network
At 04:36 PM 5/18/00 +0500, Vlad Harchev wrote: > I think you can install NIC into machine with data (call it machine A), place >another machine with large hdd with NIC in it near the source machine A (call >it machine B), connect them using crosswired UTP, download data to machine B, A laptop would be ideal for that. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: where to find web browser statistics information?
At 09:59 AM 5/19/00 +1000, Craig Sanders wrote: >i don't know what your laws are like in russia, but here in australia >you can get hit with a discrimination lawsuit(*) if you don't support Yeah, I've heard some scary things out of Australia lately. It's like they're moving toward socialism/communism and away from true democracy. It's good to support the disabled, but it can get ludicrous real fast. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Mass install / Autoinstall (Was: Re: Debian vs Red Hat??? I need info.)
If kickstart is a red hat package, you can install it on debian using alien. Then you can use red hat's kickstart to install debian. :) At 01:55 PM 5/18/00 -0400, Jeremy Hansen wrote: >Most of the answers I've been getting on this subject seem like total >hacks, which may work but really are tricks to doing this. I was really >looking for something within debian that's built to do "kickstart" type >installations. > >Although what you suggest may work, it leave little flexibility between >machines and also takes a lot more work then I was hoping to do. Only for the initial setup. Once your base install is made, a few scripts written, it can become 100% automatic. It's just not 100% automatic out of the box. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Transfer data between two comps without network
At 12:48 PM 5/18/00 +0200, Dariush Pietrzak wrote: >That was the original scheme, but bosses hmmm, after some consultations >said that we should transfer data on cd-roms with armed guardian. >so now we've got problems, and deadlines haven't changed >although we had no idea of those security issues to be resolved. Then your bosses are idiots who don't know what they're talking about. A cdrom is far less secure than an encrypted transmission buecause that cd is going to stay around *forever* unless burned. And it wouldn't be to hard to pilfer one of those cd's. You can encrypt the transmission sufficiently that it would take centuries to decrypt, even with projected increases in computer power. PGP can go up to I believe 4096 bits, and you can encrypt it an infinite number of times depending on how paranoid you are. What's more, direct fiber links can't be eavesdropped on because there are no EM emissions. Exactly how far apart are these two machines? +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Debian vs Red Hat??? I need info.
It's not too hard to find pine*.deb. Use Fast FTP Search. At 09:54 AM 5/19/00 +0800, Sanjeev \"Ghane\" Gupta wrote: >Because Univ of Washington doesn't allow modified tarballs to be >distributed, and you have to modify the tarball's paths to be Debian >compliant. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: where to find web browser statistics information?
At 05:25 PM 5/19/00 +1000, Craig Sanders wrote: >to yanks, socialism is an evil, dirty word - roughly equivalent >to satanism. but we understand why you're like that...you've been >brainwashed with anti-socialist bullshit since you were small children. Hahah, Satanism, that was a good one. :) But I still prefer individualism to socialism. >the rest of the world knows it isn't anywhere near so bad. the rest of >the world knows that democracy and socialism are not opposites, they are >orthogonal - you can have a socialist democracy (like those in northern Whoa, orthoganol. :) >while america pretends otherwise, the rest of the world knows that >freedom is a lot more than just the freedom to choose between working >for minimum wage and starving. Hmm, we have alots of good jobs. If a company is trying to hire somebody for min wage, good luck! Labor is so tight now even hamburger flippers make 6 bucks an hour. >before you bother replying, go do some research on the subject matter. >i'll just ignore anything which reeks of typical american ignorance. Research... I didn't pull this out of thin air you know. I was watching a program about Australia and it was describing some of their "programs" and I generally found it to be disturbing. Before that I kind of thought of Australia as a semi-idyllic place. Unlike here. This country is utterly screwed up and ass-backwards. And people wonder why the Roman Empire fell... +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
au vs. us
**(If anyone *really* must reply to this, snip debian-isp)** Craig sent me a quite funny diatribe. Seems he thinks I'm a "stupid American". At 10:07 PM 5/23/00 +0200, Russell Coker wrote: >ROFL. I did research, I watched a TV show! Could you indict America any >further? Despite the generally vapid nature of American TV, there are good informative shows to watch if you know where to look. >As for Australia being a semi-idyllic place, no place is. I have decided not That's why I said semi. >to live permanently in Australia again because I get the impression that >smart people aren't wanted (unless they are earning lots of money and can be >taxed at a rate of 50% to pay for social security for dole bludgers who are >too lazy to work). Thank you. >As for the Roman Empire. I believe that we are coming to a time of change. >I think that a number of currently first-world countries will fall in the >next few decades. Large parts of America will go down, but I think that some >states will evolve into seperate countries which remain in first-world >conditions. I don't know, the US is on an economic tear right now with no stopping it in sight. Civilazations fall when the quality of their citizenry declines. That is currently happening here. That happened to Rome, it fell. To barbarians. So, who is it that topples the American Empire? :) +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: where to find web browser statistics information?
At 12:35 PM 5/23/00 +, Sergey A. Ribalchenko wrote: >> Hahah, Satanism, that was a good one. :) But I still prefer individualism >> to socialism.^^ >m.b. you missed, did you mean onanism? Ok, I don't really know what you mean? +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: PPP dial-up server w/
Each tty has an options file. The server side and client side ips are assigned in there. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Mass install / Autoinstall (
At 11:17 AM 5/23/00 +0200, I. Forbes wrote: >Question: Is'nt there a deb package with scripts for creating boot >disks? I feel I should not be reinventing the wheel. There is, but I can't remember the name. :) +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: Followup: Logging a POP3 session
Changing mail clients won't make a difference. Just tell him what you found, that everything went out that came in. Then tell him to look to the sender, because there's a five nine probability that she's screwing up and nuking messages. At 05:02 PM 5/25/00 +1000, Daniel Quinlan wrote: >after a week he's claimed another two messages have disappeared. I >checked the >logs and sure enough the two messages have been delivered to his >mailbox. >tallied the stats from qpopper and he has downloaded every message that >has been >delivered to his mailbox. > +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: au vs. us
At 10:57 PM 5/25/00 +0200, Russell Coker wrote: >On Wed, 24 May 2000, Chris Wagner wrote: >>**(If anyone *really* must reply to this, snip debian-isp)** ^^^ I guess you didn't see this part? :) +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: where to find web browser statistics information?
At 05:42 AM 5/24/00 +, Sergey A. Ribalchenko wrote: >> >> Hahah, Satanism, that was a good one. :) But I still prefer individualism >> >> to socialism.^^ >> >m.b. you missed, did you mean onanism? >> Ok, I don't really know what you mean? >Onanism is yet another ..ism, also known as masturbation :-\ Um, yeah I knew that, but what does that have to do with anything? Is this some kind of inside joke that 3 people in the whole world get? +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: broken postfix, help me
Hi. Sorry to jump in this thread late. But it looks like your upstream fried your DNS entries. I'ld strongly recommend you update your InterNIC records to point to DNS servers that *you* control, not anyone else. Because as you just found out, when DNS screwups occur, they take a lot of stuff with them, and not having direct control over those boxes is a monumental headache. Try restoring old .conf and zone files and do ndc reload. Good luck. :) PS: You aren't getting any mail at centinet.com because it doesn't have an MX or A record!!! HEADER: opcode = QUERY, id = 30244, rcode = NAME_ERR header flags: reply, want recursion, recursion avail. questions = 1, answers = 0, auth. records = 1, additional = 0 QUESTIONS: centinet.com., type = MX, class = 1 AUTHORITY RECORDS: -> COM. type = SOA, class = 1, ttl = 10743, dlen = 62 nameserver = A.ROOT-SERVERS.NET. mailaddress = hostmaster.internic.NET. serial = 252701, refresh = 1800, retry = 900, expire = 604800, minimum = 86400. *** complete *** HEADER: opcode = QUERY, id = 45658, rcode = NAME_ERR header flags: reply, want recursion, recursion avail. questions = 1, answers = 0, auth. records = 1, additional = 0 QUESTIONS: centinet.com., type = A, class = 1 AUTHORITY RECORDS: -> COM. type = SOA, class = 1, ttl = 10662, dlen = 62 nameserver = A.ROOT-SERVERS.NET. mailaddress = hostmaster.internic.NET. serial = 252701, refresh = 1800, retry = 900, expire = 604800, minimum = 86400. *** complete *** HEADER: opcode = QUERY, id = 3468, rcode = NAME_ERR header flags: reply, want recursion, recursion avail. questions = 1, answers = 0, auth. records = 1, additional = 0 QUESTIONS: bonifacio.centinet.com., type = A, class = 1 AUTHORITY RECORDS: -> COM. type = SOA, class = 1, ttl = 10676, dlen = 62 nameserver = A.ROOT-SERVERS.NET. mailaddress = hostmaster.internic.NET. serial = 252701, refresh = 1800, retry = 900, expire = 604800, minimum = 86400. *** complete *** One other thing, your forward and reverse DNS don't agree. Looking up your IP gives this: Official Name: BONIFACIO IP Address: 203.176.36.5 This will cause paranoid sites to reject connections to you. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: whois *server*?
At 08:32 PM 5/28/00 -0500, Security wrote: >The finger gateway script came in the cgi scripts with Debian. I just >changed finger to whois. seems to work well. I think what he wants is a server that does what InterNIC does. Answer whois type database queries issued from the whois program. I don't have a clue where he would get something like that. It might be something custom they made. Might want to check out Berkeley. That program is *old* and most net stuff originated with Berkeley, so I'ld say go to the source. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
tcp connection
Hola. What is the official name of the type of connection that the common network protocols use? It lives somewhere above the tcp layer and below the app layer but is so obscure that I can't find it. e.g. Telnet, ftp, http, etc. all establish an x type connection and then transmit their data. It has to do with what means what to each side of the connection... I've only seen this I think one time ever. Know what I'm talking about? +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: tcp connection
At 10:48 PM 6/16/00 -0500, Sanjeev Gupta wrote: >Sockets? Butyou would definitely have seen this more than a couple of >times. No, not sockets, sockets are way down on the stack. This is the protocol that says what the octets mean and do. It's the common thread among all the high level protocols and is directly below them in the stack. But I can't think of the darn name. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: tcp connection
At 12:24 AM 6/17/00 -0500, Kain wrote: >What I think you're thinking of is just IP. You probably haven't been seeing Definately not IP, IP just gets your packets there and back. >Now, if you actually mean "what octets mean and do", those are actually defined higher than TCP, and are laid out in the specs for those respective protocols. What I meant by that was what "octets mean and do" in terms of establishing and maintaining the connection. Like, what octets are exchanged that tell each machine, "yes the connection is established". That protocol has a name. >Telnet Protocol: RFC 854/855 >FTP: RFC 959 >TFTP: RFC 1350 >POP3: RFC 1939 >HTTP/1.1: RFC 2068 Right, those are the high level protocols. But they all establish the same type of connection. Maybe if I explained how this came about. I was explaining to a friend how you can telnet to any network service and use that service. Like, you can telnet to a web server on port 80, manually type the get commands and get the document. I said that this was because they all use the same connection type. But I don't know what the name of that connection type is. Maybe it's just a "TCP connection", does what I'm talking about have an RFC? There's no way I'm reading through all 2500 RFC's. :) >At 11:14 AM 6/18/00 +1200, [EMAIL PROTECTED] wrote: >>LCP? Link control protocol I think that has to do with PPP. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: tcp connection
At 12:50 AM 6/19/00 +0200, Russell Coker wrote: >It is called TCP - Transmission Control Protocol. RFC793. I'm starting to conclude that it's just called a "tcp connection". But I'm still reading through the RFC... It was written in 1983 and for whatever reason it seems to use the term socket and port interchangeably. Seems like they had different meanings than they do now. I guess it's just coincidence that the common high level protocols all use the same NVT settings. Otherwise, telneting to a web server would fail. Maybe its the NVT settings that are the highest common thread here, does that standard have a name I wonder. >If you have doc-rfc package installed: >file:/usr/doc/doc-rfc/rfc793.txt.gz Don't got that, but I found faqs.org. >Anyone who calls the protocol "Transport Control Protocol" is stupid and >should be ignored. Instruct such people to read the documents and learn. I've never heard anybody call it that. >PS There's no need to read 2500 RFC. A zgrep of the indexes will usually >allow you to find what you want rapidly. I was being facetious. :) +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++
Re: tcp connection
At 02:25 PM 6/20/00 +0200, Russell Coker wrote: >They don't use NVT. The TELNET protocol is not running on (for example) a >web server. Yeah but the NVT settings have to be negotiated for each side to talk to each other. If I telnet to an Apache webserver on port 80, my telnet is going to negotiate NVT with whatever's on the other end. Both sides have to agree to establish the connection. Therefore, either Apache or something below Apache in the stack has to know about NVT. Otherwise Apache would tell me to go take a flying leap if I tried to telnet to it. What is my telnet client negotiating with in this case??? +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++ 0100
Re: pop3 server,
I'ld recommend Cucipop due to it's security record. That's what I use. Just don't look at the source code. :) At 10:03 PM 6/26/00 +0200, Dariush Pietrzak wrote: >Hello, >which packaged with debian pop3d would you people recommend? > which one do you use? +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++ 0100
Re: IDE or SCSI ??
Ok, ok, I'm late as hell but I had to reply. :) You don't need SCSI unless you're doing something fancy or insane. Giving Apache more RAM is *vastly* better than giving it SCSI. The RAM lets you cache everything so the hard disk becomes not very important for I/O. Max out your motherboard's RAM capacity. At 10:18 AM 6/13/00 +0200, Roger Abrahamsson wrote: >On Tue, 13 Jun 2000, [ Francho ] wrote: > >> I have mount a new Internet Server whith (apache, mysql, bind and qmail). It will be about 300 domains allocated (each domain will recibed about 300 visits/day). >> >> What hardware do you recommend ??? >> >> Thanks in advance. >> -- >> <<< [EMAIL PROTECTED] >> --- >> > >SCSI!! I/O is your main concern.. Then lots of memory.. CPU comes only as >the third factor. > > >- >Roger Abrahamsson, Senior Sys/Net Admin >Obbit AB >Radhusespl.17D, S-90328 Umea, Sweden >Phone: (+46)(0)90 133310Fax:(+46)(0)90 133370 >- > > >-- >To UNSUBSCRIBE, email to [EMAIL PROTECTED] >with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++ 0100
Re: List managers
At 10:47 AM 7/5/00 +0200, Javier Castillo wrote: > which list manager do you recommend me?, easy to admin, fast, and of >course, gnu :)) Who says you can only use GNU software? Don't limit yourself to GNU, use any software that has a "free" license you find acceptable. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++ 0100
Re: commercial offerings anyone
At 08:45 PM 7/5/00 -0400, Allen Ahoffman wrote: >1. Terminal server for connecting one box to many serial devices such as > routers, switches, other terminal servers for serial connectivity >when network is down. The Comtrol Rocketport board is very nice. You can put up to 128 serial ports in one box. I believe it supports 460kbps across all ports simultaneously. The only limitation is your bus. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++ 0100
Re: apache question
Sounds like the 2nd NIC isn't fully turned on. Is everything the way it should be in ifconfig? Have you tried binding any other daemons to the 2nd NIC? I also think you'll need ip based vhosts in Apache to make it listen to a 2nd NIC. The second NIC should be on a different subnet, otherwise hacks are required. Can you ping the 2nd NIC (locally and remotely), contact anything on the other side, etc. Your box has to know how to correctly route traffic back across the 2nd NIC. At 04:27 PM 7/6/00 GMT, [EMAIL PROTECTED] wrote: >now i added a 2nd NIC to my server and when i point my browser to that 2nd IP >add, i get an error. +---+ |-=I T ' S P R I N C I P L E T H A T C O U N T S=- | |=- -=ALAN KEYES FOR PRESIDENT=- -=| | Balanced Budgets Personal Freedoms Morality Lower Tax | |=-- http://www.Keyes2000.com. --=| ++ 0100
